HMAC Validation

atom_443atom_443 Member
in Help edited June 2016
Been working on this for a long long time and need a break and some help if possible. I'm sure this is just lack of experience, but here it is:

I'm using the helper function to validate this block of 4 products:

input type="hidden" name="<?php echo get_verification('name', '1Month', '1month1pair');?>" value="1Month" />
input type="hidden" name="<?php echo get_verification('price', '13', '1month1pair');?>" value="13"/>
input type="hidden" name="<?php echo get_verification('code', '1month1pair', '1month1pair');?>" value="1month1pair"/>
input type="hidden" name="<?php echo get_verification('quantity', '--OPEN--', '1month1pair');?>" value="" class="1month_qty"/>
input type="hidden" name="<?php echo get_verification('sub_frequency', '1m', '1month1pair');?>" value="1m"/>

input type="hidden" name="<?php echo get_verification('2:name', '2Month', '1month2pairs');?>" value="2Month" />
input type="hidden" name="<?php echo get_verification('2:price', '25', '1month2pairs');?>" value="25"/>
input type="hidden" name="<?php echo get_verification('2:code', '1month2pairs', '1month2pairs');?>" value="1month2pairs"/>
input type="hidden" name="<?php echo get_verification('2:quantity', '--OPEN--', '1month2pairs');?>" value="" class="2month_qty"/>
input type="hidden" name="<?php echo get_verification('2:sub_frequency', '1m', '1month2pairs');?>" value="1m"/>

input type="hidden" name="<?php echo get_verification('3:name', '1Year', '1year1pair');?>" value="1Year" />
input type="hidden" name="<?php echo get_verification('3:price', '143', '1year1pair');?>" value="143"/>
input type="hidden" name="<?php echo get_verification('3:code', '1year1pair', '1year1pair');?>" value="1year1pair"/>
input type="hidden" name="<?php echo get_verification('3:quantity', '--OPEN--', '1year1pair');?>" value="" class="1year_qty"/>
input type="hidden" name="<?php echo get_verification('3:sub_frequency', '1y', '1year1pair');?>" value="1y"/>

input type="hidden" name="<?php echo get_verification('4:name', '2Year', '1year2pairs');?>" value="2Year" />
input type="hidden" name="<?php echo get_verification('4:price', '275', '1year2pairs');?>" value="275"/>
input type="hidden" name="<?php echo get_verification('4:code', '1year2pairs', '1year2pairs');?>" value="1year2pairs"/>
input type="hidden" name="<?php echo get_verification('4:quantity', '--OPEN--', '1year2pairs');?>" value="" class="2year_qty"/>
input type="hidden" name="<?php echo get_verification('4:sub_frequency', '1y', '1year2pairs');?>" value="1y"/>
-----------
and the following relevant code in the body of my form:

input type="radio" class="rdo pairs-rdo" name="Pairs" id="PairsOne" value="One" disabled="disabled" />
input type="radio" class="rdo pairs-rdo" name="Pairs" id="PairsTwo" value="Two" disabled="disabled" />

input type="radio" class="rdo pay-rdo" name="Pay" id="PayMonth" value="Monthly" disabled="disabled" />
input type="radio" class="rdo pay-rdo" name="Pay" id="PayYear" value="Yearly" disabled="disabled" />
-----------
with the following relevant JQuery to modify the quantity values:

$(".pay-rdo").on("click", function() {

numb = $("input[name=Pairs]:checked").val();
freq = $("input[name=Pay]:checked").val();

if (numb == "One" && freq == "Monthly") {
$(".1month_qty").val("1"),
$(".2month_qty").val("0"),
$(".1year_qty").val("0"),
$(".2year_qty").val("0")
}
if (numb == "Two" && freq == "Monthly) {
..... and so forth
}
});
The JQuery works fine to modify the different product quantities. My admin is configured to allow for HMAC validation. When i submit items to the cart i get a whole shwack of Cart Validation Errors. It leads me to believe a couple different things are wrong here but I'm not sure what they are. Is the fact that my form uses inputs to modify the hidden hashed inputs going to be an issue? Should I use buttons instead? Can / should I be using the full HTML hash script with my current set up? Am I right out to lunch here?

Sorry for the terribly long post.
Comments
  • fc_adamfc_adam FoxyCart Team
    @atom_443 - you're on the right track. One issue I can see is related to how you're encrpyting the field names - you don't need to include the numbers that are prepended for adding multiple products like 2:. That would be included outside of the encryption.

    That said though - there is a much simpler way you could approach this within one form by using product option modifiers. I'll show you the unencrypted version of the form:
    <input type="hidden" name="name" value="Subscription" />
    <input type="hidden" name="price" value="13" />
    <input type="hidden" name="code" value="1month1pair" />
    <input type="hidden" name="quantity" value="1" />
    <select name="sub_frequency">
    <option value="1m">Monthly (1 pair)</option>
    <option value="1m{p:25|c:1month2pair}">Monthly (2 pair)</option>
    <option value="1m{p:143|c:1year1pairs}">Yearly (1 pair)</option>
    <option value="1m{p:275|c:1year2pairs}">Yearly (2 pair)</option>
    </select>
    The customer will then simply be able to select from the dropdown the number of pairs and frequency, and it will set the code and price along with the frequency.

    You can see details on product option modifiers at the bottom of the page on http://wiki.foxycart.com/static/redirect/add_to_cart
  • Adam, thanks for your reply.

    I followed your instructions and moved the leading numbers outside of the validation. I also changed the input radio fields to buttons and rewrote the jQuery to check for a "selected" class instead. Everything is working great except for 1 thing. I need to have one input field and a textarea within the form for the user to add required details. When I add to cart the system displays a Cart Validation Error for these fields not having HMAC. Is it possible to bypass the validation for these two fields with the validation method I'm using?
  • fc_adamfc_adam FoxyCart Team
    @atom_443,

    Great to hear you're making progress!

    For any fields that the customer will enter custom information for, you need to encrypt it as an open field, just like you have for the quantity text input.
Sign In or Register to comment.