HMAC help

leaodonorteleaodonorte Member
in Help edited November 11
Hi, my first post, trying to enable hmac for my shop.

I have included this onto my site:
<?php
require_once('foxycart.cart_validation.php');
ob_start();
?>
<?php
$output = ob_get_contents();
ob_end_clean();
echo FoxyCart_Helper::fc_hash_html($output);
?>
of course i have uploaded the php file as well

Then i have created a sample product, and included this code on my page:
<form action="https://fx.foxycart.com/cart" method="post" accept-charset="utf-8">
<input type="hidden" name="name" value="Litecoin" />
<input type="hidden" name="price" value="190.00" />
<input type="hidden" name="code" value="venda_ltc" />
<input type="submit" value="Comprar" class="submit" />
</form>
3º I have enabled it on control panel

4º i get this error:


Cart Validation Error: name_hash_present
Cart Validation Error: price_hash_present
Cart Validation Error: code_hash_present

5º tried a diferent code
<form action="https://fx.foxycart.com/cart" method="post" accept-charset="utf-8">
<input type="hidden" name="<?php echo get_verification('name', 'Litecoin', 'venda_ltc'); ?>" value="Litecoin" />
<input type="hidden" name="<?php echo get_verification('code', 'venda_ltc', 'venda_ltc'); ?>" value="venda_ltc" />
<input type="hidden" name="<?php echo get_verification('price', '199.99', 'venda_ltc'); ?>" value="199.99" />
<input type="submit" value="Comprar" class="submit" />
</form>

6º get another error

In this case, the button does not send any info to the cart. (The cart remains empty)

What have i done that is not correct?
Tagged:
Comments
  • leaodonorteleaodonorte Member
    edited November 11
    Hope everyone can understand!
  • fc_adamfc_adam FoxyCart Team
    @leaodonorte,

    Sorry to hear you're having trouble with the add to cart validation set up. Looking at your store settings, I can see you have the validation setting enabled. Reviewing your error logs for the store, I see you ran into a few different errors here too.

    The error in the format of Cart Validation Error: name_hash_present occurs when the validation feature is enabled, but a parameter (in this case the name parameter) is missing it's hash. This generally means that the server-side script isn't working correctly.

    An error like Cart Validation Error: code_present refers to the code parameter missing from the add to cart. As the hashing relies on that code parameter being set, you'll need to ensure all links/forms have one set.

    The last experience you noted - where the add to cart didn't do anything - this can happen if you have an add to cart correctly signed, but the add to cart validation feature isn't enabled in the administration. Is there any chance that may have happened while you were seeing that?

    Trying out one of the add to carts on your page currently - it's running into the expires error, which I've noted in your other thread too - that should hopefully be a quick fix for you though and you'll be up and running!
  • fc_adamfc_adam FoxyCart Team
    @leaodonorte,

    Quick follow-up on my previous post - I just noticed on your page that the PHP code is being included in the source, which would mean that your page isn't actually a PHP page, but more likely just a HTML page. To run PHP code on the page, you'll need to ensure that it is specifically a PHP page, with a .php filetype, and that your web hosting can run PHP.
  • Iam using joomla, not sure if the page is just html (but iam no expert), i can do almost anything on it, includiing php using extentions like sourcerer was never an issue, iam stuck on this, and this is the only thing that is mising for us to open the shop.
  • Can i host the php file at amazon s3? and call it remotely?
  • Hi, tried to manually using encoding html on sample code, almost worked out, but i have an issue now because my price is fullfilled by a script (to get exchange rates from openexchangerates.org, and because of that i get an error only on price field, is there a solution for this problem?

    <a href="https://fx.foxycart.com/cart?name=100 Ripple&price=0&code=CP100XRP&expires=10" class="button button-small button-2" data-foxycartcomprexrp='10.00'>Comprar</a>

    Thanks

    But i get a price error.
  • fc_adamfc_adam FoxyCart Team
    @leaodonorte,

    Thanks for clarifying your set up. It should indeed be possible to get it set up with Joomla, but we're not too familiar with that system ourselves. I just did a bit of searching, and it appears that you could build a small plugin to support our full-page signing for Joomla, specifically using their onContentPrepare event trigger. Using that you'd pass the page content to the signing script before returning it in the function to be displayed.

    That said, as you're wanting to be able to dynamically update the price using javascript - that will make things a little harder. By signing the add to cart, it prevents anyone from changing the values - which includes even you, at least without re-signing the link/form.

    There are a few options you could take.

    Firstly - you could turn off link/form validation for your store, so you can leave the links/form as unsigned. We wouldn't recommend this approach, particularly for the types of products you're selling.

    The second approach would be to fetch the price from the exchange service on page load in server-side code when the page is being loaded using events like I noted above. The downside of this approach is that the price will be static then for as long as the customer has that page open, which probably isn't desirable.

    The third approach, and what I'd recommend for you is to create a server-side script that acts as the middle-man between your website and the openexchagerates.org API. Your website would send off a request to that script, which in turn would send a request off to the exchange rates API. On receiving back the rate, you would sign the price and return the signed value back to your website. On your website, the javascript could then update your add to cart with the new price.

    If it's easier - you could also sign the whole add to cart link on that endpoint as well. To keep things secure though - it's important to note that you would not want to send the values you wanted to have signed to your endpoint. If you took that approach, anyone could then pass values to it and get back a signed copy to use. Instead, you'd just want to pass the type of add to cart you want to have signed, and use that to dictate what values to use on your server-side script, before returning the signed add to cart.

    For example, using the link you pasted above, you could just send the code of CP100XRP to the signing endpoint, and then on the server-side endpoint it would already know the rest of the necessary values, and send off a request to get the exchange rate for that product.

    I hope that helps!
  • Thanks, Adam!

    Could Foxycart develope this solutions for me? How much it would cost me?

    "The third approach, and what I'd recommend for you is to create a server-side script that acts as the middle-man between your website and the openexchagerates.org API. Your website would send off a request to that script, which in turn would send a request off to the exchange rates API. On receiving back the rate, you would sign the price and return the signed value back to your website. On your website, the javascript could then update your add to cart with the new price."

    Thank you


    Romero Lins
  • Another question, if i move from joomla to worpress and using those the same aproache (price updated by script) your hmac plugin for wp would work for me?
  • fc_adamfc_adam FoxyCart Team
    @leaodonorte,

    At this stage we don't provide any custom development services - I believe we sent you some of our recommended developers recently, any of those would be able to help you out with that set up.
    Another question, if i move from joomla to worpress and using those the same aproache (price updated by script) your hmac plugin for wp would work for me?
    If you moved to using WordPress, you could make use of the FoxyShop plugin to assist with integrating FoxyCart into your site. It would still require some custom development though to build out the approach I detailed though.
  • Hi Adam, can you give me more names? Only one from the list replied my email, and can't help me if i need to stick with joomla, he can help me if i move to WP.

  • fc_adamfc_adam FoxyCart Team
    @leaodonorte,

    Sorry to hear that. I'm not sure if any of our recommended developers will be too familiar with Joomla specifically - but I'll include our full list in a whisper for your reference.
Sign In or Register to comment.