HMAC help

dabpcdabpc Member
I am using HMAC Product Verification on my form for a product with options (automatically signing the entire HTML page with the FoxyCart Cart Validation php script).

Unencrypted the form looks good & all options can be added to the cart sucessfully:

<form action='https://mystore.foxycart.com/cart' method='post' accept-charset='utf-8'>
<input type='hidden' name='name' value='Exped Clearsight Dry Bag' />
<input type='hidden' name='price' value='' />
<input type='hidden' name='code' value='X2010129XX' />
<input type='hidden' name='image' value='/demo/site/assets/files/1592/exped-clearsight-new-drybag.200x0.jpg' />
<input type='hidden' name='category' value='Mail Pack' />
<select name='Option'>
<option value=''>[*** Select Option ***]</option>
<option value='XSmall Orange 3l{p:7.5416|c:X2010129-or}'>XSmall Orange 3l</option>
<option value='Small Yellow 5l{p:8.125|c:X2010129-yel}'>Small Yellow 5l</option>
<option value='Medium Red 8l{p:9.0416|c:X2010129-red}'>Medium Red</option>
</select>
<p><input type='submit' value='Add to Shopping Basket'></p>
</form>


Note the options all successfully give a new price & stock code.

Using HMAC Product Verification I get an issue with every product that just affects the first option: an extra " ' " is added "breaking" just the first option.

The cart error is "Cart Validation Error: Option" clearly caused by the extra ' that is added.

The output is:

<form action='https://mystore.foxycart.com/cart' method='post' accept-charset='utf-8'>
<input type='hidden' name='name||8e480d0402b8038a75e081d21c28398a2417ecf40914bde7755678f341fe17ee' value='Exped Clearsight Dry Bag' />
<input type='hidden' name='price||4e28684e14e59897e2405bd8e27b2a2d309cc31bbf7cf016688e95a8969fb399||open' value='' />
<input type='hidden' name='code||2ac7130dc7ddc4a6bb01b417091b037e9b2c65afc0527c1a2e8a6f5a1ee04bfc' value='X2010129XX' />
<input type='hidden' name='image||bab7bbd264ad1a2ab81e9bc0f4d5333efc12accbd74af82afb225fe9732b40d5' value='/demo/site/assets/files/1592/exped-clearsight-new-drybag.200x0.jpg' />
<input type='hidden' name='category||eaeb8a99aeff0753d349249ada49f94d6140d6069d33911c694648271b7da621' value='Mail Pack' />
<select name='Option'>
<option value=''>[*** Select Option ***]</option>
<option value=||5966781184d4ce60a0abd2a2496eebcb45403e625de843ecff8c0a63bd112b21'XSmall Orange 3l{p:7.5416|c:X2010129-or}'>XSmall Orange 3l</option>
<option value='Small Yellow 5l{p:8.125|c:X2010129-yel}||525376fc1378cd5efc2a590ba98483fb73248303ef845550fad254957ebac785'>Small Yellow 5l</option>
<option value='Medium Red 8l{p:9.0416|c:X2010129-red}||9de22b949ac844e5b42fc00c172b841970e4738f901cbb749d890cff4ab93066'>Medium Red 8l</option>
</select>
<p><input type='submit' value='Add to Shopping Basket'></p>
</form>


Note the extra ' , just after the "hash" & before the "Xsmall" text, but only affecting the first line (product option) for every product:

<option value=||5966781184d4ce60a0abd2a2496eebcb45403e625de843ecff8c0a63bd112b21'XSmall Orange 3l{p:7.5416|c:X2010129-or}'>XSmall Orange 3l</option>

Please can anyone point me in the right direction?

Many thanks.
Tagged:
Comments
  • dabpcdabpc Member
    For ref my raw php is:

    <select name='Option'>
    <option value=''>[*** Select Option ***]</option>";
    foreach($page->product_price_options as $item) {
    $content.="<option value='$item->option{p:$item->price|c:$item->sku}'>$item->option</option>";
    }
    $content.="
    </select>
  • fc_adamfc_adam FoxyCart Team
    @dabpc,

    Thanks for providing a detailed overview here. Could I confirm with you what code you're using to sign the page? I tried this out with the latest version of our PHP signing script from here, and a form like you're trying signed as expected for me.

    If you are using that same script, but not the latest version, could you try switching to that and see if it corrects it please?

    As an aside - I see you're leaving the price input blank, I'm assuming because you're setting it with your options. That's resulting in the price input ending up as an "open" input. I'd recommend defaulting the price field to a default amount (perhaps the most expensive option), just so it's signed as a default value. The product modifiers will still alter the price as you're expecting them to as well.
  • dabpcdabpc Member
    edited June 26
    Thanks for the speedy reply.

    I've used the latest version (2.0.0.20171024).

    I've set the main input prince input as 0 & it resolves the "open" input result, but the issue still remains.

    I hadn't noticed the hash as prepended for the first option (rather than appended). I'l try tweaking my php & will report back.
  • dabpcdabpc Member
    Ah - I found it:
    <option value=''>[*** Select Option ***]</option>
    Was causing the issue. I've deleted it for now. Is there a work around this?
    Many thanks.
  • fc_adamfc_adam FoxyCart Team
    @dabpc,

    Thanks for confirming your version. For what it's worth, for the price, I'd suggest setting it to one of the prices you're setting it to through the variation, rather than to $0 - but that's up to you.

    For the blank value option - I signed the exact same form you pasted above with my test store, including that blank option, and everything worked as expected, so there may be something specific to your page.

    Perhaps it'd be worth confirming that there isn't any syntax errors in your form/page that could be impacting things there? Depending how you're viewing the raw HTML output - sometimes browsers can fix syntax errors to be a little forgiving, and so syntax errors aren't immediately apparent.
  • dabpcdabpc Member
    Many thanks for pointers/suggestions.
Sign In or Register to comment.