Guest dudestore Posted May 7, 2006 Share Posted May 7, 2006 Recently, I got a customer (cheater) went through the whole payment system (CubeCart & E-Gold). The CC order system marked the order as processing and able to download an item. Since the EG file don't have the MD5 HASH, I believe this is a must to prevent further fraud payment(s) in future. https://www.e-gold.com/acct/md5check.html Quote Link to comment Share on other sites More sharing options...
Guest dudestore Posted February 6, 2007 Share Posted February 6, 2007 Damn- got another cheater again. This time able to get through without paying. Two orders (total over $100) went through somehow and status changed to processing. Supposedly paid through PayPal and Alertpay but I actually didn't get paid. Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 9, 2007 Share Posted April 9, 2007 How do we add the MD5 Hash? Which file/s we suppose to go for? Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 11, 2007 Share Posted April 11, 2007 How do we add the MD5 Hash? Which file/s we suppose to go for? Anyone know how to add them? Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 11, 2007 Share Posted April 11, 2007 How do we add the MD5 Hash? Which file/s we suppose to go for? Anyone know how to add them? Noone answer? But at least let me know where the egold script located? Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 12, 2007 Share Posted April 12, 2007 How do we add the MD5 Hash? Which file/s we suppose to go for? Anyone know how to add them? Noone answer? But at least let me know where the egold script located? Is it neccessary of it ws fixed in latest vers? Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 21, 2007 Share Posted April 21, 2007 I found where the egols script located, but anyone can tell where should we place the md5 hash check?? <?php /* +-------------------------------------------------------------------------- | CubeCart v3.0.15 | ======================================== | by Alistair Brookbanks | CubeCart is a Trade Mark of Devellion Limited | Copyright Devellion Limited 2005 - 2006. All rights reserved. | Devellion Limited, | 22 Thomas Heskin Court, | Station Road, | Bishops Stortford, | HERTFORDSHIRE. | CM23 3EE | UNITED KINGDOM | http://www.devellion.com | UK Private Limited Company No. 5323904 | ======================================== | Web: http://www.cubecart.com | Date: Thursday, 4th January 2007 | Email: sales (at) cubecart (dot) com | License Type: CubeCart is NOT Open Source Software and Limitations Apply | Licence Info: http://www.cubecart.com/site/faq/license.php +-------------------------------------------------------------------------- | transfer.php | ======================================== | Core functions for the eGOLD Gateway +-------------------------------------------------------------------------- */ /* ////////////////////////// // EGOLD GATEWAY ////////////////////////// // L@@K AT ALL THE LOVELY // VARIABLES WE HAVE TO // PLAY WITH!! ////// ////////////////////////// // IN THE REPEATED REGION ////// $orderInv['productId'] - product id as an integer $orderInv['name'] - product name as a varchar $orderInv['price'] - price of each product (inc options) $orderInv['quantity'] - quantity of products as an integer $orderInv['product_options'] - products attributes as test $orderInv['productCode'] - product code as a varchar $i - This is the current incremented integer starting at 0 ///////////////////////// // FIXED VARS /////// $cart_order_id - cart order id as a varchar $ccUserData[0]['email'] - Customers email address $ccUserData[0]['title'] - Customers title (Mr Miss etc...) $ccUserData[0]['firstName'] - Customers first name $ccUserData[0]['lastName'] - Customers last name $ccUserData[0]['add_1'] - Invoice Address line 1 $ccUserData[0]['add_2'] - Invoice Address line 1 $ccUserData[0]['town'] - Invoice Town or city $ccUserData[0]['county'] - Invoice County or state $ccUserData[0]['postcode'] - Invoice Post/Zip Code $ccUserData[0]['country'] - Invoice country Id we can look up the country name like this countryName($ccUserData[0]['country']); $ccUserData[0]['phone'] - Contact phone no $ccUserData[0]['mobile'] - Mobile/Cell phone number $basket['delInf']['title'] - Delivery title (Mr Miss etc...) $basket['delInf']['firstName'] - Delivery customers first name $basket['delInf']['lastName'] - Delivery customers last name $basket['delInf']['add_1'] - Delivery Address line 1 $basket['delInf']['add_2'] - Delivery Address line 1 $basket['delInf']['town'] - Delivery Town or city $basket['delInf']['county'] - Delivery County or state $basket['delInf']['postcode'] - Delivery Post/Zip Code $basket['delInf']['country'] - Delivery country Id we can look up the country name like this countryName($basket['delInf']['country']); $basket['subTotal'] - Order Subtotal (exTax and Shipping) $basket['grandTotal'] - Basket total which has to be paid (inc Tax and Shipping). $basket['tax'] - Total tax to pay $basket['shipCost'] - Shipping price //////////////////////////////////////////////////////// */ $module = fetchDbConfig("eGold"); function repeatVars(){ return FALSE; } function fixedVars(){ global $module, $basket, $ccUserData, $cart_order_id, $config, $GLOBALS; if($config['defaultCurrency']=="USD"){ $currencyNo = 1; } elseif($config['defaultCurrency']=="CAD"){ $currencyNo = 2; } elseif($config['defaultCurrency']=="CHF"){ $currencyNo = 41; } elseif($config['defaultCurrency']=="GBP"){ $currencyNo = 44; } elseif($config['defaultCurrency']=="DEM"){ $currencyNo = 49; } elseif($config['defaultCurrency']=="AUD"){ $currencyNo = 61; } elseif($config['defaultCurrency']=="JPY"){ $currencyNo = 81; } elseif($config['defaultCurrency']=="EUR"){ $currencyNo = 85; } $hiddenVars = "<input type='hidden' name='PAYEE_ACCOUNT' value='".$module['acNo']."'> <input type='hidden' name='PAYEE_NAME' value='".$config['masterName']."'> <input type='hidden' name='PAYMENT_AMOUNT' value='".$basket['grandTotal']."'> <input type='hidden' name='PAYMENT_UNITS' value='".$currencyNo."'> <input type='hidden' name='PAYMENT_METAL_ID' value='0'> <input type='hidden' name='PAYMENT_URL' value='".$GLOBALS['storeURL']."/confirmed.php?act=conf&oid=".base64_encode($cart_order_id)."'> <input type='hidden' name='NOPAYMENT_URL' value='".$GLOBALS['storeURL']."/confirmed.php?act=conf&f=1&oid=".base64_encode($cart_order_id)."'> <input type='hidden' name='BAGGAGE_FIELDS' value='ORDER_NUM CUST_NUM'> <input type='hidden' name='ORDER_NUM' value='".$cart_order_id."'> <input type='hidden' name='CUST_NUM' value='".$ccUserData[0]['customer_id']."'> <input type='hidden' name='PAYMENT_METHOD' value='e-gold account'>"; return $hiddenVars; } function success(){ global $basket; if( (base64_decode($_GET['oid']) == $basket['cart_order_id']) && !isset($_GET['f']) ) { return TRUE; } else { return FALSE; } } /////////////////////////// // Other Vars //////// $formAction = "https://www.e-gold.com/sci_asp/payments.asp"; $formMethod = "post"; $formTarget = "_self"; $transfer = "auto"; $stateUpdate = TRUE; ?> Quote Link to comment Share on other sites More sharing options...
Guest dudestore Posted April 22, 2007 Share Posted April 22, 2007 Wow totally forgot about it. Since no one is talking (I guess no one use e-gold), I will take a look at it again today. Quote Link to comment Share on other sites More sharing options...
Guest laimisf Posted April 22, 2007 Share Posted April 22, 2007 pm your store address. Just curious. I've had the samne problem too Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 23, 2007 Share Posted April 23, 2007 No answer from developer too... I affraid my store will have the same problem too. ;) Quote Link to comment Share on other sites More sharing options...
Guest Posted April 24, 2007 Share Posted April 24, 2007 I don't know what MD5 hash is and I've never used E-Gold, but why don't you just disable the part that auto changes the status to "Processed" when a "payment" is made? That will allow you to review each order and make sure it's been paid before you change it to Processed and send the customer the link. I did a post a long time ago about changing this in the paypal gateway and it probably works the same way, so you can see that topic here http://www.cubecart.com/site/forums/index....c=23829&hl= Looking at the code you posted, it might just be: $stateUpdate = TRUE; change to $stateUpdate = FALSE; but as I'm not familiar with E-Gold, I'm not sure if this is something they are using or if its the state change in CC. You can always try if my first suggestion doesn't work. Quote Link to comment Share on other sites More sharing options...
Guest realwarrior Posted April 25, 2007 Share Posted April 25, 2007 I don't know what MD5 hash is and I've never used E-Gold, but why don't you just disable the part that auto changes the status to "Processed" when a "payment" is made? That will allow you to review each order and make sure it's been paid before you change it to Processed and send the customer the link. I did a post a long time ago about changing this in the paypal gateway and it probably works the same way, so you can see that topic here http://www.cubecart.com/site/forums/index....c=23829&hl= Looking at the code you posted, it might just be: $stateUpdate = TRUE; change to $stateUpdate = FALSE; but as I'm not familiar with E-Gold, I'm not sure if this is something they are using or if its the state change in CC. You can always try if my first suggestion doesn't work. Thanks Mysty! But by that way the products will not be delivered instantly, right? What if I still want the products to be download instantly after payment? <_< Quote Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2007 Share Posted April 25, 2007 Sorry, but I don't think you can have both. Personally, I always manually review my orders but I don't do downloads, so not sure how that works, but if it sends the download link as soon as the order goes to "processing", than once you check to make sure the payment was received and change it manually to processing, the link would be sent. Just not instantly after payment. Unless someone knows another way, you can either risk cheats and let it send instantly or review it for payment and send the link after review. Depends on how much profit you want to lose versus the work of checking an order. Personally, I would do the later <_< Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.