Jump to content

Cheater's fake payment went through E-Gold/CC.


Guest dudestore

Recommended Posts

Guest dudestore

Recently, I got a customer (cheater) went through the whole payment system (CubeCart & E-Gold). The CC order system marked the order as processing and able to download an item.

Since the EG file don't have the MD5 HASH, I believe this is a must to prevent further fraud payment(s) in future. https://www.e-gold.com/acct/md5check.html

Link to comment
Share on other sites

  • 8 months later...

Guest dudestore

Damn- got another cheater again. This time able to get through without paying. Two orders (total over $100) went through somehow and status changed to processing. Supposedly paid through PayPal and Alertpay but I actually didn't get paid.

Link to comment
Share on other sites

  • 2 months later...
Guest realwarrior

How do we add the MD5 Hash? Which file/s we suppose to go for?

Anyone know how to add them?

Noone answer?

But at least let me know where the egold script located?

Link to comment
Share on other sites

Guest realwarrior

How do we add the MD5 Hash? Which file/s we suppose to go for?

Anyone know how to add them?

Noone answer?

But at least let me know where the egold script located?

Is it neccessary of it ws fixed in latest vers?

Link to comment
Share on other sites

  • 2 weeks later...
Guest realwarrior

I found where the egols script located, but anyone can tell where should we place the md5 hash check??

<?php

/*

+--------------------------------------------------------------------------

|   CubeCart v3.0.15

|   ========================================

|   by Alistair Brookbanks

|	CubeCart is a Trade Mark of Devellion Limited

|   Copyright Devellion Limited 2005 - 2006. All rights reserved.

|   Devellion Limited,

|   22 Thomas Heskin Court,

|   Station Road,

|   Bishops Stortford,

|   HERTFORDSHIRE.

|   CM23 3EE

|   UNITED KINGDOM

|   http://www.devellion.com

|	UK Private Limited Company No. 5323904

|   ========================================

|   Web: http://www.cubecart.com

|   Date: Thursday, 4th January 2007

|   Email: sales (at) cubecart (dot) com

|	License Type: CubeCart is NOT Open Source Software and Limitations Apply 

|   Licence Info: http://www.cubecart.com/site/faq/license.php

+--------------------------------------------------------------------------

|	transfer.php

|   ========================================

|	Core functions for the eGOLD Gateway	

+--------------------------------------------------------------------------

*/

/*

//////////////////////////

// EGOLD GATEWAY

//////////////////////////

// L@@K AT ALL THE LOVELY 

// VARIABLES WE HAVE TO

// PLAY WITH!!

//////



//////////////////////////

// IN THE REPEATED REGION

//////

$orderInv['productId']						- product id as an integer

$orderInv['name']							- product name as a varchar

$orderInv['price']							- price of each product (inc options)

$orderInv['quantity']						- quantity of products as an integer

$orderInv['product_options']				- products attributes as test

$orderInv['productCode']					- product code as a varchar

$i											- This is the current incremented integer starting at 0



/////////////////////////

// FIXED VARS

///////

$cart_order_id							- cart order id as a varchar

$ccUserData[0]['email']						- Customers email address

$ccUserData[0]['title']						- Customers title (Mr Miss etc...)

$ccUserData[0]['firstName']					- Customers first name

$ccUserData[0]['lastName']					- Customers last name 

$ccUserData[0]['add_1']						- Invoice Address line 1

$ccUserData[0]['add_2']						- Invoice Address line 1

$ccUserData[0]['town']						- Invoice Town or city

$ccUserData[0]['county']					- Invoice County or state

$ccUserData[0]['postcode']					- Invoice Post/Zip Code

$ccUserData[0]['country']					- Invoice country Id we can look up the country name like this

										countryName($ccUserData[0]['country']);

$ccUserData[0]['phone']						- Contact phone no

$ccUserData[0]['mobile']					- Mobile/Cell phone number



$basket['delInf']['title']				- Delivery title (Mr Miss etc...)

$basket['delInf']['firstName']			- Delivery customers first name

$basket['delInf']['lastName']			- Delivery customers last name 

$basket['delInf']['add_1']				- Delivery Address line 1

$basket['delInf']['add_2']				- Delivery Address line 1

$basket['delInf']['town']				- Delivery Town or city

$basket['delInf']['county']				- Delivery County or state

$basket['delInf']['postcode']			- Delivery Post/Zip Code

$basket['delInf']['country']			- Delivery  country Id we can look up the country name like this	

									countryName($basket['delInf']['country']);





$basket['subTotal'] 					- Order Subtotal (exTax and Shipping)

$basket['grandTotal']					- Basket total which has to be paid (inc Tax and Shipping).

$basket['tax']							- Total tax to pay

$basket['shipCost']						- Shipping price

////////////////////////////////////////////////////////

*/



$module = fetchDbConfig("eGold");



function repeatVars(){



		return FALSE;

	

}



function fixedVars(){

	

	global $module, $basket, $ccUserData, $cart_order_id, $config, $GLOBALS;

	

	

		if($config['defaultCurrency']=="USD"){ $currencyNo = 1; }

		elseif($config['defaultCurrency']=="CAD"){ $currencyNo = 2; }

		elseif($config['defaultCurrency']=="CHF"){ $currencyNo = 41; }

		elseif($config['defaultCurrency']=="GBP"){ $currencyNo = 44; }

		elseif($config['defaultCurrency']=="DEM"){ $currencyNo = 49; }

		elseif($config['defaultCurrency']=="AUD"){ $currencyNo = 61; }

		elseif($config['defaultCurrency']=="JPY"){ $currencyNo = 81; }

		elseif($config['defaultCurrency']=="EUR"){ $currencyNo = 85; }

	

	$hiddenVars = 	"<input type='hidden' name='PAYEE_ACCOUNT' value='".$module['acNo']."'>

					<input type='hidden' name='PAYEE_NAME' value='".$config['masterName']."'>

					<input type='hidden' name='PAYMENT_AMOUNT' value='".$basket['grandTotal']."'>

					<input type='hidden' name='PAYMENT_UNITS' value='".$currencyNo."'>

					<input type='hidden' name='PAYMENT_METAL_ID' value='0'>

					<input type='hidden' name='PAYMENT_URL' value='".$GLOBALS['storeURL']."/confirmed.php?act=conf&amp;oid=".base64_encode($cart_order_id)."'>

					<input type='hidden' name='NOPAYMENT_URL' value='".$GLOBALS['storeURL']."/confirmed.php?act=conf&amp;f=1&amp;oid=".base64_encode($cart_order_id)."'>

					<input type='hidden' name='BAGGAGE_FIELDS' value='ORDER_NUM CUST_NUM'>

					<input type='hidden' name='ORDER_NUM' value='".$cart_order_id."'>

					<input type='hidden' name='CUST_NUM' value='".$ccUserData[0]['customer_id']."'>

					

					<input type='hidden' name='PAYMENT_METHOD' value='e-gold account'>";

				

			return $hiddenVars;

	

}



function success(){

	global $basket;

	

	if( (base64_decode($_GET['oid']) == $basket['cart_order_id']) && !isset($_GET['f']) ) {

	

		return TRUE;

	

	} else {

	

		return FALSE;

	

	}



}



///////////////////////////

// Other Vars

////////

$formAction = "https://www.e-gold.com/sci_asp/payments.asp";

$formMethod = "post";

$formTarget = "_self";

$transfer = "auto";

$stateUpdate = TRUE;

?>

Link to comment
Share on other sites

I don't know what MD5 hash is and I've never used E-Gold, but why don't you just disable the part that auto changes the status to "Processed" when a "payment" is made? That will allow you to review each order and make sure it's been paid before you change it to Processed and send the customer the link.

I did a post a long time ago about changing this in the paypal gateway and it probably works the same way, so you can see that topic here http://www.cubecart.com/site/forums/index....c=23829&hl=

Looking at the code you posted, it might just be:

$stateUpdate = TRUE;

change to

$stateUpdate = FALSE;

but as I'm not familiar with E-Gold, I'm not sure if this is something they are using or if its the state change in CC. You can always try if my first suggestion doesn't work.

Link to comment
Share on other sites

Guest realwarrior

I don't know what MD5 hash is and I've never used E-Gold, but why don't you just disable the part that auto changes the status to "Processed" when a "payment" is made? That will allow you to review each order and make sure it's been paid before you change it to Processed and send the customer the link.

I did a post a long time ago about changing this in the paypal gateway and it probably works the same way, so you can see that topic here http://www.cubecart.com/site/forums/index....c=23829&hl=

Looking at the code you posted, it might just be:

$stateUpdate = TRUE;

change to

$stateUpdate = FALSE;

but as I'm not familiar with E-Gold, I'm not sure if this is something they are using or if its the state change in CC. You can always try if my first suggestion doesn't work.

Thanks Mysty!

But by that way the products will not be delivered instantly, right?

What if I still want the products to be download instantly after payment? <_<

Link to comment
Share on other sites

Sorry, but I don't think you can have both.

Personally, I always manually review my orders but I don't do downloads, so not sure how that works, but if it sends the download link as soon as the order goes to "processing", than once you check to make sure the payment was received and change it manually to processing, the link would be sent. Just not instantly after payment.

Unless someone knows another way, you can either risk cheats and let it send instantly or review it for payment and send the link after review. Depends on how much profit you want to lose versus the work of checking an order. Personally, I would do the later <_<

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...