Fixing Wp-e-commerce for iDEAL Payments

Last Friday a friend approached me with a problem he was having. He was trying to setup a small webshop in a existing Wordpress site. For the webshop he was using a plug-in called wp-e-commerce. He chose this plug-in because it is one of few that supports iDEAL payments. Because this shop only serves Holland the only payment option they need is iDEAL.

The iDEAL plug-in seemed to function properly. But the bank portal didn’t respond as expected. The first error i spotted was the mis configured referrer. The error code for this was.

unknown order/0/r

This didn’t solve the problem though. The message change from the previous to

unknown order/1/s

So i spend the next hours reading the manual he got from his bank. And came to the conclusion they do it just a bit different then for what this plug-in was written. The bank expects a hash to be send along each order made. This hash is build up from parts of the order and a secret string. This combined is hashed with the SHA-1 algorithm And added to the form as a hidden field. I wrote a small function to create hash and changed a few other small things in the order form.

The original form looks like this:

var Amount = <?php echo $amount; ?>;
var PSPID = "<?php echo get_option('ideal_id');?>";
var AM;
if (isNaN(Amount)) {
  alert("Amount not a number: " + Amount + " !");
  AM = "";
} else {
  AM = Math.round(parseFloat(Amount)*100);
}
<form method='post' action='<?php echo $submiturl;?>' id='ideal_form' name='ideal_form'>
<script type="text/javascript">
document.write("<input type=\"hidden\" NAME=\"PSPID\" value=\"" + PSPID + "\" />");
document.write("<input type=\"hidden\" NAME=\"amount\" value=\"" + AM + "\" />");
</script>
<INPUT TYPE="hidden" NAME="SHASign" VALUE="4FF8C2FB03B0AA45EA5DE9503AEACB6B603DCFCC">
<input type="hidden" NAME="orderID" value="<?php echo $purchase_log[0]['id'];?>" />
<input type="hidden" name="currency" value="<?php echo get_option('ideal_currency');?>" />
<input type="hidden" name="language" value="<?php echo get_option('ideal_language');?>" />
<input type="hidden" name="accepturl" value="<?php echo get_option('product_list_url');?>">
<input type="hidden" name="cancelurl" value="<?php echo get_option('shopping_cart_url');?>">
<!--customer information starts-->
<input type="hidden" name="CN" value="<?=$name;?>">
<input type="hidden" name="EMAIL" value="<?=$email;?>">
<input type="hidden" name="ownerZIP" value="<?=$postcode;?>">
<input type="hidden" name="owneraddress" value="<?=$address;?>">
<input type="hidden" name="ownercty" value="<?=$country;?>">
<input type="hidden" name="ownertown" value="<?=$city;?>">
<input type="hidden" name="ownertelno" value="<?=$phone;?>">
<!--customer information ends-->
<input type="hidden" name="PM" value="iDEAL" />

I didn’t really understand why some values were written by JavaScript. So i removed the JavaScript lines and added the fields to the form. And after adding the hash function statement it looks like this.

<form method='post' action='<?php echo $submiturl;?>' id='ideal_form' name='ideal_form'>

<input type="hidden" NAME="PSPID" value="<?php echo get_option('ideal_id');?>" />
<input type="hidden" NAME="orderID" value="<?php echo $purchase_log[0]['id'];?>" />
<input type="hidden" NAME="amount" value="<?php echo ($amount*100); ?>" />
<input type="hidden" name="currency" value="<?php echo get_option('ideal_currency');?>" />
<input type="hidden" name="language" value="<?php echo get_option('ideal_language');?>" />
<input type="hidden" name="accepturl" value="<?php echo get_option('product_list_url');?>">
<input type="hidden" name="cancelurl" value="<?php echo get_option('shopping_cart_url');?>">
<!--customer information starts-->
<input type="hidden" name="CN" value="<?=$name;?>">
<input type="hidden" name="EMAIL" value="<?=$email;?>">
<input type="hidden" name="ownerZIP" value="<?=$postcode;?>">
<input type="hidden" name="owneraddress" value="<?=$address;?>">
<input type="hidden" name="ownercty" value="<?=$country;?>">
<input type="hidden" name="ownertown" value="<?=$city;?>">
<input type="hidden" name="ownertelno" value="<?=$phone;?>">
<!--customer information ends-->
<input type="hidden" name="PM" value="iDEAL" />
echo createSHA1Hash(array(
  $purchase_log[0]['id'],
  ($amount*100),
  get_option('ideal_currency'),
  get_option('ideal_id'),
  '[SHA1-IN-HASH]'
));

The function i can be placed anywhere in the page. Or a include file. Here’s the code. The only thing that has to be done is replace [SHA1-IN-HASH] with the Hash configured in the bank’s ideal admin.

 
function createSHA1Hash($hashOptions) {
  $str = implode('', $hashOptions);

  return '<input name="SHASign" type="hidden" value="' . sha1($str) . '" />';
}

While doing some searches i noticed there are more people having issues with this plug-in. So maybe this will save somebody a bit of time.

comments powered by Disqus