URGENT HELP REQUIRED: BARCLAYS EDPQ Intergration, Sha-1 STUCK HELP!

[farnhamit]

I have been setting up a site for a while now, Barclaycard have accepted me got into my back-office ... Not what Barclaycard described.

Also it is not a cart I am using it is just a website with a simple form and a pay now button.

I was under the impression I could use code snippets...

But they didn't explain I need to use Sha-1 and all that.

I am a bit of a newbie when it comes to secure browsers ect.

Some Guidance step's would be great.

Barclaycard have replied to my support ticket with this...

Quote:

As we understand you have received the error: “unknown order/1/s/”.
The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):

[tangoforce]

Well unless you're going to show code as to what you are doing there is nothing we can do to help.

All you have effectively done is come here, rant about how it doesn't work and then signed off. You've not told us anything useful that will allow anyone here to help.

[Redcoder]

Means that there is data you are supposed to send to their script but you are sending incorrect data, misspelled or wrong case. The SHA-1 is for data validation, to ensure that the data came from you so that they do not charge data to the wrong account or deposit to the wrong one.

You should find out the data that they use to calculate the SHA-1 hash and verify that you have it correct to the letter. Just a simple example- they may use a combination of the domain name + your unisque ID then hashing it.

The other, unlikely, your server may be victim to a man in the middle attack where data transmitted is changed then retransmitted.

Debug what's wrong and maybe call their customer care.

[farnhamit]

Quote:

As we understand you have received the error: “unknown order/1/s/”.
The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):

That was there answer to my error code,

Can you please explain the sha-1 function to me, I do alot of web design and coding but rarely with this, Most of my google results were garbage too...

Thanks!

[Redcoder]

SHA-1 is a cryptographic hash function. A hash cannot be reversed back to the original string or file. A hash != encryption.
If you want to find out about SHA-1 implementation, go to :

http://php.net/manual/en/function.sha1.php

http://www.w3schools.com/php/func_string_sha1.asp

What you need to make sure of is that the signature of your hidden form is correct and also how they calculate the SHA-1 hash on their end so that you can know what fields are wrong. Also follow their instructions and change accordingly --> "Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.".

And could you provide the link or the example mentioned below:

Code:

See below an example of an order where you got this error.

[farnhamit]

This is the whole thing.

Quote:

As we understand you have received the error: “unknown order/1/s/”.
The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):

ACCEPTURL=http://nhs-e111.org.uk/done.php+++HASHKEY+++AMOUNT=100+++HASHKEY+++BACKURL=http://nhs-e111.org.uk/+++HASHKEY+++BGCOLOR=#4e84c4+++HASHKEY+++BUTTONBGCOLOR=#00467F+++HASHKEY+++BUTTONTXTCOLOR=#FFFFFF+++ HASHKEY+++CANCELURL=http://nhs-e111.org.uk/+++HASHKEY+++CATALOGURL=http://nhs-e111.org.uk/+++HASHKEY+++COM=Three telephone cards+++HASHKEY+++COMPLUS=123XXXXXXXXXXX6789123456789+++HASHKEY+++CURRENCY=GBP+++HASHKEY+++DECLINEUR L=http://nhs-e111.org.uk/+++HASHKEY+++ECOM_BILLTO_POSTAL_NAME_FIRST=Bill+++HASHKEY+++ECOM_BILLTO_POSTAL_NAME_LAST=Smith+++HAS HKEY+++EXCEPTIONURL=http://nhs-e111.org.uk/+++HASHKEY+++FONTTYPE=Verdana+++HASHKEY+++HOMEURL=http://nhs-e111.org.uk/+++HASHKEY+++LANGUAGE=en_US+++HASHKEY+++ORDERID=1+++HASHKEY+++PARAMPLUS=SessionID=126548354&ShoperID =73541312+++HASHKEY+++PSPID=epdq89288938+++HASHKEY+++TBLBGCOLOR=#FFFFFF+++HASHKEY+++TBLTXTCOLOR=#000 000+++HASHKEY+++TITLE=Title of "my page"+++HASHKEY+++TXTCOLOR=#FFFFFF+++HASHKEY+++

Received SHA-1 string: ecKIPTndZE8FQwXkzojW4NBbr1g
Expected SHA-1 string: 7E5997CDAF92E885C7A1A7FA33BAB2ED0A007F58

[Redcoder]

For one, SHA-1 is a 160 bit hash so it is 40 characters long. ALL Sha-1 hashes ARE 40 CHARACTERS LONG. I don't know why the hash you send is 27 characters long. Maybe it is being truncated somewhere? Although if it were being just truncated, the first 27 characters of both would be similar.

Try to follow your original code to find out where a 27 characters long code is being sent. I do not know of any 108 bit(27 characters) hash code.

[tangoforce]

Quote:

Originally Posted by farnhamit

That was there answer to my error code,

Can you please explain the sha-1 function to me, I do alot of web design and coding but rarely with this, Most of my google results were garbage too...

Thanks!

That maybe so but you're still not showing any source code are you. Without that (as I previously suggested and you ignored) we still can't really help you.

If you want help, provide code. If you don't want to provide code then good luck fixing it

Providing their reply doesn't help us. We need to see your code to figure out what you're doing wrong.