[HOT] Paypal Improved - Encrypting Form data

Quote

Post by david.gilbert » Sat Aug 23, 2008 4:12 pm

It has been an issue for some time that the PayPal form data is quite visible on the checkout_confirm page. It makes it possible for someone to copy the form information into a local html file and change the price then submit the form from their computer and complete the payment for less than the actual price and open cart would show it as a completed order (big thanks to luvs2drv for the heads up!!). To solve this potential issue, I have made a version of PayPal Improved that gives you the option to encrypt this information so that when a visitor clicks view source it changes the standard code from this:

Code: Select all

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" enctype="multipart/form-data">
    <div class="a"><input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="business" value="you@yourdomain" />
<input type="hidden" name="item_name" value="Your store" />
<input type="hidden" name="currency_code" value="AUD" />

<input type="hidden" name="amount" value="0.00" />
<input type="hidden" name="first_name" value="Customer" />
<input type="hidden" name="last_name" value="Name" />
<input type="hidden" name="address1" value="Address1" />
<input type="hidden" name="address2" value="" />
<input type="hidden" name="city" value="City" />
<input type="hidden" name="zip" value="Postcode" />
<input type="hidden" name="country" value="Country" />
<input type="hidden" name="address_override" value="0" />
<input type="hidden" name="notify_url" value="http://www.yourdomain.com/index.php?controller=checkout_process&action=callback&payment=paypal" />
<input type="hidden" name="email" value="customer_email" />
<input type="hidden" name="invoice" value="00000064" />
<input type="hidden" name="lc" value="en" />
<input type="hidden" name="return" value="http://www.yourdomain.com/index.php?controller=checkout_process" />
<input type="hidden" name="rm" value="2" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="cancel_return" value="http://www.your domain.com/checkout-payment.html" />

<input type="hidden" name="paymentaction" value="authorization" />
to

Code: Select all

<script language="JavaScript">document.write(paypal_dec("PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iY21kIiB2YWx1ZT0iX3hjbGljayIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYnVza!lc3MiIHZhbHVlPSJ3Z!keUB3Z!keXNvcmlna!hbHMuY29tIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJpdGVtX25hbWUiIHZhbHVlPSJXZ!keSdzIE9yaWdpbmFscyIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iY3VycmVuY3lfY29kZSIgdmFsdWU9IkFVRCIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYW1vd!0IiB2YWx1ZT0iNi4wMCIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZmlyc3RfbmFtZSIgdmFsdWU9IkRhdmlkIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJsYXN0X25hbWUiIHZhbHVlPSJHaWxiZXJ0IiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhZGRyZXNzMSIgdmFsdWU9IjEzIFBldGVycyBUZXJyYWNlIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhZGRyZXNzMiIgdmFsdWU9IiIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iY2l0eSIgdmFsdWU9IkFkZWxhaWRlIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ6aXAiIHZhbHVlPSI1MjEwIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJjb3VudHJ5IiB2YWx1ZT0iQXVzdHJhbGlhIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhZGRyZXNzX292ZXJyaWRlIiB2YWx1ZT0iMCIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ibm90aWZ5X3VybCIgdmFsdWU9Imh0dHA6Ly93d3cud2VuZHlzb3JpZ2luYWxzLmNvbS9pbmRleC5waHA/Y29udHJvbGxlcj1jaGVja291dF9wcm9jZXNzJmFjdGlvbj1jYWxsYmFjayZwYXltZ!0PXBheXBhbCIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZW1haWwiIHZhbHVlPSJkYXZpZEBkYXZpZG1naWxiZXJ0LmNvbSIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ia!2b2ljZSIgdmFsdWU9IjAwMDAwMDcxIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJsYyIgdmFsdWU9ImVuIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJyZXR1cm4iIHZhbHVlPSJodHRwOi8vd3d3LndlbmR5c29yaWdpbmFscy5jb20va!kZXgucGhwP2NvbnRyb2xsZXI9Y2hlY2tvdXRfcHJvY2VzcyIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icm0iIHZhbHVlPSIyIiAvPgo8a!wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJub19ub3RlIiB2YWx1ZT0iMSIgLz4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iY2FuY2VsX3JldHVybiIgdmFsdWU9Imh0dHA6Ly93d3cud2VuZHlzb3JpZ2luYWxzLmNvbS9jaGVja291dC1wYXltZ!0Lmh0bWwiIC8+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBheW1lbnRhY3Rpb24iIHZhbHVlPSJhdXRob3JpemF0aW9uIiAvPgo="));</script>
You can Download the attachment from this post.

Regards,

Dave

Attachments

PayPal_Improved with encryption.zip Downloaded 368 times

Download - 11.89 KiB

Last edited by david.gilbert on Sun Aug 24, 2008 5:23 am, edited 1 time in total.

Professional Website Services - http://www.davidmgilbert.com/

david.gilbert
Active Member
Posts
159
Joined
Sun Jan 06, 2008 5:02 pm
Location - Mount Compass, South Australia
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by david.gilbert » Sat Aug 23, 2008 7:09 pm

Just a quick note:

If you want payment to be instant rather than need manual authorization from the stores paypal account delete the following line (line #143):

Code: Select all

$ouput .= '<input type="hidden" name="paymentaction" value="authorization" />' . "\n";
-Dave

Professional Website Services - http://www.davidmgilbert.com/

david.gilbert
Active Member
Posts
159
Joined
Sun Jan 06, 2008 5:02 pm
Location - Mount Compass, South Australia
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by lance » Tue Nov 25, 2008 5:31 am

David,

Within the included readme.txt instructions, under manual modifications required:, it states to add an order status called Payment Unconfirmed. If the fix at: http://forum.opencart.com/index.php/top ... ml#msg5100 has already been applied and payment is set to instant is this Payment Unconfirmed entry needed?
lance
Newbie
Posts
5
Joined
Sun Nov 23, 2008 1:26 pm
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by Qphoria » Tue Nov 25, 2008 5:40 am

one is "Paid Unconfirmed" one is "Payment Unconfirmed" you might need both unless it was a typo

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by lance » Tue Nov 25, 2008 5:49 am

Qphoria,

You lost me there. Here are the instructions. I have highlighted what I am referring to:

Introduction
============
This is the installation package for the PayPal (improved) payment extension for OpenCart 0.7.7.

This has been modified from the original ( author, Daniel Kerr ) so that we do not rely on the external PayPal IPN
to reach us to "process" the order. Instead, we process the order and set the status to a "Payment Unconfirmed" status.
If the PayPal IPN does arrive, then the order status is changed to a "Payment Confirmed" status and the order history is
modified to show this action. The customer is not notified by email of this change in their order as there is no need.

If you have any issues with the installation or running of this payment extension
then please post a message on http://forum.opencart.com


New files
=========

You can simply drag the admin and catalog folders into the top folder of your web store. The files contained within the supplied folders are replacements for files of the same name from the original paypal payment extension.

However, for completeness and for those who would prefer to deploy each file individually, the files are listed below.

admin\controller\payment_paypal.php
admin\language\english\controller\payment_paypal.php
admin\template\default\content\payment_paypal.tpl

catalog\extension\payment\paypal.php

If you have other templates for admin or are using additional languages, then you will need to modify your language files appropriately for this to work.


Manual Modifications required:
==============================
If you have not already applied the fix described on the OpenCart forum at
http://forum.opencart.com/index.php/top ... ml#msg5100
then do so. Otherwise you cannot edit Order Status values and you need to add one.

Add an order status called "Payment Unconfirmed" without the quotes.


Add the Payment Extension via your store Admin
==============================================

Note that you would only have to do this if you have uninstalled the existing paypal
payment extension. You could change the data on the General tab anyway.

General Tab
-----------
Extension Name: PayPal (improved)
Description:    PayPal Payment Gateway with "improved" workflow

Data Tab
--------
Code:      paypal
Directory:  payment
Filename:  paypal.php
Controller: payment_paypal

Click Save and then go to Admin->Configuration->Users->User Group and
-  edit the admin user
-  carefully, Hold down the CTRL key and click on the payment_aim entry in both the Access: and Modify: lists.

Click Save and return to the payment extensions list to click on the Plus to install.

Add the values required by clicking the spanner icon.
In particular, I recommend setting Payment Unconfirmed as the "Unconfirmed" order status and Pending (or whatever is the default order status for your store) as the "Confirmed" order status.

Finally
=======
Good Luck!
lance
Newbie
Posts
5
Joined
Sun Nov 23, 2008 1:26 pm
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by Qphoria » Tue Nov 25, 2008 6:01 am

If you are just now downloading OpenCart for the first time I'd just recommend you get the latest 0.7.9 version and you won't need to worry about any of this.

Otherwise, you need to first apply the fix and then create a new order status called "Payment Unconfirmed". But this looks like it is for paypal improved which uses a status called "Paid Unconfirmed".

Better off just getting the latest version.

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by lance » Tue Nov 25, 2008 6:14 am

Well, unfortunately I am running a heavily modified version 0.7.7 of opencart and when I have tried in the past to upgrade to any later version, the item quantity when added to cart gets emptied. I have even attempted to manually upgrade the database, set a value of 1 in the min qty field etc to no avail.

So as far as I know, it appears I am stuck on 0.7.7?
lance
Newbie
Posts
5
Joined
Sun Nov 23, 2008 1:26 pm
Top

Re: [HOT] Paypal Improved - Encrypting Form data

Quote

Post by Qphoria » Tue Nov 25, 2008 7:02 am

that was a bug you posted a month ago and was fixed immediately. try rc4

otherwise do the other steps that I mentioned

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top
Locked
Return to “Contributions”
Who is online

Users browsing this forum: No registered users and 1 guest