It seems no one really used 2checkout module before - it was in completely broken state. Took me the whole night to get into and fix all major problems.
I wanted to spend this documenting how to setup 2CO with OpenCart, but alas, I had to spend it fixing it...
List of fixes:
- Our order ID is "cart_order_id", not "order_number".
- In demo mode "order_number" is set to 1 for hash calculation, but is passed as usual. Ugh.
- MD5 value should be uppercased before comparison.
- We should check that requested sum and actual sum returned are equal to prevent cheating. I just set order status to Denied, but should probably act more. E.g. send e-mail to admin and show error to user.
- redirect() can't be used because of the way 2CO works, as described in comments to the code.
- If hash check fails - display at least some information about the error. We should probably create special "failed" or "error" page to which we can redirect user.
- Return address is set to callback instead of main page.
- Return address enforced to point to our callback with "x_receipt_link_url" parameter. So no need to set "approved" link in your 2CO admin interface. Kinda more plug'n'play.
- Skip order review on 2CO site with "skip_landing" parameter. Should me made configurable, but I'm out of steam now... may be later.
- Start "c_prod" numbering from 1, as recommended by 2CO.
- If country is not US or Canada, we send XX as State to select "Outside US and Canada" in State drop down.
04 Jun 2010