1

I am attempting to integrate the final checkout on my website with the Secure Hosting (UPG) payment gateway. Everything works fine except my attempt to benefit from the Advanced Secuitems Security System, as per their Technical Integration Guide (see pages 17-9).

The following is the PHP code given to generate the unique hash:

$secuStringFields = "shreference=SH20XXXX&secuitems=".$secuitems."&secuphrase=yourphrase&transactionamount=".$transactionamount;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "https://www.secure-server-hosting.com/secutran/create_secustring.php");
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $secuStringFields);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_REFERER, "http://www.yourdomain.com/basket.php");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
$secuString = trim(curl_exec ($ch));
if($secuString == "") $secuString='Call to create_secustring Failed';
curl_close ($ch);

The following was suggested here as its equivalent using Classic ASP, which is the language I'm coding this in (I know... legacy system!):

Set objXMLHttp = CreateObject("Microsoft.XMLHTTP")
objXmlHttp.open "POST", "https://www.secure-server-hosting.com/secutran/create_secustring.php", False
objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXmlHttp.setRequestHeader "REFERER", "http://www.yourdomain.com/basket.asp"
objXmlHttp.send "shreference=SH20XXXX&secuitems="&secuitems&"secuphrase=yourphrase&transactionamount="&transactionamount
secuString = objXmlHttp.responseText

The problem is that I keep getting the Referral Check Failed error message which, according to page 19 of the above Technical Guide, means that "[t]he referrer of the request does not match the URL configured within the client control panel". I've ensured that the two (referrer sent and the one set in the panel) are identical.

I've also tried setting the RequestHeader string to X-Alt-Referer, as per this answer, but to no avail.

When contacting the UPG support team, they helpfully informed me that "[w]e’re (sic) not received a referrer when you call our system" and that "we cannot assist with the development of your code as we are not ASP developers and cannot provide an adequate enough answer for you".

Well, at least I know the issue is that they're not receiving the referrer url. So, the question is: does anyone know why and how I can resolve this? Or is there a better way of achieving the same?

Many thanks and apologies (in advance) if I've missed the obvious.

Community
  • 1
  • 1
Appulus
  • 18,630
  • 11
  • 38
  • 46

1 Answers1

1

It's possible that UPG's Request Header check is case-sensitive, in which case I'd change

objXmlHttp.setRequestHeader "REFERER", "http://www.yourdomain.com/basket.asp"

to

objXmlHttp.setRequestHeader "Referer", "http://www.yourdomain.com/basket.asp"

This is the format I've used in my setup and it's working and validating correctly.

There also appears to be a problem with the following line

objXmlHttp.send "shreference=SH20XXXX&secuitems="&secuitems&"secuphrase=yourphrase&transactionamount="&transactionamount

There should be an ampersand (&) inside the quotes before "secuphrase=yourphrase"

shakyjake
  • 357
  • 4
  • 10