4

I am successfully redirecting to ccavenue payment gateway but on clicking the cancel button it is showing the error "Security Error. Illegal access detected" in the redirect url page.

This is my redirecturl page:

<?php include('Aes.php');include('adler32.php')?>
<?php
 $workingKey='myWorkingKey';        //Working Key should be provided here.
 $encResponse=$_POST["encResponse"];    //This is the response sent by the CCAvenue Server


$rcvdString=decrypt($encResponse,$workingKey);      
$AuthDesc="";
$MerchantId="";
$OrderId="";
$Amount=0;
$Checksum=0;
$veriChecksum=false;

$decryptValues=explode('&', $rcvdString);
$dataSize=sizeof($decryptValues);

echo "<center>";


for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
    if($i==0)   $MerchantId=$information[1];    
    if($i==1)   $OrderId=$information[1];
    if($i==2)   $Amount=$information[1];    
    if($i==3)   $AuthDesc=$information[1];
    if($i==4)   $Checksum=$information[1];  
}

$rcvdString=$MerchantId.'|'.$OrderId.'|'.$Amount.'|'.$AuthDesc.'|'.$workingKey;
$veriChecksum=verifyChecksum(genchecksum($rcvdString), $Checksum);

if($veriChecksum==TRUE && $AuthDesc==="Y")
{
    echo "<br>Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";

}
else if($veriChecksum==TRUE && $AuthDesc==="B")
{
    echo "<br>Thank you for shopping with us.We will keep you posted regarding the status of your order through e-mail";


}
else if($veriChecksum==TRUE && $AuthDesc==="N")
{
    echo "<br>Thank you for shopping with us.However,the transaction has been declined.";

}
else
{
    echo "<br>Security Error. Illegal access detected";

}


echo "<br><br>";

echo "<table cellspacing=4 cellpadding=4>";
for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
        echo '<tr><td>'.$information[0].'</td><td>'.$information[1].'</td></tr>';
}

echo "</table><br>";
echo "</center>";
?>

I googled about the issue but was not able to get any solution. How to solve this error..Please give some suggestions regarding the same?

Peace
  • 616
  • 2
  • 8
  • 24
  • I haven't used this specific gateway but from your code I don't see any effort to distinguish between a canceled order and a spoofed response. Other gateways (eg paypal) redirect to a different page on canceled orders. Maybe you need to check the gateway configuration or you could try to `var_dump($veriChecksum);` and `var_dump($AuthDesc);` to see their values – Dimitris Filippou May 10 '19 at 13:05
  • thanks for the suggestion. using var_dump($veriChecksum); - its giving bool(false) and using var_dump($AuthDesc); - string(0) – Peace May 10 '19 at 13:14
  • So your code is doing what it's supposed to do. Check the gateways documentation for canceled payments. – Dimitris Filippou May 10 '19 at 13:19
  • The checksum verification seems to fail completely here, so you need to go figure out why. Start by checking whether the data your different variables contain here makes sense, step by step. – 04FS May 13 '19 at 13:02
  • I don't know how the checksum verification is failing..successfully taking me to the ccavenue payment page but on redirecting its throwing that error..all i have to change is the workingKey in the redirecturl page, and that is pretty correct. – Peace May 13 '19 at 13:09

2 Answers2

3

I found from the documentation (might be outdated but i couldn't find an updated one) that you need to pass a paramater called cancel_url which CCAvenue will redirect the customer to this URL if the customer cancels the transaction on the billing page.

So in the page that you create the payment you need to add to your form something like this

<input type="hidden" id="cancel_url" name="cancel_url" value="the_url_where_you_will_proccess_canceled_orders">

You must already have something similar with redirect_url

Dimitris Filippou
  • 809
  • 6
  • 12
1

There is nothing wrong with your code. You need to maintain separate page for cancel order, in which you need not to use CC avenue response code. Since, user didn't complete the payment you wont receive any response parameter from ccavenue. So, their is no need to $verifyCheckSum and $AuthDesc variables. They just cancelled their order willingly. So, just need to show them a msg "Your order has been cancelled", in your website.

Sugan Krishna
  • 413
  • 4
  • 11
  • I am using PHP - CCAvenue Payment kit, successfully received amount but response page return 404 error, could pls help me. Code :https://paiza.io/projects/SUiG5qp_wttfcrQn-0Mwew?language=php FYI -> [index.htm -> LineNo : 781 & 782] – Gem May 22 '19 at 05:29
  • @Gem You mean, you are getting same error **Security Error. Illegal access detected** ? – Sugan Krishna May 22 '19 at 05:49