DEVHIDE
Login Or Sign up

Security Error. Illegal access detected using ccavenue in php

4.4k Views Asked by At

I am successfully redirecting to ccavenue payment gateway but on clicking the cancel button it is showing the error "Security Error. Illegal access detected" in the redirect url page.

This is my redirecturl page:

<?php include('Aes.php');include('adler32.php')?>
<?php
 $workingKey='myWorkingKey';        //Working Key should be provided here.
 $encResponse=$_POST["encResponse"];    //This is the response sent by the CCAvenue Server


$rcvdString=decrypt($encResponse,$workingKey);      
$AuthDesc="";
$MerchantId="";
$OrderId="";
$Amount=0;
$Checksum=0;
$veriChecksum=false;

$decryptValues=explode('&', $rcvdString);
$dataSize=sizeof($decryptValues);

echo "<center>";


for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
    if($i==0)   $MerchantId=$information[1];    
    if($i==1)   $OrderId=$information[1];
    if($i==2)   $Amount=$information[1];    
    if($i==3)   $AuthDesc=$information[1];
    if($i==4)   $Checksum=$information[1];  
}

$rcvdString=$MerchantId.'|'.$OrderId.'|'.$Amount.'|'.$AuthDesc.'|'.$workingKey;
$veriChecksum=verifyChecksum(genchecksum($rcvdString), $Checksum);

if($veriChecksum==TRUE && $AuthDesc==="Y")
{
    echo "<br>Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";

}
else if($veriChecksum==TRUE && $AuthDesc==="B")
{
    echo "<br>Thank you for shopping with us.We will keep you posted regarding the status of your order through e-mail";


}
else if($veriChecksum==TRUE && $AuthDesc==="N")
{
    echo "<br>Thank you for shopping with us.However,the transaction has been declined.";

}
else
{
    echo "<br>Security Error. Illegal access detected";

}


echo "<br><br>";

echo "<table cellspacing=4 cellpadding=4>";
for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
        echo '<tr><td>'.$information[0].'</td><td>'.$information[1].'</td></tr>';
}

echo "</table><br>";
echo "</center>";
?>

I googled about the issue but was not able to get any solution. How to solve this error..Please give some suggestions regarding the same?

php aes payment-gateway ccavenue adler32
Original Q&A
2

There are 2 best solutions below

1
Dimitris Filippou On

I found from the documentation (might be outdated but i couldn't find an updated one) that you need to pass a paramater called cancel_url which CCAvenue will redirect the customer to this URL if the customer cancels the transaction on the billing page.

So in the page that you create the payment you need to add to your form something like this

<input type="hidden" id="cancel_url" name="cancel_url" value="the_url_where_you_will_proccess_canceled_orders">

You must already have something similar with redirect_url

2
Sugan Krishna On

There is nothing wrong with your code. You need to maintain separate page for cancel order, in which you need not to use CC avenue response code. Since, user didn't complete the payment you wont receive any response parameter from ccavenue. So, their is no need to $verifyCheckSum and $AuthDesc variables. They just cancelled their order willingly. So, just need to show them a msg "Your order has been cancelled", in your website.

Related Questions in PHP

Related Questions in AES

Related Questions in PAYMENT-GATEWAY

Related Questions in CCAVENUE

Related Questions in ADLER32

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

Copyright © 2021 Jogjafile Inc.