I’m trying out Mal’s Shopping Cart intermixed with ExpressionEngine and I’m trying to figure out a few things. So far the directions in the manual couldn’t have gone easier, but I’d like ExpressionEngine to be more involved with the products end. (As a side note, I noticed in the manual that several times it says that it’ll help me setup a ‘store’ in a sub-folder and said that it’d be in the follow-up reference section only to not be found at all. Perhaps SP should know that or I just totally missed it.) Now after closer review I did look at the code that gets outputted and I want to replicate that and kind of automate the items that are for sale rather than having to rinse, recycle, and reuse things manually every time there is a new item.
So, my question(s):
How is the ‘hash’ determined for the products?
I see how it is determined for the ‘Link Verification’ part, but the number almost seems random for the product hash. Is there a way to ‘generate’ it somehow? Is that necessary to have that? Does the action create that or can I do that?
Also, how is the ‘config’ number figured out?
Is that something that can be ‘generated’ as well?
After review those items seem to be the only snags I have with being able to incorporate the two together. Any help or links or something useful would be great.
We’ll also see if EllisLabs delivers on an improved e-commerce module for EE 2.0.
I see how it is determined for the ‘Link Verification’ part, but the
number almost seems random for the product hash. Is there a way to
‘generate’ it somehow? Is that necessary to have that? Does the
action create that or can I do that?
The actions generate the hash code using an internal JavaScript
function. It uses a standard MD5 encoding method based on the private
key code (available from your Mals admin area) and the first ten
digits of the product description, the price and the shipping units.
When the cart gets an encoded request it uses MD5 to unscramble the
code and checks to see if these values match what’s in the order. If
they fail to match then the cart will throw an error.
As you are using PHP for Expression Engine I would recommend creating
a function that you can call globally throughout your site that
generates the hash code for you. For example to create a hash code you
could use something like this;
You would then echo the value of $hash in your Mals form.
Also, how is the ‘config’ number figured out?
Is that something that can be ‘generated’ as well?
If you are talking about the same thing I think you are then that’s
part of the Freeway implementation of the shop rather than something
that came from Mals. I seem to recall that this is a shorthand code to
tell the server what the store settings are as defined in the actions.
Prior to this you would need to log into the admin account and
manually change the cart styling options. As such i don’t think you’ll
find them documented anywhere. If you really felt brave you could run
through the styling options and try to reverse engineer the codes but
I suspect you’ve got more productive things to be doing.
Regards,
Tim.
When the cart gets an encoded request it uses MD5 to unscramble the code and checks to see if these values match what’s in the order.
Just to be utterly pedantic here, MD5 is a one-way hash – you cannot unscramble it ever. All you can do is prove that a particular input, run through the hashing algorithm, makes the same hash output as another unknown set of input.
If two separate inputs produce the same hash, you can infer that those two inputs are exactly alike in every detail. The odds of this not being true are something like 1 over the age of the universe in seconds.
The Mals cart takes in the three out of four variables from the purchase form, combines them with the secret key (which you don’t transmit in your form) and sees if they make the same hash that you sent. If they do, then the form was not tampered with.
This is known as shared-secret authentication, and it is really hard for anyone else to break. Given enough computer time and (more importantly) enough examples from your site to use as test samples, the secret key can be deduced. But it’s an awful lot of work to do just to buy some stuff at discount.
Ah, yep, that’s the one! Thanks for the clarification Walter.
Regards,
Tim.
On 25 Nov 2009, at 14:52, waltd wrote:
Just to be utterly pedantic here, MD5 is a one-way hash – you
cannot unscramble it ever. All you can do is prove that a particular
input, run through the hashing algorithm, makes the same hash output
as another unknown set of input.
Thanks for the responses. However, I’m not sure how to call a ‘function’ into making that happen. I’m a bit of a novice when it comes to PHP, but when I get it I get it.
I figured that I’d setup a weblog and have custom fields in it for Name, Description, Price, Product Thumbnail, and leave the units to always be ‘1’. How would I go about ‘calling’ this code snippet to fill in the missing pieces? Would I insert them as they are seen or do I have to wrap them in a tag of some sort?
Seems to be the last step, so hopefully it’s an easy one.
Perhaps Tim or Waltd could chime back in and kindly help out. I’m not feeling like spending $50 bucks on something that could be replaced when EE 2.0 comes out. However, I have seen a private beta view and the updated ecommerce module doesn’t look like it’s changed that much and a few others things I know Joe’s actions will have to be changed for. Especially ‘Saving Templates as Files’.
But I’m sure he knows that already.
Let’s all have a good laugh and watch me write how I think it’d go as a novice in PHP:
Hopefully this isn’t asking a lot, but I understand the last part about putting the input type field and what not, but where does the first part go? Does it go in the header or within the other ‘input types’? Also I’m not seeing a ‘secret_key’ being outputted even when I put in my information in a separate document I created. Does that always occur?
K, I missed the ball on one part. I forgot to enable PHP in EE for that specific template. So now it kinda doesn’t work, but it’s closer than it was. The problem now is that I’m not sure how to then setup the ‘product’, ‘price’ fields in my entries loop for the hash to be properly generated. Right now those fields are just custom field names.
Here’s a dumb thought.
Would it just be easier to create the products and prices (and any other items) in FW, publish the document to a dummy folder, then view the source in the browser and copy the hash into a custom field? Would at any time it create a different hash if say later down the road I used the same document? Perhaps a test is in order.
I have no problem doing that if it’s easier. I just want the entries to loop and that’s fine if I use FW as a generator for them.
