Posted by er_gaurav_sharma on June 24, 2011 at 9:27am
4 followers
| Project: | EBS Payment Gateway for Ubercart |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
I have studied your code thoroughly in order to get fast to make module for my payment gateway. But what i see u are doing currency conversion to INR during submitting form to EBS payment gateway as follows: "// Convert any monetary value from the store's currency to Indian Rupees.
$result = _uc_ebs_currency_calc($order->order_total);"
That's ok, but why are you not converting INR back to Original one after receiving response form from EBS on successful payment.
tech detail:
what ubercart does when recieve payment it caluclate balance which should be zero or negative, It works in case of EURO, DOLLAR, POND and any other that has higher value that INR. But for currencies having value less that INR it just won't work.
Comments
#1
>>But what i see u are doing currency conversion to INR during submitting form to EBS payment gateway as follows:
That's because of the requirement of EBS that all currency calculations in the last step of the checkout should be in INR.
The original module for drupal 5.0 was written by none other than Ryan Szrama, the project lead of Ubercart. Therefore, I am not sure he would have left out the reconversion back from INR unless there was a good reason.
Changing the status until you can explain in greater detail why this is such a serious bug, as you claim.
#2
ok, for that i am going to explain it with an example. Before that we need to understand how drupal ubercart works in regards to payment processing. When someone checkout, Ubercart calculate some value called "order total". Let it be $100. EBS payment gateway(Module) convert it to INR say "Rs5000". And send that amount to EBS gateway for further processing. After payment at EBS side successful, EBS return some information regarding payment where we get the one important value "received amount" that of course will be 5000. Since you are not converting back to dollar. Now what ubercart does it subtract that value from order total that is "order total - return value" is 100 - 5000 = -4900. That is negative value. This negative value is called "balance" that you can see in every order. Now what important to us that we want drupal ubercart set order status from "payment pending" to "payment received" or "payment complete" after someone has paid total amount. It will be only happened if balance is either negative or zero. Otherwise it will be stayed at pending status. Well in above example you don't need to worry since payment is negative. But think carefully when someone after checkout redirect to EBS and he maliciously change the amount from 5000 to say 1000. Then after successful payment balance will be "100 - 1000" still negative and thus status will be payment complete. Which is definitely u don't want.
Second example, in above example dollar is base amount and bigger than rupee. Now let's take an example where rupee is stronger. Let shopping cart base amount is pakistani rupee which is smaller in value than indian rupee. that is 1 INR = 2 pakistani rupee.
So let "order total" is 1000 pakistani rupee and you are converting it to "INR" and it will be 500.
Now since you are not converting back to Pakistani rupee after successful payment. That "balance" will be "order total - received amount " that is "1000 - 500" = 500, that is neither negative nor zero. And payment status remain pending instead of Complete.
#3
If u still not convinced just implement my second example in your lab and see what will happen. reference "http://drupal.org/node/1198726#comment-4673642"
#4
Hi,
I am having issue with the payment to ebs.
I am receiving the following error while checking out through drupal and ubercart configurations.
Oops!
It seems an error has occured, the page you are trying to reach is not accessible.
Error!
phone is too short or empty
Any idea !!! Please help.
Also Could you also provide if you have any documentation for the ebs payment gateway ?
I need to create the html code buy now button similar to the paypal.
What is the url to which we can redirect for actual / test payment of the same and where I can find
documentation for the same as ebs api current documentation has only action, action status and the
currency converter codes but no checkout html code.
Thanks in Advance,
prathK
#5
@er_gaurav_sharma, thank you for the examples. We will test them for sure.
@ prathK, I am afraid you have to contact EBS for documentation relating to their gateway. If you ask for the latest integration kit, they should be able to help you.
#6
First, i have already tested it, and i am right. Second, it's very simple to understand when u do calculations it should be in same format. For example,
1). You can't $200 + Rs 200 = Rs 400 // It's wrong
2). You can $200 * 45 + Rs 200 = Rs 9200 //it's right
That's something is happening in EBS module.
If your base amount is dollar, pound, Euro anything that is bigger than rupee. It works but it does not prevent you from malicious attack that can change amount to be paid at EBS payment gateway site.
If your base amount is Japanese yen and anything that is smaller than rupee. It just don't work at all.
#7
Hi venkat-rk,
Thanks for the help. I found the solution with latest integration kit. :)
prathK
#8
@er_gaurav_sharma
I have attached a patch to solve this issue. Can you pls check if this solves? I haven't tested it on a live site but I guess this should work as expected.
@venkat-rk, once the patch is RTBC, I will commit it to the repo.
#9
You have done a good job by knowing the mistake and are trying to resolve it. i have not applied your patch because i just opened your patched file in notepad just to know what you have done. You are doing what i wanted to do (convert INR back to USD in $response['Amount']) but you have created another mistake of calculating balance. Balance calculation is the job of Ubercart via (uc_payment_enter) method.
Just skip that step do simply.
" $converted_amount = currency_api_convert('INR', variable_get('uc_currency_code', 'USD'), $response['Amount']);
uc_payment_enter($order->order_id, 'ebs', $converted_amount['value'], $order->uid, NULL, $response['ResponseMessage']);
uc_cart_complete_sale($order); "
So that's the solution. So don't do balance checking.
#10
i have just modified your "uc_ebs.module" for my project. I have not much time for making patch so i just attached a new version of this file with fixes and just search "_uc_ebs_currency_calc_rev" string in the file and you will figure out what i have done and you will have the solution.
#11
Not really. Ubercart is not responsible for checking variation in amount due to double conversion of currencies. If you look at my comment in the patch,
+ //ignore any difference in fraction due to double conversion of currency.+ // eg. 15 USD converted to INR 688.875
+ // but INR 688.875 gets converted to 15.017475 USD
+ $balance = (int) ($order->order_total - $converted_amount['value']);
The balance calculation above is to make sure that ubercart does not report incorrect balance just because we are doing the conversion twice. If we didn't do this, (for the above example), then ubercart will mention that the amount paid as 15.017475 USD and mark a balance of + 0.017475 USD.
#12
First, balance = order total - response amount, in your case it would be $15 - $15.017475 = -$0.017475 not +0.017475 USD.
Second Balance calculation is also done by "uc_payment_enter" i am 100% sure. Because i have studied ubercart thoroughly. and I have made several payment gateway module and are all working in any kind of base currency.
Third most important, You are doing a smart work here by calculating balance yourself. I appreciate that approach it would save you from most of the challenges.
So from me you are done. Congratulation to you.
#13
One more thing if am not wrong you have done in attached patch file " $amount = ($balance) ? $converted_amount : $order->order_total;". I think it should be $converted_amount['value'] instead of $converted_amount.
What do you think?
#14
nice catch! Yes, it should be $converted_amount['value']. Will correct it on deploying this patch.