randvegeta

I appreciate that Blesta may be more for developers but that really is a restriction to many. Not everyone is going to find it accessible. And given the increased complexity, I think more and better documentation is really needed. Nice to know that you can do things that Blesta DOESN'T allow you to do . Kidding aside, as a 'non' developer, I've found making custom modules for our business needs has been fairly easy/straight forward. We have our own custom server management system and integrated it with our WHMCS with ease. I somewhat dread the idea of doing the same with Blesta and I would personally consider the extra hurdles to jump as a limitation. All things said and done, ACTUAL developers do seem to prefer Blesta so perhaps it is the only real choice for more competent programmers :-).

Fundamentally, I didn't come across anything that would make me thin Blesta is a poorly coded or constructed, or anything like that. But as a non-developer, I'm not exactly qualified to judge either way. With that being said, it took me a good 30 - 40 hours longer than it took me to do the same work for WHMCS. I am sorry to say, based on the information I have, I found Blesta very rigid, with many assumptions about modules/plugins that over complicate things, and with practically no documentation. My experience of the documentation was basically that there was none. I literally found no useful information of any kind in the documentation other than where to get the demo files. This is my biggest problem and criticisms, Now that the module is working, I have some understanding of how it all works so if I were to do it again, it would be easier and much faster than before. But in my non-developer opinion, it was overly complex with too many hoops to jump through. There is no reason I can think of it should be much more difficult, or require more specific programming methodologies for Blesta than it would for WHMCS. Honestly what is the benefit? I know this is probably starting to sound like a rant, but it honestly seemed to me that the module template was constructed in such a way.. just because! Like being OOP for the sake of being OOP. If I were to venture a guess, what happened was, someone was given a hammer, and everything started to look like nails. Again... just my non-developer opinion here. But at the end of the day, armed with the knowledge that Blesta is all nails and I now have a hammer, could probably take on other modules with more comfort and ease than before. Isn't that what community forums are all about? What do other people do?

Oh.. Then I can return null values, or even giberish and it will show the same thank you page and it won't matter. I'm returning empty values now and it looks fine! Looks like my module is done then! Tested and working. Took over a week.. but it's done! Thanks for the help everyone.

Ah. Great. I didn't realize the 'hostname' of the company referred to the Blesta installation. But it worked so thanks!

Where would this be set?

Hi everyone. New to Blesta and I'm having a small problem. In: Blesta -> Packages -> Order Forms -> {label link} This is a link to the order form for the selected group. Unfortunately the URL is incorrect. My Blesta is installed at http://my.domain.com/ and the order form is located at http://my.domain.com/order/main/index/Group However the link in Blesta goes to http://domain.com/order/main/index/Group. I'm not sure if this is a bug or a config issue on my part. Any help would be greatly appreciated!

Is there any functional purpose to the success method?

My method is the default example given in the template. public function success(array $get, array $post) { # # TODO: Return transaction data, if possible # $this->Input->setErrors($this->getCommonError("unsupported")); return array(); } But I have previously tried returning some values in the array but there do not appear to be any values to obtain from $get or $post. Give then following 'validate' method, what should I be putting in the 'success' method? public function validate(array $get, array $post) { $invoices = $this->ifSet($get['invoices']); $amount = $this->ifSet($get['amount']); $currency = $this->ifSet($get['currency']); $hash = $this->ifSet($get['hash']); $hashSeed = $this->ifSet($this->meta['secret']); // Log the successful response $this->log($this->ifSet($_SERVER['REQUEST_URI']), serialize($post), "output", true); $word = $invoices; // Used to create Hash $isSpecial = ""; //Null Default Value //Check if special currency if ($currency == "CRT") { $isSpecial = "#"; } $price = $amount.":".$isSpecial.$currency; //Converts the pirce into carrots $hashval = hash_word($word,$price,$hashSeed); #Checks if transaction is valid $status="error"; if ($hashval == $hash) { $status = "approved"; // set to '1' if valid } return array( 'client_id' => $this->ifSet($get[2]), 'amount' => $amount, 'currency' => $currency, 'status' => $status, // ('approved','declined','void','error','pending','refunded', or 'returned') 'reference_id' => null, 'transaction_id' => $hash, 'parent_transaction_id' => null, 'invoices' => unserialize(base64_decode($invoices)) // An array of arrays, each referencing the ID and Amount of each invoice paid ); } And what happens in case of failed (invalid) verification? How can I output a meaningful message to the client upon success/failure of a transaction?

This is what I see after the payment has gone through successfully. Rather than show any success message it shows this error. As far as I can see there are no variables to print. But I can confirm it is the 'success' function as I can echo random text okay.

Ah.. there is one thing. Even though the payment goes through, there is still an error displayed. http://i.imgur.com/F9jQElN.png

Thanks Tyson! I base64 decoded and unserialized and it seems to be all good now! As far as I can tell, it's all working.

FYI, here is the callback URL and the code within the validate function. public function validate(array $get, array $post) { # # TODO: Verify the get/post data, then return the transaction # # $invoices = $this->ifSet($get['invoices']); $amount = $this->ifSet($get['amount']); $currency = $this->ifSet($get['currency']); $hash = $this->ifSet($get['hash']); $hashSeed = $this->ifSet($this->meta['secret']); // Log the successful response $this->log($this->ifSet($_SERVER['REQUEST_URI']), serialize($post), "output", true); $word = $invoices; // Used to create Hash $isSpecial = ""; //Null Default Value //Check if special currency if ($currency == "CRT") { $isSpecial = "#"; } $price = $amount.":".$isSpecial.$currency; //Converts the pirce into carrots $hashval = hash_word($word,$price,$hashSeed); #Checks if transaction is valid $status="error"; if ($hashval == $hash) { $status = "approved"; // set to '1' if valid } return array( 'client_id' => $this->ifSet($get[2]), 'amount' => $amount, 'currency' => $currency, 'status' => $status, // ('approved','declined','void','error','pending','refunded', or 'returned') 'reference_id' => null, 'transaction_id' => $hash, 'parent_transaction_id' => null, 'invoices' => array(array('id' => $this->ifSet($get['invoices']), 'amount' => $amount)) // An array of arrays, each referencing the ID and Amount of each invoice paid ); } Does that look right?

Does this mean payments to invoices are SUPPOSED to be applied instantly and not need to wait for the cron to execute? I checked and it does appear to be enabled. Any ideas as to why I might be seeing these problems?

Okay so my payment gateway module seems to be working. I just need to do some further testing. I have gone through the entire process of ordering and paying an invoice. The payment goes through, and the system logs the payment correctly. However before the invoice is marked as paid, the transaction doesn't immediately get applied to the invoice. After 5 or so minutes, the payment is then applied and the invoice is marked as paid. Not a big deal but is there any reason for this delay? Why is it not applied immediately? Also, even after the payment is made, the product isn't automatically provisioned as is expected. Within the client area it just shows up as a pending product and I need to manually click 'activate' within the admin area. I double checked to make sure there wasn't anything requiring manual approval or intervention. Any ideas?

Hi Paul, thanks for your feedback. This is good to know. So I need not write any special code to check invoice currency. I can just verify the payment and if the currency is wrong, then it just won't be applied to the invoice then. That's good. It would be possible for someone to change the payment parameters before making the payment. But for whatever transaction that is actually made, so long as it is recorded correctly, hopefully I need not worry. Serge, I'm not sure what you are saying is correct as they contradict with Paul said. Unless of course I am misunderstanding you. I can pass any parameters to CarrotPay, yes. It is highly flexible gateway in this respect. Actually it is done only be adding the paramters to the return URL and it would technically be possible to modify the params by editing the return url itself. However, this should invalidate the hash so it is not a problem. I really don't understand what you are trying to say here. Sorry. But CarrotPay works like this. You MUST pass the following to CarrotPay: price (including currency) and some 'word' that will be hashed. You can then pass any other parameters within the return URL. When CarrotPay receives the payment, it does the following: hash($word, $price, $seed); Where: price = amount + currency seed = secret / password that is stored within the blesta database (CarrotPay knows this secret) word = any string you like. Normally with the paramaters you pass in the return URL. So $word is normally a string that looks like $invoices.$amount.$currency.$clientid etc. If someone attempts to modify the parameters in the return URL AFTER payment. the hash will not match and so the transaction would be invalid. If someone attempts to modify the parameters of the return URL BEFORE payment, then they would also need to change the 'word'. They COULD do that but when the transaction comes through, it will be recognized correctly with the actual details. So if they change the currency or amount, I can check that.

Well I just want to see the returned variables are and what hash I generate. Just trying to see how it all goes step by step. I have an owned license, so I suppose I can request a dev license also? Also, I am curious how Blesta handles payments in currencies other than the what is stated in the invoice. For example, as CarrotPay only passes information back via the the return URL, a fraudster may attempt to pass a transaction off by changing some of the parameters of the initial payment. For example, an invoice for US$100 may be issued. The fraudster may change the currency param to Hong Kong Dollars, and pay HK$100 instead. In the return URL, the amount and currency should still correctly show a payment HK$100, and the hash should still be reproduced correctly. But when applying the payment, will the Blesta take into consideration that HK$100 was paid and NOT US$100? If yes, what would happen? If not, how can I do the check myself to make sure the client is paying the correct currency (i.e. how can I check the invoice currency).

Okay so I am making some more progress and have managed to log a few test transactions, but it seems as soon as the callback URL is loaded, the page redirects to the 'return_url' page. But there are no parameters passed to it. It just says : How can I debug if I can't see any output?

Since I am just testing, is there any way to delete the test transactions?

I assume you just need the paramters? The return URL would look somthing like this <Blesta.Return_URL>/?invoiceid=111&amount=9.70&currency=USD&hash=HGGJUWGSNDHSD The important part is the 'hash'. I can generate my own hash using the other variables and compare the one returned by CarrotPay. if they match, then the payment is verified. So all I need to do is this: 1.) Get Variables 2.) Generate HASH 3.) Compare my hash to CarrotPay hash. -> if match, then payment is verified -> else, invalid In terms of paramters in the callback URL, I can include whatever I want actually, so I can add the client ID if needed. I can get the 'GET' paramters and then generate/compare the hash. What I do after that I am not sure on.

From What I can understand, and please correct me if I'm wrong, the 'success' function is the function related to the return_url parameter. It does nothing but serve as a place for client's to be sent back to after payment is made. Nothing in there saves the transaction details or applies them to invoices. It is instead the 'validate' function which relates to actually processing the payment, but there is no html to be displayed to the client here as it is intended for server to server communication. Is this right? If yes, how am I to proceed given CarrotPay does not use the 'callback' feature, and instead only gives a return URL for the client. The return_url then includes all transaction data to be verified by the merchant. Can I use the callback URL in place of the return URL?

ight... with CarrotPay, there is no 'callback' to the server. The only thing used is the 'return_url'. Can the transaction be completed only with the return_url? All I need to do is fetch the variables (in a GET) from the URL, and reproduce the hash to verify payment. If the hash matches, then accept the transaction, otherwise, return an error. I am finding it difficult to do this. As for where I am getting stuck, I understand that I can get the variables using $_GET['var'] or $_REQUEST['var']. But where am I supposed to be doing this, given I only have a return_url, and no call back is made. AND what do I need to do after I get the variables and confirm the payment is made. Perhaps someone could explain this to me? From the 2CO gateway module public function validate(array $get, array $post) { // Order number to verify key must be "1" if demo mode is set $order_number = ($this->ifSet($post['demo']) == "Y") ? "1" : $this->ifSet($post['order_number']); // Validate the response is as expected $rules = array( 'key' => array( 'valid' => array( 'rule' => array("compares", "==", strtoupper(md5($this->ifSet($this->meta['secret_word']) . $this->ifSet($this->meta['vendor_id']) . $order_number . $this->ifSet($post['total'])))), 'message' => Language::_("_2Checkout.!error.key.valid", true) ) ), 'credit_card_processed' => array( 'completed' => array( 'rule' => array("compares", "==", "Y"), 'message' => Language::_("_2Checkout.!error.credit_card_processed.completed", true) ) ), 'sid' => array( 'valid' => array( 'rule' => array("compares", "==", $this->ifSet($this->meta['vendor_id'])), 'message' => Language::_("_2Checkout.!error.sid.valid", true) ) ) ); $this->Input->setRules($rules); $success = $this->Input->validates($post); // Log the response $this->log($this->ifSet($_SERVER['REQUEST_URI']), serialize($post), "output", $success); if (!$success) return; return array( 'client_id' => $this->ifSet($post['client_id']), 'amount' => $this->ifSet($post['total']), 'currency' => $this->ifSet($post['currency_code']), 'invoices' => unserialize(base64_decode($this->ifSet($post['invoices']))), 'status' => "approved", 'reference_id' => null, 'transaction_id' => $this->ifSet($post['order_number']), 'parent_transaction_id' => null ); } /** * Returns data regarding a success transaction. This method is invoked when * a client returns from the non-merchant gateway's web site back to Blesta. * * @param array $get The GET data for this request * @param array $post The POST data for this request * @return array An array of transaction data, may set errors using Input if the data appears invalid * - client_id The ID of the client that attempted the payment * - amount The amount of the payment * - currency The currency of the payment * - invoices An array of invoices and the amount the payment should be applied to (if any) including: * - id The ID of the invoice to apply to * - amount The amount to apply to the invoice * - status The status of the transaction (approved, declined, void, pending, reconciled, refunded, returned) * - transaction_id The ID returned by the gateway to identify this transaction * - parent_transaction_id The ID returned by the gateway to identify this transaction's original transaction */ public function success(array $get, array $post) { return array( 'client_id' => $this->ifSet($post['client_id']), 'amount' => $this->ifSet($post['total']), 'currency' => $this->ifSet($post['currency_code']), 'invoices' => unserialize(base64_decode($this->ifSet($post['invoices']))), 'status' => "approved", 'transaction_id' => $this->ifSet($post['order_number']), 'parent_transaction_id' => null ); }

I believe I have made good progress with generating the payment page. I have been able to get the wallet to appear on screen with all the neccessary information. Now I just need to work on the callback/return_URL. But I can't see how it's supposed to work. I just see: I am looking at the 'validate' function but I can't see how it is supposed to be used. And the return URL may invalidate the 'get' params set in the URL itself. What do I do?

I have no problem loading the javascript on the payment page. The problem was that the example does not have an HTML form but rather one is generated. I built the WHMCS without problem and without example code or a demo. There were no 'tools' that were included, which allowed very free reign over what I could do. Blesta seems to have certain 'tools' and pre-set variables which are irrelevant to some merchant gateways and I am unsure if I should/could do away with them or if they are mandatory. Or if indeed there are other tools available I could use rather than hard coding into the processes.pdt file. Well you see this is why my feeling is that Blesta can be quite rigid. It's not so obvious, and the definitions coined by Blesta do not cover the CarrotPay system. At least not in an absolute clear way. I would say it is more NON-MERCHANT than anything else however. I know I have to create my own 'code' for this but a form is not what I want/need. Again, there is a function within the processes.pdt file that auto generates a form. I do not need a form, so I am not 100% sure if this is something I can simply remove. In any case, I have made some good progress and should be able to get it working and tested within a couple days. Sadly, I must say I have found the documentation completely useless. And I'm not convinced that OOP serves any purpose at the gateway module stage. Just over complicates things in my opinion. Ahh what do I know any way. I'm not a developer.

I am making some progress but I am finding that Blesta is a bit too rigid (or I am just not familiar with how things are done?). As you can see from my WHMCS module, there is no 'form' submission. Instead there is some JavaScript which loads the wallet directly into the browser and everything is done on the page. CarrotPay IS NOT a merchant gateway but what Blesta describes as NON-MERCHANT as no details are collected about the client in order to process the transaction. Is the payment button the only thing that can be displayed because I am not sure what options are available to me. The Processes.pdt does not have any HTML generating a form, but it is there on the payment page....

There are 2 advantages for us, which may not necessarily relevant to others. 1.) They are an HK based gateway so it makes things a little easier for us since we too are based in HK. 2.) We can issue something called 'SiteCoins'. Basically it's kind of like a coupon but it appears in the clients 'wallet' as money that can be spent on our site. This is independent of the billing system. You can see how it works here: http://hosthongkong.net/?page=free We really want to take advantage of this sitecoin feature and it's just not available with anyone else.