Security Error. Illegal access detected using ccavenue in php

Question

I am successfully redirecting to ccavenue payment gateway but on clicking the cancel button it is showing the error "Security Error. Illegal access detected" in the redirect url page.

This is my redirecturl page:

<?php include('Aes.php');include('adler32.php')?>
<?php
 $workingKey='myWorkingKey';        //Working Key should be provided here.
 $encResponse=$_POST["encResponse"];    //This is the response sent by the CCAvenue Server


$rcvdString=decrypt($encResponse,$workingKey);      
$AuthDesc="";
$MerchantId="";
$OrderId="";
$Amount=0;
$Checksum=0;
$veriChecksum=false;

$decryptValues=explode('&', $rcvdString);
$dataSize=sizeof($decryptValues);

echo "<center>";


for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
    if($i==0)   $MerchantId=$information[1];    
    if($i==1)   $OrderId=$information[1];
    if($i==2)   $Amount=$information[1];    
    if($i==3)   $AuthDesc=$information[1];
    if($i==4)   $Checksum=$information[1];  
}

$rcvdString=$MerchantId.'|'.$OrderId.'|'.$Amount.'|'.$AuthDesc.'|'.$workingKey;
$veriChecksum=verifyChecksum(genchecksum($rcvdString), $Checksum);

if($veriChecksum==TRUE && $AuthDesc==="Y")
{
    echo "<br>Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";

}
else if($veriChecksum==TRUE && $AuthDesc==="B")
{
    echo "<br>Thank you for shopping with us.We will keep you posted regarding the status of your order through e-mail";


}
else if($veriChecksum==TRUE && $AuthDesc==="N")
{
    echo "<br>Thank you for shopping with us.However,the transaction has been declined.";

}
else
{
    echo "<br>Security Error. Illegal access detected";

}


echo "<br><br>";

echo "<table cellspacing=4 cellpadding=4>";
for($i = 0; $i < $dataSize; $i++) 
{
    $information=explode('=',$decryptValues[$i]);
        echo '<tr><td>'.$information[0].'</td><td>'.$information[1].'</td></tr>';
}

echo "</table><br>";
echo "</center>";
?>

I googled about the issue but was not able to get any solution. How to solve this error..Please give some suggestions regarding the same?

Answer 1

I found from the documentation (might be outdated but i couldn't find an updated one) that you need to pass a paramater called cancel_url which CCAvenue will redirect the customer to this URL if the customer cancels the transaction on the billing page.

So in the page that you create the payment you need to add to your form something like this

<input type="hidden" id="cancel_url" name="cancel_url" value="the_url_where_you_will_proccess_canceled_orders">

You must already have something similar with redirect_url

Answer 2

There is nothing wrong with your code. You need to maintain separate page for cancel order, in which you need not to use CC avenue response code. Since, user didn't complete the payment you wont receive any response parameter from ccavenue. So, their is no need to $verifyCheckSum and $AuthDesc variables. They just cancelled their order willingly. So, just need to show them a msg "Your order has been cancelled", in your website.