myBlog myBlog Home

Back to Blog MTNCOMP


ASP, Javascript, SHA1 code for First Data Global Gateway

Published: Saturday, February 9, 2019 written by Drew Jackson
View Count: 224
Keywords: sha1, first data, global gateway, asp, javascript



Back in 2009, for a client had to implement a finance ecommerce integration that had very little documentation.. and their phone and email support was like. you are on your own. This was a top tier bank too. Therefore, based on a 10-15 code lines of samples, we put together a fully functional SHA1 for First Data Global Gateway handler.
 
They gave me a sample but did not work, and took me like 2 weeks to figure it out using ASP and Javascript, and then they modified the underlying code to something stronger which we did and this still worked as of 2019. They like php and java and the LAMP stack, not the Microsoft stack. Even their .Net did not work out of the box.
 
Odd, yet what First Data Global Gateway samples gave us was like 10 lines of code and that was it. Nada, no help. Eventually had to piece together the working solution.

The biggest problem they had was the date/time zone issues with Daylight Savings time having to be within 1 hour sync west coast to east coast. they eventually eased the 1 hour restriction to a little larger so we don't have to change the hour coding +/- 1.

This works on IIS 5.0 and higher with IIS server side includes enabled, classic ASP enabled, 32 bit application mode enabled.


< %@ LANGUAGE="VBSCRIPT" % >
< %
   option explicit
   response.expires = 0
   if request.querystring("method") = "leaveadminmode" then
       session("un") = ""
   end if
  
'if Request.Servervariables("REMOTE_ADDR") <> "yourhostingiphere" then
'    response.redirect "Classes.asp"
'end if

% >
< % Response.CacheControl = "no-cache" % >
< % Response.AddHeader "Pragma", "no-cache" % >
< % Response.Expires = -1 % >
<!--#include virtual="/......./inc/adovbs.asp"-->
<!--#include virtual="/......./inc/sqldsn.asp"-->
<!--#include virtual="/......./inc/sqltext.asp"-->

< %
Dim sha1
set sha1 =  GetObject("script:"&Server.MapPath("/......./inc/yoursha1-filehere.wsc"))
' set a property
sha1.hexcase = 1
Dim result1
% >
<script language='Javascript' runat='server'>
  function jsGetUTCTime() {
    //var d = new Date();
    //return d.toUTCString();

    x = new Date()
    var UTCseconds = ( (x.getTime()/1000) - (x.getTimezoneOffset()/60)  );
    return UTCseconds

  }
</script>
<script language='VBScript' runat='server'>
Function getUTCTime()
    ' Use JScript to get the current GMT time stamp
    getUTCTime = jsGetUTCTime()
//    getUTCTime = jsGetUTCTime() - 3600
End Function
</script>

< %
if request.querystring("mode") = "delete" then
    sql = "delete from tbl_ShoppingCart where Row_ID = " & request.querystring("Row_ID") & " "
    'response.write (sql)
    set rs = Conn.Execute(sql)
    response.redirect "register.asp"
end if

if request.querystring("Class") <> "" then
sql = "select * from tbl_ClassEvents where ClassEvent_Number = '" & request.querystring("Class") & "'"
'response.write (sql)
set rs = Conn.Execute(sql)

    rem found the record, insert it into the shopping cart....    
    sql1 = "INSERT INTO tbl_ShoppingCart "
    sql1 = sql1 & " (SessionID, ClassEvent_Number, Qty, Price, Extended_Price) "
    sql1 = sql1 & " SELECT "
    sql1 = sql1 & " " & Session.SessionID & ", "
    sql1 = sql1 & " '" & trim(request.querystring("Class")) & "', "
    sql1 = sql1 & " 1, "
    sql1 = sql1 & rs("ClassEvent_BasePrice") & ", "
    sql1 = sql1 & rs("ClassEvent_BasePrice") & " "
    'response.write (sql1)
    set rs1 = Conn.Execute(sql1)
    response.redirect "register.asp"
end if
% >
<html>
<head>
<title>your title here</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {font-family: Arial, Helvetica, sans-serif}
.style2 {font-family: Arial, Helvetica, sans-serif; font-size: 13px; }
body {
    background-image: url();
    background-color: #062134;
}
a:link {
    color: #2B7CBB;
    text-decoration: none;
}
a:visited {
    color: #2B7CBB;
    text-decoration: none;
}
a:hover {
    color: #8A8993;
    text-decoration: underline;
}
a:active {
    color: #2B7CBB;
    text-decoration: none;
}
.style14 {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 15px;
    color: #000000;
    font-weight: bold;
}
.style15 {font-family: Arial, Helvetica, sans-serif; font-weight: bold; }
.style16 {color: #254590}
-->
</style>
</head>
<body>

<div align="center">

<form action="https://checkout.globalgatewaye4.firstdata.com/payment" method="POST" name="registerShoppingCart"  onSubmit="return checkform(this.form)">

  <p style="margin-bottom: 0">&nbsp;</p>
  <table width="700" border="0" cellpadding="5" bordercolor="#FFFEFF" bgcolor="#1B2E70">
    <tr valign="top">
      <td colspan="2" ><img src="images/yourlogobannerhere.ext" width="684" height="141" alt="your alt title tag here" title="your alt title tag here"></td>
    </tr>
    <tr valign="top" bgcolor="#6592C9">
      <td width="515" >&nbsp;</td>
      <td width="155"><div align="center"><span class="style14">Call {your phone here}</span></div></td>
    </tr>
  </table>
  <table width="700" border="0" cellpadding="5" bgcolor="#FFFFFF">
  <tr valign="top">

    <td width="59"><div align="center" class="style2">
      &nbsp;
    </div></td>
    <td width="62"><div align="center" class="style2">
      <div align="center"><a href="Register.asp"><strong>Register</strong></a></div>
    </div></td>
    <td width="96"><div align="center" class="style2">
      <div align="center"><a href="aspCalendar.asp"><strong>Calendar</strong></a></div>
    </div></td>
    <td width="72"><div align="center" class="style2">
      &nbsp;
    </div></td>
    <td width="72"><div align="center" class="style2">
      &nbsp;
    </div></td>
    <td width="62"><div align="center">&nbsp;</div></td>
    <td width="85"><div align="center" class="style2">
      &nbsp;
    </div></td>
    <td width="77"><div align="center" class="style2">
      &nbsp;
    </div></td>
    <td width="41"><div align="center" class="style2">
      <div align="center"><a href="http://www.yourdomainnamehere.com"><strong>Home </strong></a></div>
    </div></td>


    </tr>
  <tr valign="top">
    <td colspan="8">&nbsp;</td>
    </tr>
  <tr valign="top" bgcolor="#C4D2EA">
    <td colspan="8"><p class="style15" style="margin-top: 0; margin-bottom: 0">Register </p>
      </td>
  </tr>
  <tr valign="top">
    <td colspan="8"><br><div class='chkbox' style='background-color: #F9F8C7;'>
        <span class="style2"><strong>I agree to the <a href='http://www.yourdomainnamehere.com/#!polices/voe78'>Terms and Conditions, Policy Acknowledgement</a>
        &nbsp;click this checkbox =>></strong><input name='terms' type='checkbox'></span>
        </div>
          <p><span class="style2">I have read and understand the registration, rescheduling, and cancelation policies of {your company here}. I have also read and understand the textbook requirements for class(es) and will bring the appropriate books to the course. I know I must prepare for class beforehand and bring any applicable paperwork &ndash; completed pretests, verification materials and copies of current course cards to the course.</span><br></p>
    </td>
  </tr>
<tr>
<td colspan='9'>
<script language="Javascript">
<!--
function checkform(){


  if (!document.registerShoppingCart.terms.checked) {
    alert("At the top of this page, please agree to the Terms and Conditions. Thank you.")
    return false}
  if (document.registerShoppingCart.x_user1.value == ''){
    alert("Please enter your Company Name or Attendee Name. Thank you.")
  return false}
  if (document.registerShoppingCart.x_user2.value == ''){
    alert("Please enter your Professional Medical ID Number and Expiration Date. Thank you.")
  return false}
  if (document.registerShoppingCart.x_user3.value == ''){
    alert("Please enter your Date of Birth (DOB). Thank you.")
  return false}
  if (document.registerShoppingCart.x_email.value == ''){
    alert("Please enter your Email Address. Thank you.")
  return false}
  if (document.registerShoppingCart.x_phone.value == ''){
    alert("Please enter Telephone Number. Thank you.")
  return false}

}
// -->
</script>


< % rem SID: response.write (Session.SessionID) % >
< %
dim shoppingcart_total, buf, line_item
sql = " SELECT sc.Row_ID, sc.ClassEvent_Number, ce.ClassEvent_Title, ce.ClassEvent_Dates, ce.ClassEvent_TimeFrame, ce.ClassEvent_Location, sc.Qty, sc.Price, sc.Extended_Price from tbl_ShoppingCart sc, tbl_ClassEvents ce where sc.ClassEvent_Number = ce.ClassEvent_Number AND sc.SessionID = " & Session.SessionID
'response.write (sql)
set rs1 = Conn.Execute(sql)
if not rs1.EOF then
    response.write ("<table border='0' cellspacing='0' cellpadding='10%' width='100%' cellpadding='0'>")
    response.write ("<tr><td rowspan='10'><img src='images/shopping_cart_thumb.jpg'></td></tr>")
    response.write ("<tr><td bgcolor='white' colspan='8'><b><font face='Arial' size='+1'>Your Shopping Cart</font></b></td></tr>")
    response.write ("<tr><td bgcolor='white'><b><font face='Arial' size='-1'>Class</b></td><td bgcolor='white'><b><font face='Arial' size='-1'>Price</font></b></td><td bgcolor='white'><b><font face='Arial' size='-1'>Attendees</font></b></td><td bgcolor='white'><b><font face='Arial' size='-1'><center>Extended Price</center></font></b></td><td bgcolor='white'>&nbsp;</td></tr>")
    Do While Not rs1.EOF
    response.write ("<tr>")
    response.write ("<td><font face='Arial' size='-1'> " & rs1("ClassEvent_Number") & "," & GetSQLText(rs1("ClassEvent_Title")) & ", " & GetSQLText(rs1("ClassEvent_Dates")) & ", " & GetSQLText(rs1("ClassEvent_TimeFrame")) & ", " & GetSQLText(rs1("ClassEvent_Location")) & " </td><td><font face='Arial' size='-1'><center>" & formatcurrency(rs1("Price"),2) & "</font></td><td><center><font face='Arial' size='-1'>" & rs1("Qty") & "</font></td><td><font face='Arial' size='-1'><center>" & formatcurrency(rs1("Extended_Price"),2) & "</font> </td> " )
    response.write ("<td> " & "<input type='button' name='Remove' value='Remove' OnClick=" & chr(34) & "window.open('register.asp?mode=delete&row_id=" & rs1("Row_ID") & "', '_parent')" & chr(34) & "</td>"  )
   
    line_item = GetSQLText(rs1("ClassEvent_Number")) & ", " & GetSQLText(rs1("ClassEvent_Title")) & ", "  & GetSQLText(rs1("ClassEvent_Dates")) & ", " & GetSQLText(rs1("ClassEvent_TimeFrame")) & " @ " & GetSQLText(rs1("ClassEvent_Location")) & ": "
    buf = buf & line_item
    shoppingcart_total = shoppingcart_total + CCur(rs1("Extended_Price"))
    response.write ("</tr>")
    'add firstdata x_line_item
    '<input name="x_line_item" value="1<|>COURSENUM,COURSE TITLE, COURSE DATE TIME, COURSE LOCATION <|>COURENUM,COURSE TITLE, COURSE DATE TIME, COURSE LOCATION <|>1<|>285.00<|>YES" type="hidden"> 
    response.write ("<input name='x_line_item' type='hidden' value='" & "1<|>" & line_item & "<|>" & line_item & "<|>1<|>" &  CCur(rs1("Extended_Price")) & "<|>NO'>") & vbcrlf
   
    rs1.MoveNext
    Loop
    response.write ("<tr><td bgcolor='white' colspan='8'><p align='center'><b><font face='Arial' size='-1'>Shopping Cart Total = " & formatcurrency(shoppingcart_total, 2) & "</font></b></td></tr>")
    response.write ("<tr><td bgcolor='white' colspan='8'><p align='center'><b><font face='Arial' ><a href='aspCalendar.asp'>Continue Shopping</a></font></b></td></tr>")
    response.write ("<tr><td bgcolor='white' colspan='8'><p align='center'><font face='Arial' size='-1'><hr>Note: To add more classes to your shopping cart and certification renewal schedule for the year, please go back to the <a href='aspCalendar.asp'>Calendar</a> and locate your next class.</font></td></tr>")
    response.write ("<tr><td bgcolor='white' colspan='8'><p align='center'><font face='Arial' size='-1'><hr><font color='red'><b>Additional Information Required to Register, Check Out & Pay</b></font>")

    'required fields
    response.write ("<br><br><b>Company/Attendee Name:</b><br><input placeholder='Type your name or company name' type='text' name='x_user1' size='35' maxlength='50'  style='background-color: #F9F8C7;'>")
    response.write ("<br><br><b>MD/RN/Professional ID# with Expiration Date</b><br><input placeholder='Type your Professional ID# with Exp. Date MM/DD/YYYY' type='text' name='x_user2' size='75' maxlength='75' style='background-color: #F9F8C7;'>")
    response.write ("<br><br><b>Date of Birth (DOB)</b><br> <input placeholder='MM/DD/YYYY' type='text' name='x_user3' size='20' maxlength='20' style='background-color: #F9F8C7;'>")
    response.write ("<br><br><b>Attendee Email Address: </b><br> <input placeholder='AttendeeEmailAddress@domain.com' type='text' name='x_email' size='50' maxlength='75' style='background-color: #F9F8C7;'>")
    response.write ("<br><br><b>Payee Email Address (if different than Attendee Email address)</b><br> <input placeholder='billingemail@domain.com' type='text' name='x_description' size='50' maxlength='75' style='background-color: #F9F8C7;'>")
    response.write ("<br><br><b>Telephone #</b><br> <input placeholder='Phone (###) ###-#### Ext ###' type='text' name='x_phone' size='75' maxlength='75' style='background-color: #F9F8C7;'>")

    response.write ("</font></td></tr></table>")
    response.write ("<br><center><input type='Submit' name='Submit' value='Check out - Pay for Classes'></center>")
else
% >
    <hr>
    <div align="center"><font face='Arial' size='-1' color='Red'>Your Shopping Cart is empty. Navigate to the <a href="aspCalendar.asp">Calendar</a> page. Classes page offers single class immediate registration, and the Calendar offers single and multiple class registration and a shopping cart.</font></div>
    <hr>
< %
    shoppingcart_total = 0
end if

% >

< %
'The x_fp_hash calculation is performed using the HMAC-MD5 key (the Transaction Key from the Global Gateway e4^(SM) Payment Page configuration) and the HMAC-MD5 message,
'or payload, as the concatenation of x_login, x_fp_sequence, x_fp_timestamp, x_amount, and (if used) x_currency_code – all separated by the ^ character
'(see also Section 6.1, "Essential Fields"). The value of the Transaction Key can be found within the "Security” tab of the Global Gateway e4^(SM) Payment Page configuration as seen in the image below.

dim x_login, trans_key, z_utc_time_stamp, m_utc_time_stamp, x_amount, fp_hash, fp_hash_message, currency_code, fp_sequence

x_login = "WSP-yourlogintokenhere"
trans_key = "YDp-yourtranskeyhere"
currency_code = "USD"
fp_sequence = "123456"

'z_utc_time_stamp = getUTCTime()
'z_utc_time_stamp = left(z_utc_time_stamp, len(z_utc_time_stamp - 4))
'm_utc_time_stamp = DateDiff("s", "01/01/1970 00:00:00", dateAdd("h", 7, Now()))
'm_utc_time_stamp = DateDiff("s", "01/01/1970 00:00:00", cStr(z_utc_time_stamp))
m_utc_time_stamp = getUTCTime()

x_amount = shoppingcart_total

fp_hash_message = x_login & "^" & fp_sequence & "^" & m_utc_time_stamp & "^" & x_amount & "^" & currency_code
fp_hash = sha1.hex_hmac_sha1(trans_key, fp_hash_message)


% >
<input name="x_login" value="< %=x_login% >" type="hidden">
<input name="x_amount" value="< %=shoppingcart_total% >" type="hidden">
<input name="x_fp_sequence" value="< %=fp_sequence% >" type="hidden">
<input name="x_fp_timestamp" value="< %=m_utc_time_stamp% >" type="hidden">
<input name="x_fp_utc_timestamp" value='< %=z_utc_time_stamp% >' type="hidden">
<input name="x_fp_hash" value="< %=lcase(fp_hash)% >" type="hidden">
<input name="x_currency_code" value="< %=currency_code% >" type="hidden">
<input name="x_show_form" value="PAYMENT_FORM" type="hidden">
<input type="hidden" name="comments" value="< %=buf% >">

<input name="x_tax" value="0" type="hidden">
<input name="x_freight" value="0" type="hidden">


</td>
</tr>
<tr>
<td colspan="8">
    <br><hr><center>
      <span class="style16"><font face='Arial' size='-1'><span class="style2">Group Registration:</span></span><span class="style2"> If an organization would like register more than one person, please Contact {your company here} by telephone or email to arrange for a special group order and available package discounts.</span>
    </center><hr>
</td>
</tr>
  <tr valign="top">
    <td colspan="8"><div align="center"><span class="style2">&copy; 2009-< %=year(date())% > your company here, All rights reserved.</span></div></td>
  </tr>
</table>
  <p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p class="style1" style="margin-bottom: 0;"><br>
  </p>

</form>

</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-yourSeoAnalyticscodehere");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>
 
 
 
 

if you found this article helpful, consider contributing $10, 20 or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.

© 2019 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.