Right, I am going to write a quick blog about PayPoint payment gateway, since I know for a fact there isn't too much information on the net concerning this API. I am not going to go into full details on how integrate the gateway, just my major stumbling block.

When using 3D Secure (you know that form that pops up from the bank when you buy stuff online) you call a function called threeDSecureEnrolmentRequest([args]). You give that function a bunch of parameters, such as your username, password and
some details about the order, such as total and the card details etc etc. This goes off to PayPoint and they give you back a token and some other variables that you use in a hidden field of a form, which you then post to them. I am not going into the background of this form, it's stupid. We want to worry about this token that we post to PayPoint.

The function returns basically a URL with a query string tacked onto the end. So it would look something like this:

 
http://domain.com?MD=VALUE&TermUrl=VALUE&acs=VALUE&PaReq=THIS_IS_A_STRING_OF_CHARACTERS_WHICH_COULD_INCLUDE_AN_=_SIGN 

The fact that they return a URL is a problem in the first place. The PaReq value (which we need to post back to PayPoint) is a jumble of characters, and not necessarily just alphanumeric characters. So you can't use the parse_url() function available in PHP, since this helpfully encodes some characters for you, rendering the string useless to post back to PayPoint.

So, Matt and I together decided to manually break the string up using the following code:

 
$paypoint_response = threeDSecureEnrolmentRequest([crap load of 
parameters here]); 
 
// Get the query string from the end of the URL 
list($url, $query_string) = explode('?', $paypoint_response); 
$parts = explode('&', $query_string); 
 
// Some where to store the query string values 
$data = array(); 
 
// Loop over each bit and place keys and value into an array 
foreach($parts as $part) 
{ 
 // Explode at the equals sign, to get key and value 
 list($key, $value) = explode('=', $part) 
 $data[$key] = $value; 
} 

The code above all looked well and good. But occasionally the token would fail and PayPoint send a response back saying they didn't recognise the token (PaReq). This had baffled me for a while. It turns out that PayPoint sometimes put an equals sign at the end of the token, meaning the code above will remove this. Since I explode on "=". So, we had to come up with another way, and between us, Phil, Matt and myself, the code below was born, it was mostly Matt and Phil.

 
foreach ($parts as $p) 
{ 
 $temp = explode('=', $p); 
 $key = array_shift($temp); 
 $value = implode('=', $temp); 
 $data[$key] = $value; 
} 

Click here to download:

bthomehub.py (2 KB)

I came across a bit of code a year or so back that generated possible WEP keys for the version one of the HomeHub, I stole this, I can't remember the source, and integrated it into my own script. If you have a HomeHub in range, take the last 4 characters from the SSID, it'll be something like BTHomeHub-1D3F.

The script will generate the WEP keys, then loop through them to check each to see if they work, if I remember correctly, it takes about 30 to 40 minutes to run. If it finds a match, the script uses the say command to shout something at you. I did this because I was watching something on my computer at the time and wanted an audio feedback to say when it was complete.

This only works on Mac OS X, and if the HomeHub default WEP hasn't been changed. You could mod it to work on Linux I guess.

 
./bthomehub.py 1D3F 

November 2009 Mix by Phat Phlange

1. Late Nite Tuff Guy - Eurotac
2. Antonio Pocai - 1977
3. Saeed Younan - Backroom Honey
4. Michel Cleis - La Mezcla (Copyright Main Mix)
5. Brendon Moeller - The Boost
6. Hernan Cattaneo & Soundexile - Butterfly Effect
7. Marc Marzenit - Unexpiritualized
8. Shin Nishimura - Urban Survivor
9. Christian Smith - Indecent Exposure
10. DJ Madskillz - Surface
11. Butch - Pump Pump
12. Sandy Huner - Rare Tap (2000 and one cut)
13. Paolo Mojo - Interstella (Alex Fitzpatrick Remix)

Recently I have had to do some cross domain AJAX for the first time. To do this I had to use "JSONP", something that I had heard of, but not had to use before. I must have been living under a rock or something for the past couple of years.

JSONP or "JSON with padding" is a JSON extension wherein a prefix is specified as an input argument of the call itself. This padding prefix is typically the name of a callback function, but may also be a variable assignment, an if statement, or any other Javascript statement prefix.

Wikipedia

OK, admittidly that didn't mean too much to me when I first read it, I'm a little slow, and not really at the cutting edge of AJAX technologies anymore. From what I can work out, on the page that you make the call from, you have some AJAX that calls your server script. A PHP script for example. You pass that script the data you want to send as well as a callback function that you want to run, that is sitting on your client page. See below for example.

// I've written this in jQuery, because it's what I use and easy to follow
// AJAX request
$.getJSON('http://domain.com/jsonp.php?var=test&c=callback_function')


function callback_function(data){
alert(data.md5_string)
}
 

Right, that makes a call to jsonp.php (or whatever your script is), it passes through the variables that you want to pass, in this case "var". It specifies the callback, which is defined in the same place as the AJAX call is made, as shown.

This is an example of what jsonp.php could be

$var = $_GET['var'];
$data = json_encode('md5_string' => md5($var));
echo $_GET['c'].'('.$data.')';

This code will get injected into your initial page, by injecting it, it will run the callback function on that page when injected. In this case, when the AJAX is fired, it passes a variable to jsonp.php along with the callback function name, the jsonp.php returns the 'callback string' and the function is fire. In this case the callback function alerts the response, an MD5 string of the variable that we sent.

What I actually do

With jQuery, you don't have to specify a spefic callback function when you run the AJAX call. Instead of passing through function name, pass through a question mark which is a "?", just in case you didn't know what one is.

What this does is allows you to effectively use an anonymous function, which is specified in the AJAX call itself. So, for example

 $.getJSON('http://domain.com/jsonp.php?var=string&c=?', function(response){ 
 alert(response.md5_string) 
} 

Today I discovered that Apache helpfully includes a manual located at http://yourdomain.com/manual. I am sure it doesn't do this on everyones site, but I was using CPanel with a CentOS server, I think. I only noticed this when I had to run a web application I had made through a PCI test, provided by McAfee. It flagged up that directory listings were allowed (/manual/images), and therefore gave me a red mark (well orange actually, since it was only at severity level 3).

Anyway, I had to disable loads of stuff in my httpd.conf, located at "/etc/httpd/conf/httpd.conf". But comment out this line

AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/local/apache/manual$1"

That will stop the manual loading or any of its subdirectories.