wyDay blog

Moneybookers is quickly becoming a viable competitor to PayPal. And because of this our LimeLM customers have been asking for a completely automated payment form example similar to how our PayPal example works. That is, the customer enters the number of licenses they want, they click "Buy now", they enter their info on the PayPal page, then they click "Order", and a few seconds later the customer is magically sent their shiny new product key.

With PayPal this whole process is simple — just use the PayPal IPN (instant payment notification). That is, you specify an URL for PayPal to talk to once the order is complete. From there you can validate the order and take any action you like (e.g. sending product keys).

Moneybookers has a similar process except there are hardly any examples showing how to use it properly. And the example code that is on the web is riddled with very serious security vulnerabilities (SQL injections, failing to validate the order comes from Moneybookers, etc., etc.).

This article will show you how to use the Moneybookers equivalent to PayPal's IPN. That is, you'll be able to automatically generate product keys once a customer orders your software using Moneybookers. The code I post will be for both C# (ASP.NET) and PHP. If you would rather download a fully built payment form that lets you user switch between payment methods (credit card, bank transfer, PayPal, or Moneybookers), then you can signup for LimeLM and download the LimeLM Web API Pack. Here's a screenshot of what payment form example looks like:

Or, you can read on for the example that's not specific to LimeLM.

Step 1. Signup for a Moneybookers test account

The first thing you need to do is get a test "merchant" account from Moneybookers. Unfortunately Moneybookers still doesn't have a streamlined process for creating a test account, and their support staff is rather surly, so follow the instructions carefully:

1. Sign up for a Moneybookers "Business account". Do not use the same email you'll be using for your real account.
2. Sign up for a Moneybookers "Personal account". Use a different email than the "Business account". Do not use the same email you'll be using for your real account.
3. Contact Moneybookers and ask them to convert these 2 accounts to test accounts. It doesn't need to be a long email. Just something simple like:

   We need you to turn 2 accounts to test accounts:

   "Buyer account":
   Email: buyer-email@example.com
   Customer ID: 12456789

   "Merchant account":
   Email: merchant-email@example.com
   Customer ID: 98765421

Step 2. Create a "secret word"

In your new merchant account you'll need to create a "Secret Word" on the "Merchant tools" page:

Now that you've created your test Moneybookers accounts and set your secret word you're ready to add the payment form to your website.

Step 3 (option 1). Use our pre-built payment form

If you're using LimeLM you can use our pre-built payment form. Just configure a few settings, add the payment form to your site, and you're ready to go. See the "Automate license generation with Skrill (a.k.a. Moneybookers)" article.

Step 3 (option 2). Create your own payment form

If you don't want to use the pre-built payment example in the LimeLM API Pack, or you're not using C#, VB.NET, or PHP, then you can still automate your orders with Moneybookers. The first step is to add the Moneybookers payment form to your website:

<form action="https://www.moneybookers.com/app/payment.pl" method="post">
  <input type="hidden" name="pay_to_email" value="merchant-email@example.com"/>
  <input type="hidden" name="status_url" value="http://example.com/verify.cgi"/>
  <input type="hidden" name="language" value="EN"/>
  <input type="hidden" name="amount" value="Total amount (e.g. 39.60)"/>
  <input type="hidden" name="currency" value="Currency code (e.g. USD)"/>
  <input type="hidden" name="detail1_description" value="YourApp"/>
  <input type="hidden" name="detail1_text" value="License"/>
  <input type="submit" value="Pay!"/>
</form>

Change the "status_url" field to point to your script that will verify and generate the product keys and change the "pay_to_email" field to the test "merchant email" you created earlier. Then configure the price, currency code, and product name.

Optionally set your logo

You can customize the Moneybookers payment screen with your own logo. The logo must be hosted on a secure site — that is, the link must start with https:// not http://. Also, the logo must be at most 200px wide and 50px tall. If you have a logo that meets those requirements then add a "logo_url" field to your form. For example:

<input type="hidden" name="logo_url" value="https://example.com/logo.png"/>

This is an example showing what the wyDay logo looks like on the Moneybookers checkout page:

Step 4. Verify the Moneybookers order

After a customer has completed their order through Moneybookers, Moneybookers will contact the script you provided in the "status_url" argument (e.g. "http://example.com/verify.cgi"). Moneybookers will POST the order information to your script and it's up to you to verify that it's a valid order and not just some hacker trying to get free product key from you.

Luckily Moneybookers gives the prescribed method for verifying orders in their gateway integration manual. Quoting from their manual:

A hidden text field called md5sig is included in the form submitted to the Merchant's server. The value of this field is a 128 bit message digest, expressed as a string of thirty-two hexadecimal digits in UPPERCASE. The md5sig is constructed by performing an MD5 calculation on a string built up by concatenating the other fields returned to the status_url. Specifically the MD5 hash is a concatenation of the following fields:

• merchant_id
• transaction_id
• the uppercase MD5 value of the ASCII equivalent of the secret word submitted in the "Merchant Tools" section of the Merchant's online Moneybookers account.
• mb_amount
• mb_currency
• status

PHP example code

In PHP this looks like (taken from paychecker.php):

// Validate the Moneybookers signature
$concatFields = $_POST['merchant_id']
    .$_POST['transaction_id']
    .strtoupper(md5('Paste your secret word here'))
    .$_POST['mb_amount']
    .$_POST['mb_currency']
    .$_POST['status'];


$MBEmail = 'merchant-email@example.com';


// Ensure the signature is valid, the status code == 2,
// and that the money is going to you
if (strtoupper(md5($concatFields)) == $_POST['md5sig']
    && $_POST['status'] == 2
    && $_POST['pay_to_email'] == $MBEmail)
{
    // Valid transaction.


    //TODO: generate the product keys and
    //      send them to your customer.
}
else
{
    // Invalid transaction. Bail out
    exit;
}

C# (ASP.NET) example code

In C# (for ASP.NET) this involves a bit more work. First create a simple helper function that creates the uppercase MD5 hash of a string:

static string StringToMD5(string str)
{
    MD5CryptoServiceProvider cryptHandler = new MD5CryptoServiceProvider();
    byte[] ba = cryptHandler.ComputeHash(Encoding.UTF8.GetBytes(str));


    StringBuilder hex = new StringBuilder(ba.Length * 2);


    foreach (byte b in ba)
        hex.AppendFormat("{0:X2}", b);


    return hex.ToString();
}

Then, the validation code will look something like this:

// Validate the Moneybookers signature
string concatFields = Request.Form["merchant_id"]
    + Request.Form["transaction_id"]
    + StringToMD5("Paste your secret word here")
    + Request.Form["mb_amount"]
    + Request.Form["mb_currency"]
    + Request.Form["status"];


string MBEmail = "merchant-email@example.com";


// Ensure the signature is valid, the status code == 2,
// and that the money is going to you
if (Request.Form["md5sig"] == StringToMD5(concatFields)
    && Request.Form["status"] == "2"
    && Request.Form["pay_to_email"] == MBEmail)
{
    // Valid transaction.


    //TODO: generate the product keys and
    //      send them to your customer.
}
else
{
    // Invalid transaction. Bail out
    return;
}

Step 5. Further verification, generating product keys, etc.

There's one further step of verification I didn't talk about: making sure the customer paid the correct amount. That is, verifying the "mb_amount" field is correct. For instance you don't want to send a user a product key if they only pay 1 penny instead of the full amount. Also, you can further extend the payment form and the verification code to handle quantity. But this is a bit beyond the scope of the article. If you want to see that in action then download the example payment form included in the LimeLM Web API Pack.

Once you've verified the order you can use the limelm.pkey.generate web API function to generate product keys and email them to your customer.

Step 6. Test the payment form

Now that you have everything configured you're ready to test your Moneybookers payment. Run through the complete payment process to see everything works how you expect it to work.

Step 7. Create a real Moneybookers account, change the setting

After you've finished testing your payment process you're ready to sign up for a real Moneybookers "Business account" and change the "pay_to_email" field to the email you used to create this account.

Download full example code

We have a fully built payment page for PHP and ASP.NET (for C# and VB.NET) included in the LimeLM Web API Pack (get it on your API page). If you haven't already signed up for LimeLM then sign up now. All plans have a 30-day free trial. Or, if you're just putting your toes in the water, there's even a free plan that has no time limit and doesn't require a credit card.

One of the great things about Vista and Windows 7 is the user isolation. Even admin users need to elevate their account to make system changes. Take this Date and Time dialog from Windows 7 as an example:

Every user can view the Date and time, but only administrators can change it.

Adding this ability to your .NET application

Although this series of articles is called 7 days of Windows 7 this particular article is applicable to Windows 2000 Windows 7.

Step 1. Do we have permission?

The first step is to check if we can write to system registry or system files & folders. There are many ways to do this, but the easiest method is a simple Windows API call:

// check if user is an admin for Windows 2000 and above
[DllImport("shell32.dll", EntryPoint = "#680", CharSet = CharSet.Unicode)]
public static extern bool IsUserAnAdmin();

This will return false if youre a limited user on Windows 2000 Windows 7, and will also return false if you are an admin but arent elevated on Windows Vista and Windows 7.

In other words, it will return false if you dont have permission to access system files & registry. And ' IsUserAnAdmin returns true if you do have permission.

Step 2. Notifying the user that elevation will happen: UAC Shield Icon

To set the shield icon to one of your buttons you have to do a few things. First, set the FlatStyle of your button to System:

Next, you need to define a couple of functions:

public static bool AtLeastVista()
{
    return (Environment.OSVersion.Platform == PlatformID.Win32NT && Environment.OSVersion.Version.Major >= 6);
}


[DllImport("user32.dll", CharSet = CharSet.Unicode)]
public static extern IntPtr SendMessage(HandleRef hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam);


public static void SetButtonShield(Button btn, bool showShield)
{
    //Note: make sure the button FlatStyle = FlatStyle.System
    // BCM_SETSHIELD = 0x0000160C
    SendMessage(new HandleRef(btn, btn.Handle), 0x160C, IntPtr.Zero, showShield ? new IntPtr(1) : IntPtr.Zero);
}

Now, simply use this snippet in your code:

// UAC Shield on next button for Windows Vista+
if (AtLeastVista())
    SetButtonShield(btnName, true);

Step 3. Re-launching process with administrator privileges

All we have to do now is show the elevation dialog and elevate the current program. You might want to specify some arguments, but the barebones of it is as follows:

ProcessStartInfo psi = new ProcessStartInfo
                           {
                               Arguments = "-justelevated",
                               ErrorDialog = true,


                               // Handle is the handle for your form
                               ErrorDialogParentHandle = Handle,
                               FileName = Application.ExecutablePath,
                               Verb = "runas"
                           };
try
{
    Process.Start(psi);
    Close();
}
catch (Exception ex)
{
    // the process couldn't be started. This happens for 1 of 3 reasons:


    // 1. The user cancelled the UAC box
    // 2. The limited user tried to elevate to an Admin that has a blank password
    // 3. The limited user tries to elevate as a Guest account
    MessageBox.Show(ex.Message);
}

Step 4. Code signing

Chances are that if you try to elevate your application youll get an ugly yellow elevation box:

To get the nice UAC box youll need to code sign your application. I wont link to any code signing providers (because the list is huge), but you can get a code signing certificate from anywhere between $100 for 3 years to $400 or $500 for a single year. It depends on the company you use and the amount of searching you want to do.

7 Days of Windows 7

Join me tomorrow when I talk about Every possible Windows Vista and Windows 7 .NET Control You could ever want. See the full list of articles in the series.

You're dying to know what the AIC is, aren't you? No, it's not a test to see if you qualify for insurance with a talking wallaby. Rather, you'll be glad to hear that I've coined a new computer acronym which you can add to your arsenal of entirely forgettable "stupid geek talk."

AIC Test: Anger Induced Clickscapade Test

The AIC test (pronounced "ache test"), briefly, is a confirmation that your program works at 3a.m. Specifically it's a guard that you, the programmer, put in place for your customers' all-nighters. He'll be running Firefox with over 30 tabs open, Photoshop with nearly a gig's worth of images in memory, and several other CPU & memory intensive programs, plus your own program.

He's 20 minutes away from finishing after nearly 20 hours of caffeine fueled work. He clicks a link in Firefox and the browser freezes. Realizing a bad situation in the making, he flips back to Photoshop to save his work. "Application Not Responding," Windows gleefully reports. He switches from program to program, leaving a trail of unresponsive programs.

By the time he flips to your program, his Tea is in a puddle on his desk and he's used phrases that would make a longshoreman blush. Now begins the anger induced clickscapade. Clicking furiously, and largely at random, he's going to try to save his work, export and upload his data, and print a copy of his work all while your program blinks between responsive and unresponsive states. Your program has to process each click and keystroke perfectly. This means no flaky behavior.

How to run the test

From that series of events alone, the AIC test sounds suspiciously arbitrary. If you've taken even a beginners computer course you'll already know that nothing in the computer is arbitrary or unpredictable. To illustrate my point I'll describe the steps I took to fix an already usable SplitButton control to an AIC passable SplitButton control.

A little background

SplitButtons are everywhere from Firefox to Photoshop to many Microsoft products. Here's a SplitButton in Firefox:

As the name SplitButton implies, the functionality of the back button in Firefox is divided. Click the near the green arrow and the browser goes back a page; click the downward pointing black arrow (the drop-down region) and a list of recently visited sites appears.

These types of buttons are seen so often in Windows programs, you'd think Microsoft would have built the functionality into the Windows API prior to adding it to Windows Vista. Not so. After googling for a few hours I found three options:

1. A bloated commercial component suite. Only $280; who could refuse?
2. A buggy, but open source SplitButton designed by some anonymous guy. Pass.
3. A functioning, open source, SplitButton control written by a Microsoft programmer. Sounds perfect.

The tests, the subtleties

The SplitButton I opted to use was by the Microsoft programmer, Jessica. After an hour of use I noticed a few sticky parts in her nearly perfect implementation. First of all, the drop-down region of the SplitButton didn't fill the full height of the button:

If the user clicks the right hand side of Jessica's button the user will expect a menu to pop-up. However, the highlight shows that if the user clicks either the top or bottom five pixels they will have triggered the normal button click-event. At 3a.m. this subtlety is death. It's an easy fix, so why not fix it?

Then there's the matter of right clicking. In Firefox's SplitButtons a right click shows the menu directly under the button — acting identical to clicking the drop-down region. Jessica's implementation, along with SplitButtons in Windows toolbars, shows the menu wherever the right click happened. I prefer displaying the menu directly under the button so it doesn't obscure the button's text:

And lastly, Jessica forgot to implement the disabled state for the SplitButton. It's another easy fix, and is essential if you disable buttons:

Why do I care? Why should you?

All of these "major" fixes took less than an hour to implement and test, and they reduced my own frustration with the button. I use the SplitButton in the InstantUpdate Designer so the user can select options when uploading their newly created update files:

If I were to use an unaltered version Jessica's SplitButton, then a user could easily start large uploads when he only wanted to change an upload option. Quirks like these make months of hard work seem wasted. And, it's only through anger induced clickscapades do these problems show themselves.

Update October 13, 2008: You can view all the latest changes at the SplitButton changelog page.

Download the fixed SplitButton. Open source, and confirmed working with .NET 2.0 and above (C#, VB.NET, etc.).

Comment on the SplitButton