Guest Posted February 17, 2003 Share Posted February 17, 2003 I have fixed the payflow pro contribution to not require that the php payflow modules be compiled into php...this would only effect you if you were getting the "php_init() not declared" error. I felt the need to do this because many of us use shared servers that the administrators will not readily start re-compiling software just to accomodate a single customer. At anyrate, all this required was including a file that contains the missing functions. The downside is, I have no idea how to add this contribution so that others can use it. If anyone has some advise on where this needs to be sent so that it may be contributed or how one goes about contributing please let me know. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 17, 2003 Share Posted February 17, 2003 Hey just found how to post the contributions. I will be posting this one this evening. :) Quote Link to comment Share on other sites More sharing options...
herve76 Posted February 17, 2003 Share Posted February 17, 2003 Dear Magnus579, I am very interested in your contribution. I would greatly appreciate if you could send me the files at [email protected], or please let me know where can I download them. Thank you, Herve Quote Link to comment Share on other sites More sharing options...
guanche Posted February 18, 2003 Share Posted February 18, 2003 Hey just found how to post the contributions. I will be posting this one this evening. :) Has it been posted to contributions? Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 21, 2003 Share Posted February 21, 2003 Hello. I couldn't find your payflow pro fix contribution. I'm using IIs5 on win2000 server and I don't know how to recompile php with payflow pro option. Can you please send me the fix to my email? My email address is [email protected] Thank you. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 21, 2003 Share Posted February 21, 2003 Sorry about the late posting. I've decided to softcode a few more things before posting this so that it will be easy for anyone to setup and more in line with oscommerce standards....additionally I am looking to make sure it works well with Milestone 1 as I haven't installed that (still on January 2003 snapshot). I will drop a message in this topic when I've added it. Sorry for the delay, just would rather not have to answer even more questions once I get this released. I'm looking to have this done on Saturday so here Saturday night. Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 21, 2003 Share Posted February 21, 2003 Can you please send me the one you have now, with instruction if possible? I'm desperate. I have to make my website working by monday. Please send me the one you already made. I'm using iis5 on win2k server. I don't know how to recompile php in win2k. I really need the FIX you made. I really need it. I'll not say any bad thing about it even if it doesn't work. I'm willing to take the risk that it might not work on mine. Please send me the file. My email address [email protected] Thank you. Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 21, 2003 Share Posted February 21, 2003 Can you please send me the one you have now, with instruction if possible? I'm desperate. I have to make my website working by monday. Please send me the one you already made. I'm using iis5 on win2k server. I don't know how to recompile php in win2k. I really need the FIX you made. I really need it. I'll not say any bad thing about it even if it doesn't work. I'm willing to take the risk that it might not work on mine. Please send me the file. My email address [email protected] Thank you. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 21, 2003 Share Posted February 21, 2003 I do apologize for posting the original message without having a releasable version as it seems I've got a few people riled up. I will not e-mail this to anyone until it is ready to be released as I know what happens when people start e-mailing dev code out. It soon gets posted or cleaned up in a way that the original developer did not intend. So like I said, I am going to deliver this until Saturday night. If you are setting up a website now, set everything up but the payment processing and wait till then. Again, I am sorry the original message was posted without a solid release. It would take me longer to document and release a version that has to me manually modified then releasing code that is all soft coded and clean. So please just wait. I'm not going to answer any more messages asking for it early. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 http://www.oscommerce.com/community/contributions,1019 I am not able to test on an NT environment so I cannot fix your problems if you encounter them. Make sure to setup the Paths and the Executable information in the payflowpro admin. Good Luck! Quote Link to comment Share on other sites More sharing options...
jazz Posted February 23, 2003 Share Posted February 23, 2003 Nice contribution :thumbsup:! Gives payflow pro users a little extra flexibility. I find this useful for individuals on shared boxes who cannot readily recompile php for payflow support. However, I don't quite understand that statement, because isn't it necessary to have root access/abilities to install the payflow SDK? Quote Link to comment Share on other sites More sharing options...
guanche Posted February 23, 2003 Share Posted February 23, 2003 Marshall, Thank you for the nice contribution, I am however getting an error: Fatal error: Cannot redeclare pfpro_init() in /home/universa/public_html/shop/includes/functions/php_pfpro.php on line 61 This is even before I can get to the payment module admin, I am on a shared server running Red Hat Linux, any suggestions? Joe Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 What version of oscommmerce are you using? You may want to try and change in include in the payflowpro.php (the one in includes/modules/payment) to include_once. The latest Milestone contribution is only including once for me but I had this problem in previous snapshots. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 Jazz, As to the question "However, I don't quite understand that statement, because isn't it necessary to have root access/abilities to install the payflow SDK?" It's not about installing the SDK, it's about compiling the required functions into php which is needed even with the SDK (i.e. you still need the SDK for this to work). These functions still have to be written and used to even use the SDK's connectivity. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 This is a reply to byunkook's private message as I believe it could help many people. Here is his message: "I installed the fix you posted. I used test CC number to test transaction, I never reached 'finished' step. What happened is that when I click on 'Confirm order' button, It generates credit card error and go back to payment information step. I'm wondering if this is normal or not. I used master, visa, amex test cc number and all generated cc error. the verisign account is in test mode. all the setting for payflow pro is right. " I recieved this message many times durring development and it is completly do to not being able to connect to verisign. 1. I would suggest checking all the paths in the admin tool. Ensure that the payflow pro executable in the admintool is the actual exectuable path AND name (Example: /home/verisign/bin/pfpro for unix and c:verisignpayflowpropfpro.exe or something for Windows NT -- I am not sure of this as you may want to try forward slashes for NT...this was not developed in that environment and may need some tweaking). 2. Ensure that your SDK installation is working properly by running the Test scripts. This still requires the SDK installation having been done properly...all the FIX provides is the additional functions that were omitted in the previous release since php now supports an add-on for them. That should be it, if you get as far as byunkook, I can tell you that the installation of the module is complete...you must go back and insure connectivity with Verisign. Quote Link to comment Share on other sites More sharing options...
jazz Posted February 23, 2003 Share Posted February 23, 2003 Hi marshall, I understand that the Payflow SDK is needed in all situations however the pfpro() functions are not neccessary, although they are very convenient. Hence your contribution :D My question was: If somebody had the inability to recompile PHP because they are on a shared server (i.e. don't have root access) how would they be able to install the SDK in the first place? You still need root access to install the SDK. I was reading some of the user comments in the function manual and some mentioned some security concerns: 28-Aug-2001 09:28 Please also be aware that forking will allow any person with the access to the ps command to potentially see ALL account information: user, password, partner, credit card number, etc. The preferred way to use the module is through the now-fixed extension. Is that still an issue Today? Thanks for your work on this contribution :thumbsup: Quote Link to comment Share on other sites More sharing options...
guanche Posted February 23, 2003 Share Posted February 23, 2003 What version of oscommmerce are you using? You may want to try and change in include in the payflowpro.php (the one in includes/modules/payment) to include_once. The latest Milestone contribution is only including once for me but I had this problem in previous snapshots. I am using OSC2.2 MS1, still getting the same error even if I try the include_once Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 Jazz, Yes, this is correct, however if the server was administered properly, outside user groups will not have access to view your processes. Anything passed to the command line will show this and I know of no other way to bypass it short of storing username and passwords in the exectuables but then you still run into the fact that if the file is readable, the passwords can be access that way. So, this is just the nature of using payflowpro in this manner. Realize though that you would have to be using the "ps" command (given that you had full rights to view all processes) at the exact moment of a tranaction...the payflow process is fairly quick and will not run for much time (max is 45 seconds given that you specified a 45 second timeout). Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 quanche, Do you have payflopro compiled into php? I'm thinking this maybe causing the double declaration. Or is phpinit() specified anywhere else possibly? I guess I'm wondering if you have ever had payflowpro running on your install and how because they maybe conflicting? If you have a means for me to access your admin and take a peak (using the built in file viewer) let me PM me and I would gladly be interested in taking a look. Quote Link to comment Share on other sites More sharing options...
jazz Posted February 23, 2003 Share Posted February 23, 2003 Yes, this is correct, however if the server was administered properly, outside user groups will not have access to view your processes. So basicially in any type of shared hosting environment this would leave the possibility of a hacker gaining access to CC information. :( So, this is just the nature of using payflowpro in this manner. Is the security improved with the built-in pfpro functions used with PHP? Or is the level of security about the same? I apologize, Marshall, if these questions seem trivial, but when dealing with credit card data I can't think of anything worse than somebody gaining access to that information. Especially since many people are still wary of using credit card transactions online. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 Jazz, Negative, even the native php functions still must call the command line utility. Though you are incorrect in stating that "any shared environment" is capable of being compromized. The server environments that I run and have access to, do not permit command line logins so this is not an issue (to the shared user comunity). A true security buff would not permit command line logins as there are MANY ways to gain access to mysql etc....which is where osCommerce stores credit cards. This is much more of a security factor than calling a command line utility to transmit credit card data. At any rate, I did not code this contribution to "open" security holes. I realize that you may feel that this is less secure than what others use but any shopping cart system is merely as secure as the server it resides on...not the cart itself. The fact that credit card data is held in the database is far more insecure than this method of individual card trasmission. So, I'm done with the security debate. If you feel this isn't for you for any reason whatsoever, don't use it. That is the benifit of the opensource community. Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 23, 2003 Share Posted February 23, 2003 Thank you thank you very much. I didn't include the executable filename in the payflow executable. Once I put it in it worked. Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 23, 2003 Share Posted February 23, 2003 I have no idea what's the difference between pfpro.exe and pfpro_file.exe. Does anybody know what is the difference? Thank you. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2003 Share Posted February 23, 2003 I believe pfpro_file is for xml output....(you can output the data to a file then transmit). I was worried that some people would have the same problem as you (with the executable name). I am glad it got addressed so that maybe others can see that. Let me know how it works out for you in the future. Quote Link to comment Share on other sites More sharing options...
byunkook Posted February 23, 2003 Share Posted February 23, 2003 I have error when I use d:verisignpayflowprowin32binpfpro.exe. error: Credit Card Error! User authentication failed. When I use pfpro_file.exe instead of pfpro.exe, I can finish successfully. Does anybody know if this is the way suppose to be? How the transaction works exactly from oscommerce to verisign. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.