Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Payflow Pro Contribution FIX


Guest

Recommended Posts

I have fixed the payflow pro contribution to not require that the php payflow modules be compiled into php...this would only effect you if you were getting the "php_init() not declared" error. I felt the need to do this because many of us use shared servers that the administrators will not readily start re-compiling software just to accomodate a single customer. At anyrate, all this required was including a file that contains the missing functions. The downside is, I have no idea how to add this contribution so that others can use it. If anyone has some advise on where this needs to be sent so that it may be contributed or how one goes about contributing please let me know.

Link to comment
Share on other sites

Sorry about the late posting. I've decided to softcode a few more things before posting this so that it will be easy for anyone to setup and more in line with oscommerce standards....additionally I am looking to make sure it works well with Milestone 1 as I haven't installed that (still on January 2003 snapshot). I will drop a message in this topic when I've added it. Sorry for the delay, just would rather not have to answer even more questions once I get this released. I'm looking to have this done on Saturday so here Saturday night.

Link to comment
Share on other sites

Can you please send me the one you have now, with instruction if possible?

 

I'm desperate.

 

I have to make my website working by monday.

 

Please send me the one you already made.

 

I'm using iis5 on win2k server.

 

I don't know how to recompile php in win2k.

 

I really need the FIX you made.

 

I really need it. I'll not say any bad thing about it even if it doesn't work. I'm willing to take the risk that it might not work on mine.

 

 

 

Please send me the file. My email address [email protected]

 

 

Thank you.

Link to comment
Share on other sites

Can you please send me the one you have now, with instruction if possible?

 

I'm desperate.

 

I have to make my website working by monday.

 

Please send me the one you already made.

 

I'm using iis5 on win2k server.

 

I don't know how to recompile php in win2k.

 

I really need the FIX you made.

 

I really need it. I'll not say any bad thing about it even if it doesn't work. I'm willing to take the risk that it might not work on mine.

 

 

 

Please send me the file. My email address [email protected]

 

 

Thank you.

Link to comment
Share on other sites

I do apologize for posting the original message without having a releasable version as it seems I've got a few people riled up. I will not e-mail this to anyone until it is ready to be released as I know what happens when people start e-mailing dev code out. It soon gets posted or cleaned up in a way that the original developer did not intend. So like I said, I am going to deliver this until Saturday night. If you are setting up a website now, set everything up but the payment processing and wait till then. Again, I am sorry the original message was posted without a solid release. It would take me longer to document and release a version that has to me manually modified then releasing code that is all soft coded and clean. So please just wait. I'm not going to answer any more messages asking for it early.

Link to comment
Share on other sites

Nice contribution :thumbsup:!

 

Gives payflow pro users a little extra flexibility.

 

I find this useful for individuals on shared boxes who cannot readily recompile php for payflow support.

 

However, I don't quite understand that statement, because isn't it necessary to have root access/abilities to install the payflow SDK?

Link to comment
Share on other sites

Marshall,

 

Thank you for the nice contribution, I am however getting an error:

 

Fatal error: Cannot redeclare pfpro_init() in /home/universa/public_html/shop/includes/functions/php_pfpro.php on line 61

 

This is even before I can get to the payment module admin, I am on a shared server running Red Hat Linux, any suggestions?

 

Joe

Link to comment
Share on other sites

What version of oscommmerce are you using? You may want to try and change in include in the payflowpro.php (the one in includes/modules/payment) to include_once. The latest Milestone contribution is only including once for me but I had this problem in previous snapshots.

Link to comment
Share on other sites

Jazz,

As to the question "However, I don't quite understand that statement, because isn't it necessary to have root access/abilities to install the payflow SDK?" It's not about installing the SDK, it's about compiling the required functions into php which is needed even with the SDK (i.e. you still need the SDK for this to work). These functions still have to be written and used to even use the SDK's connectivity.

Link to comment
Share on other sites

This is a reply to byunkook's private message as I believe it could help many people. Here is his message:

 

"I installed the fix you posted.  

 

I used test CC number to test transaction, I never reached 'finished' step.  

 

What happened is that when I click on 'Confirm order' button, It generates credit card error and go back to payment information step.  

 

I'm wondering if this is normal or not.  

 

I used master, visa, amex test cc number and all generated cc error.  

 

the verisign account is in test mode. all the setting for payflow pro is right. "

 

I recieved this message many times durring development and it is completly do to not being able to connect to verisign.

 

1. I would suggest checking all the paths in the admin tool. Ensure that the payflow pro executable in the admintool is the actual exectuable path AND name (Example: /home/verisign/bin/pfpro for unix and c:verisignpayflowpropfpro.exe or something for Windows NT -- I am not sure of this as you may want to try forward slashes for NT...this was not developed in that environment and may need some tweaking).

 

2. Ensure that your SDK installation is working properly by running the Test scripts. This still requires the SDK installation having been done properly...all the FIX provides is the additional functions that were omitted in the previous release since php now supports an add-on for them.

 

That should be it, if you get as far as byunkook, I can tell you that the installation of the module is complete...you must go back and insure connectivity with Verisign.

Link to comment
Share on other sites

Hi marshall,

 

I understand that the Payflow SDK is needed in all situations however the pfpro() functions are not neccessary, although they are very convenient. Hence your contribution :D

 

My question was:

 

If somebody had the inability to recompile PHP because they are on a shared server (i.e. don't have root access) how would they be able to install the SDK in the first place? You still need root access to install the SDK.

 

I was reading some of the user comments in the function manual and some mentioned some security concerns:

 

28-Aug-2001 09:28  

 

Please also be aware that forking will allow any person with the access to the ps command to potentially see ALL account information: user, password, partner, credit card number, etc.  

 

The preferred way to use the module is through the now-fixed extension.  

 

Is that still an issue Today?

 

Thanks for your work on this contribution :thumbsup:

Link to comment
Share on other sites

What version of oscommmerce are you using?  You may want to try and change in include in the payflowpro.php (the one in includes/modules/payment) to include_once.  The latest Milestone contribution is only including once for me but I had this problem in previous snapshots.

 

I am using OSC2.2 MS1, still getting the same error even if I try the include_once

Link to comment
Share on other sites

Jazz,

Yes, this is correct, however if the server was administered properly, outside user groups will not have access to view your processes. Anything passed to the command line will show this and I know of no other way to bypass it short of storing username and passwords in the exectuables but then you still run into the fact that if the file is readable, the passwords can be access that way. So, this is just the nature of using payflowpro in this manner.

Realize though that you would have to be using the "ps" command (given that you had full rights to view all processes) at the exact moment of a tranaction...the payflow process is fairly quick and will not run for much time (max is 45 seconds given that you specified a 45 second timeout).

Link to comment
Share on other sites

quanche,

Do you have payflopro compiled into php? I'm thinking this maybe causing the double declaration. Or is phpinit() specified anywhere else possibly? I guess I'm wondering if you have ever had payflowpro running on your install and how because they maybe conflicting? If you have a means for me to access your admin and take a peak (using the built in file viewer) let me PM me and I would gladly be interested in taking a look.

Link to comment
Share on other sites

Yes, this is correct, however if the server was administered properly, outside user groups will not have access to view your processes.

 

So basicially in any type of shared hosting environment this would leave the possibility of a hacker gaining access to CC information. :(

 

So, this is just the nature of using payflowpro in this manner.  

 

Is the security improved with the built-in pfpro functions used with PHP? Or is the level of security about the same?

 

I apologize, Marshall, if these questions seem trivial, but when dealing with credit card data I can't think of anything worse than somebody gaining access to that information. Especially since many people are still wary of using credit card transactions online.

Link to comment
Share on other sites

Jazz,

 

Negative, even the native php functions still must call the command line utility. Though you are incorrect in stating that "any shared environment" is capable of being compromized. The server environments that I run and have access to, do not permit command line logins so this is not an issue (to the shared user comunity). A true security buff would not permit command line logins as there are MANY ways to gain access to mysql etc....which is where osCommerce stores credit cards. This is much more of a security factor than calling a command line utility to transmit credit card data.

 

At any rate, I did not code this contribution to "open" security holes. I realize that you may feel that this is less secure than what others use but any shopping cart system is merely as secure as the server it resides on...not the cart itself. The fact that credit card data is held in the database is far more insecure than this method of individual card trasmission.

 

So, I'm done with the security debate. If you feel this isn't for you for any reason whatsoever, don't use it. That is the benifit of the opensource community.

Link to comment
Share on other sites

I believe pfpro_file is for xml output....(you can output the data to a file then transmit). I was worried that some people would have the same problem as you (with the executable name). I am glad it got addressed so that maybe others can see that. Let me know how it works out for you in the future.

Link to comment
Share on other sites

I have error when I use d:verisignpayflowprowin32binpfpro.exe.

 

error: Credit Card Error! User authentication failed.

 

When I use pfpro_file.exe instead of pfpro.exe, I can finish successfully.

 

Does anybody know if this is the way suppose to be?

 

How the transaction works exactly from oscommerce to verisign.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...