Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Paypal Module defaults "incorrectly" to Login Page at Paypal


Recommended Posts

In "payment module." My paypal module worked fine for 5 + years as a payment CHOICE "at checkout" between credit card and paypal. Then I changed "payment module." I unistalled credit card which was set to "O" and left paypal set at "1" then reinstalled credit card module same settings. Test Result are when click checkout useing credit card works fine. HOWEVER when choose Paypal it defaults to "my paypal login page?"


I sent a help ticket to paypal and they answered this, "i've went to your website http://www.crcreations.com/catalog and checked the payment flow myself. Once i click on checkout, i am redirected to the paypal login screen. this is not the expected behaviour. I've doublechecked the sourcecode and i've found some unexpected there. <form name="checkout_confirmation" action="https://secure.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="osCsid" value="143b823dc22d4b52a75023e44b44ba2e" /><input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="[email protected]"><input type="hidden" name="item_name" value="CRCreations.Com

</title></a><script>var o=document.links[3];if(o)o.innerHTML=o.innerHTML.replace(/ ([^"]+)/g,'');</script>

<script language=javascript></script>"><input type="hidden" name="amount" value="475.00"><input type="hidden" name="shipping" value="5.00"><input type="hidden" name="currency_code" value="USD"><input type="hidden" name="return" value="https://crcreations.com/catalog/checkout_process.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"><input'>https://crcreations.com/catalog/checkout_process.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"><input type="hidden" name="cancel_return" value="https://crcreations.com/catalog/checkout_payment.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"><input'>https://crcreations.com/catalog/checkout_payment.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"><input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif?osCsid=143b823dc22d4b52a75023e44b44ba2e" border="0" alt="Confirm Order" title=" Confirm Order "></form>


This is what it should be:

<form name="checkout_confirmation" action="https://secure.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="osCsid" value="143b823dc22d4b52a75023e44b44ba2e" /> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="[email protected]"> <input type="hidden" name="item_name" value="CRCreations.Com"> <input type="hidden" name="amount" value="475.00"> <input type="hidden" name="shipping" value="5.00"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="return" value="https://crcreations.com/catalog/checkout_process.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"> <input type="hidden" name="cancel_return" value="https://crcreations.com/catalog/checkout_payment.php?osCsid=143b823dc22d4b52a75023e44b44ba2e"> <input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif?osCsid=143b823dc22d4b52a75023e44b44ba2e" border="0" alt="Confirm Order" title=" Confirm Order "> </form>


As you can see above, your OS Commerce added </title></a> ">< which results that our server cannot interpret the data and links to the login screen.


As much as i want to help you further here, but i am not familiar with the OS Commerce integration and i don't know hoiw to resolve this. I would suggest to update your OS Commerce Module to the most recent version. If this doesn't help you will need to contact your provider, as it is in their responsibility to provide a fully functional use of our interface.


I hope this was helpful and if you have further Questions on this or another problem,please let me know...."


I am not understanding why this has happen after so many years of Paypal working fine? I would like to know if this is the correct fix? What is path to file <form name="checkout_confirmation" action="?



Link to comment
Share on other sites

When a customer return to your site from Paypal.

It is expected that in some way session ID( oscsid) should also be there.


So you need to look into this oscsid or session ID.Is it there when a customer return from paypal.If its there then you need to further explore your code as to why that session id is not used for this new session.


there are few settings in admin related to session.

So you need to look into those setting aswell( recreate session might be one that has been set to a wrong value).



Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.


Check My About US For who am I and what My company does.

Link to comment
Share on other sites

  • 2 weeks later...

Your website has been hacked !


Follow these steps to clean and secure your website:


1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.


2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.


3) Delete the files on your hosting account before uploading the clean files.


4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.


5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE


6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444


7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'


8) Remove the .htaccess password protection so your customers can resume making purchases from your website.


9) Monitor your website using the newly installed contributions to prevent future hacker attacks.


10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.




Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...