Mary-at-Milton Posted January 7, 2004 Share Posted January 7, 2004 I have a problem with the shopping cart not being cleared on checkout when using payment methods like 'Paypal IPN' and 'Nochex'. (I tested it on Paypal by paying ?1.00 for an item and got a IPN back from Paypal and it still didn't clear). It does however clear when using 'cheque/money order'. The Admin > Orders is showing up the order after the checkout process for 'Paypal' and 'Check/Money Order' BUT NOT FOR 'Nochex'. The Gift Voucher Queue does not show the gv when paying by 'Paypal' and Nochex, only for Check/MO What could be the problem? Something has changed in the one of the checkout files because it was working before. I have posted this under the Contributions support as well, as I had installed the Credit Class/Gift Vouchers/Discount Coupons Ver 5.10 & 5.10b but perhaps someone has come across this problem before and could help. Thanks. . Mary-Ann Chief Cook and Bottlewasher Jack-of-All-Trades Running 2.2MS2 Link to comment Share on other sites More sharing options...
devosc Posted January 7, 2004 Share Posted January 7, 2004 Hi there, I haven't had experience with some of the modules you have installed, but I would warn you about PayPalIPN_v0.981, what I noticed is that it uses the GET method to pass the customer's transaction details to PayPal, so when you click the confirmation button when checking out via osC and then you taken to PayPal's site, you will see in the url something like this: https://www.paypal.com/cgi-bin/webscr/itemprice=50.00 This gives the customer the chance to change the price to whatever they like, for example 0.01 and when they finish paying the 0.01 thro PayPal even if they dont' click PayPal's last continue button, PayPal will send your confirmation that the payment has been made, and that contribution's script does not check the price, it will automatically update the database and if the full payment has been made, you then have to exercise more caution in verifying the amounts payed via PayPal are the amounts you are actually asking for, especially as according the your shops database the customer will have seemed to of made the full payment. I noticed this unacceptable design error, and have implemented a method that follows the principal behind the original osC method of posting this information to PayPal. http://www.oscommerce.com/community/contributions,1753 This script will not only verify that the independent ipn sent from paypal to your site is valid (i.e from paypal) but it will also, for example, check that the transaction was in the right currency and that the gross totals are the same (more checks can be done if neccessary). When the customer they themselves return to your site they will have an ipn with them. At present my contribution will still allow them to finish the checking out process as usual but it will also notify you by email if the customer's transaction could not be verified by PayPal at the time of their return. You will receive the customer's id , first and last name. This is to help prevent an insecurity in osC since prior to IPN it had no way of knowing whether the transaction was tainted whilst the customer temporarily left your site. As said, my contribution will send you an email if not verified (at present it does not do a full check like the independent one received from paypal, because.....), I left it as it is in case of the rare chance that there was a communications problem with PayPal, but with some extra scripting, mainly what to tell the customer if a problem was found, this flaw can be sealed. Unfortunately if you now want to remove IPN_v0.981 you will have to replace the files it infected, mine only made a single line addition to checkout_process.php (on the catalog side). But you may have other contributions merged into those files by now. "Any fool can know. The point is to understand." -- Albert Einstein Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.