Jump to content



Photo
- - - - -

v2.3.1 - Sessions - Customers without payment issue.


This topic has been archived. This means that you cannot reply to this topic.
9 replies to this topic

#1   AnthonyAU

AnthonyAU
  • Members
  • 12 posts

Posted 26 June 2012 - 08:35

Hello everyone

if customers in ‘Order Confirmation user interface’ copy and paste or hand typing to modify the URL from “mystore.com/checkout_confirmation.php” to “mystore.com/checkout_process.php” this can be successfully place order without payment.

This is our store admin user interface “Sessions” current setting

Host server: Linux
------------------------------------------------------------------------------------------------------------
Session Directory /home/mystore/public_html/includes/work/

Force Cookie Use False (Try in ‘Trun’ status still have issue)

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True
------------------------------------------------------------------------------------------------------------
I using FireFox 13.0.1 to test this issue

Is this a session issue? Any setting I miss it?

Anyone know what happen and how to fix it?

#2   14steve14

14steve14
  • Members
  • 3,521 posts

Posted 26 June 2012 - 10:17

What version of oscommerce are you using.
REMEMBER BACKUP, BACKUP AND BACKUP

Don't take life too seriously. no one gets out alive anyway

#3   AnthonyAU

AnthonyAU
  • Members
  • 12 posts

Posted 26 June 2012 - 23:43

Hi Steve

i check in 'Admin user interface' is showing

--------------------------------------------------------------------------------------

Version Checker

Installed Version: osCommerce Online Merchant v2.3.1

You are running the latest version of osCommerce Online Merchant.

----------------------------------------------------------------------------------------

#4   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 26 June 2012 - 23:55

@AnthonyAU


I believe the checkout order is:

shopping_cart.php
checkout_shipping.php
checkout_payment.php
- this leads to the online payment processor and then returns the customer to the checkout_process.php (hidden file)
checkout_confirmation.php


checkout_process.php IS NEVER called up. It is a file used to track the process only.


I tested this on my v2.3.1 store and could not alter the checkout process. I received this error when trying to replicate your issue:

https://www.xxxxxx.com/shopping_cart.php?error_message=Express%20Checkout%20token%20is%20missing.

"Checkout Token is Missing"


Any further information you can share ?


Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#5   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,560 posts

Posted 27 June 2012 - 06:12

@AnthonyAU

what payment module did you use to do this?

#6   AnthonyAU

AnthonyAU
  • Members
  • 12 posts

Posted 27 June 2012 - 09:31

Hi Chris and George


---------------------------------------------------------------------------------------------
For the Payment module:

Our store only to use - 'PayPal Website Payments Standard' (Version 1.0)

--------------------------------------------------------------------------------------------
Add-On:

- QTpro4.6.1

- Easy Meta Tags 1.8

-------------------------------------------------------------------------------------------

Attached - Order_without_payment.JPG
Attached File  Order_without_payment.JPG   96.72KB   25 downloads

#7   AnthonyAU

AnthonyAU
  • Members
  • 12 posts

Posted 13 July 2012 - 07:56

Hi everyone

Any new suggestion for this issue?

Am i setting worng? or i shounldn't setting like that?

#8   frankjohnson8

frankjohnson8
  • Members
  • 1 posts

Posted 13 July 2012 - 09:26

What version of oscommerce are you using.

Edited by frankjohnson8, 13 July 2012 - 09:34.


#9   AnthonyAU

AnthonyAU
  • Members
  • 12 posts

Posted 16 July 2012 - 00:33

Hi Frank

i Installed Version 2.3.1

#10   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 16 July 2012 - 00:43

@AnthonyAU

Refer to the Closing PayPal Exploit thread



Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)