Crazypilot

Hi All,

I am having the same problem that many other are complaining about.
When discount is set as a percentage, like 10%, then the NET price is discounted by 10% = all correct.

Sample: original price 100€ will be discounted with 10% and show as subtotal 90€.

But, when the TAX /VAT is added to the NET price, then the TAX/VAT is calculated on the price BEFORE the discount.
It should off course be based and calculated on the price AFTER discount, right?

Example on how it should be with 15% TAX/VAT:

NET price before discount: 100€
Discount 10% ==> NET Price after discount = 90€
TAX/VAT 15% ==> 0,15 x 90€ = 13,5€
Total Price= 90 + 13,50 = 103,50€ including TAX

Now Example on how it is wrongly working:


NET price before discount: 100€
Discount 10% ==> NET Price after discount = 90€

TAX/VAT 15% ==> 0,15 x ( Wrongly based on original price) 100€ = 15,00€
Total Price= 90 + 15,00 = 105,00€ including TAX which is giving a false TAX figure

As seen, the latter example is wrong and is giving me faulty invoices/Receipts and can not be used for fiscal declarations.

I contacted high-quality-php-coding.com that created this handy ADD-ON and explained the problem and got following reply:


Hello,

Thank you for your interest in our product.

To get correct order total info, you should adjust the following
variables:

$order->info['tax']
$order->info['tax_groups'][<your tax>]
$order->info['total']

Sincerely,
The High Quality PHP Coding Team.


Maybe someone smarter than I can help me figure out where and how to use this information to get the contribution to show correct TAX?

It is a super good contribution, BUT as long as it shows wrong TAX, it can not really be used right?

Best regards

CrazyP

Great!

I changed the script so now the log.txt is created in the protected and renamed admin folder and it works! [img]http://forums.oscommerce.com//public/style_emoticons/default/smile.png[/img]

Thank you Taipo!

You are very helpful in all security related matters in this Forum.

Are you doing this free and as a hobby, or do you also do some paid work?

Brgds CrazyP

Hi Taipo,

As far as I understand, the log.txt file is in fact generated by the Moneybookers-Oscommerce module.
What I do not like is getting sensitive information as a readable file in the "catalogue" folder.

Do you mean that by inserting ;


<FilesMatch "^(log\.txt)">
Deny from all
</FilesMatch>

Then the log.txt file will be protected?

I was thinking of altering the script generating the log.txt so it would be stored in the protected "admin" folder instead..

Copy of the generating script below.

I am however not good enough to re-write the code myself.

What would be best solution according to you? (re-write or code in .htacces)

Brgds CrazyP

mb_handler.php:


<?php

require('includes/application_top.php');

if ($_SERVER['HTTP_USER_AGENT'] != 'Moneybookers Merchant Payment Agent') {
die();
}

$a = $_POST;

$fp = fopen(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'log.txt', 'a+');

flock($fp, LOCK_EX);

fwrite($fp, "START(" . strftime("%Y-%m-%d %H:%M") . ")\nPOST");
foreach ($a as $k => $v) {
fwrite($fp, "'$k' => '$v'\n");
}
fwrite($fp, "POSTEND\n");


$sql = "SELECT id_order, plugin FROM moneybookers WHERE id_moneybookers=" . $a['transaction_id'] . " LIMIT 1";

$m = tep_db_query($sql);
$e = tep_db_fetch_array($m);

include(DIR_WS_MODULES . 'payment' . DIRECTORY_SEPARATOR . $e['plugin'] . '.php');

$payMethod = new $e['plugin']();

$sql = "SELECT configuration_value FROM " . TABLE_CONFIGURATION . " WHERE configuration_key = '" . tep_db_prepare_input($payMethod->_mainPrefix . 'SECRET_WORD') . "' LIMIT 1;";
$m = tep_db_query($sql);
$r = tep_db_fetch_array($m);

$sc = $r['configuration_value'];

fwrite($fp, "SecretWord = $sc\n SQL = $sql\n");

$checksum = strtoupper(md5($a['merchant_id'] . $a['transaction_id'] . strtoupper(md5($sc)) . $a['mb_amount'] . $a['mb_currency'] . $a['status']));

fwrite($fp, "CheckSum = $checksum\n");

if ($checksum != $a['md5sig']) {
fwrite($fp, "B�ĄD\nSTOP\n\n");
flock($fp, LOCK_UN);
fclose($fp);
die();
}

$key = $payMethod->_prefix . 'PROCESSING_ORDER_STATUS_ID';

if ($e['id_order'] != 0) {
$sql = "UPDATE orders SET orders_status=(SELECT configuration_value FROM " . TABLE_CONFIGURATION . " WHERE configuration_key = '$key' LIMIT 1) WHERE orders_id=" . $e['id_order'] .";";
} else {
$sql = "UPDATE moneybookers SET status='" . $a['status'] . "' WHERE id_moneybookers='" . $a['transaction_id'] . "';";
}

fwrite($fp, "SQL = $sql\n");

fwrite($fp, "STOP\n\n");

flock($fp, LOCK_UN);
fclose($fp);

tep_db_query($sql);


?>

Hi Taipo,

Thank's for the update.

I had osC-Sec 4.0 installed before and have updated it now.

Good to have guys like you around.

Appreciate it.

CrazyP

Sure?! When looking through the forums I understood latest version is not compatible with 2,2 add-ons.

Lazy as I am, do you have link to good upgrade intructions?

CrazyP