Jump to content

technoczech

Members
  • Content count

    62
  • Joined

  • Last visited

Profile Information

  • Real Name
    T. A.
  • Location
    Texas
  • Website
  1. Thanks so much Sam. 1. My passwords are already saved in hex format - is that enough? 2. I've already added most of the validations that I need for the various account pages, but will definitely be referencing this add-on if any of them turn out to not be good enough. 3. On my contact_us page I was already using this validation for the enquiry field: $enquiry = strip_tags($_POST['enquiry']); $enquiry = preg_replace ('/([\x80-\xff])/se','',$enquiry); Using the clean_post function instead, was taking out exclamation points and other characters normally used in the message text of emails, which if it's a security issue, I'm glad to take out, but needed to ask - since the $enquiry field is not written to the database, is the above validation enough? If it's not, is there still a way I can securely allow users to use periods and exclamation points in their message text? 4. I did my best to research what your regular expression is limiting, but it's like learning a really hard foreign language to me. Would you be willing to explain it in plain english if it wouldn't take too much time? preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/i", "", urldecode($vars)); Thanks again for your time.
  2. Hi Sam, First, many thanks for all you do for the community. I (and I know many others) have learned so much from your posts and contributions. On to my question... I have a heavily modified site where I have already dinked with the create account, contact us, login page, and many others that allow input by the user. I've also already fixed my country code/state dropdown, removed the fax field, etc, etc. Consequently, I would like to only use the part of your contribution that sanitizes all the input strings. To do that, would I: 1. Put the account_secure.php file in my includes/functions directory 2. For any file with an input field, put: require('includes/functions/account_secure.php'); clean_post (); Is there anything else I would need to do? Also - a remedial question (sorry, but I'm asking so I'll learn) - the clean_post() goes in the file with the input field, and has to go after the require, but other than that does it matter where it's put in the file? At first, I thought it had to go after the $_POST, but then I noticed the directions for the address_book_process.php had it before. Many thanks for your help!
  3. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Ken & Glen, My site is not live yet, but I have added recurring payments. I can provide you with the xml and with the calls I used that go with this wpp add-on, but my site is extremely customized, so I wouldn't know where to tell you to put them in a "normal" shop. But it would at least give you a starting point. Also, I have found the SOAP API manual to be the best place to get the information about setting up the recurring payments stuff. Let me know if you want the xml & calls, and where to send/post them.
  4. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Thanks so much Glen! I agree with you on keeping the audit trail. When I had thought about inserting a new record for the capture trans, I wasn't sure how to link it back to the auth transaction, or how it would be displayed on the orders page, and I wasn't sure if there was anything else it would effect. I just don't know enough about all the moving pieces yet. If you use the batch capture in Paypal, do you go back and update your orders in osc? I would love to know more about the workflow that you (and others) use to process orders. Thanks again!
  5. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Ok, I found out the answer to that is no. What I did to fix the problem of it redirecting to the login screen was to change the following line in paypal_wpp_refund.php from this: include(DIR_FS_DOCUMENT_ROOT . DIR_WS_INCLUDES . 'configure.php'); to this: include('includes/configure.php'); After I changed that, clicking Refund would send the Paypal transaction, however it failed with an error 10009. That error occurs because when you do an authorization you get one transaction id, and then when you do the capture, the auth transaction id becomes the parent transaction id, and a new transaction id is assigned to the capture. The refund has to be executed with the capture transaction id, but the current code executes it with the auth transaction id, so it fails. So I'm trying to decide if I should modify the code to overwrite the auth transaction id with the capture transaction id. My store isn't live yet, so I don't have experience using the admin a whole lot yet, and consequently, I don't know if that would cause any problems with anything else. In Paypal, I can find the transaction with either id. Advice, anyone? Greatly appreciated!
  6. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    paypal_wpp_refund shows this code for the refund and cancel buttons: <td colspan="2" align="center"><input type="submit" name="refund_submit" value="<?php echo WPP_SUBMIT_REFUND; ?>"> <input type="button" name="cancel" value="<?php echo WPP_CANCEL; ?>" onclick="window.close();"></td> The cancel button works. Should there be an onclick= for the refund button?
  7. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    I've seen a couple of posts with this problem, but have not been able to find the solution anywhere. In my admin, if I click the Issue Refund button, I get the next screen where you select Full/Partial, etc, but when I click the Refund button, it redirects to my Admin's login. The api call for the refund is not sent to Paypal. If it matters, beforehand, checkout does an authorization and then I manually do a capture in the admin. I'm using version 1.0.5. Does anyone happen to know the solution for this? Thanks!
  8. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Awesome, thanks! I'll check it out!
  9. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Thanks Glen! My environment does have CCGV - I'll have to check which one (someone else installed it). If it's not trad, where would I find the bug fixes? Only asking because I searched yesterday for WPP and CCGV together, but nothing about bug fixes came up. Thanks again!
  10. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Hallelujah and DUH!! I still don't understand why $this->selected_module was null after coming back from ec, BUT it did dawn on me this morning that since the processing was working, and just the layout was wrong - fix the html and stop piddling with the logic! Ugh, just adding a simple check for if the ec token was set and what to display if it was, did the trick. Finally I can move on with my life...!
  11. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Thanks again guys for a great contrib - I'm sooo close to getting this completely working... I hate to ask, but if you have a chance to check, would it be possible to confirm whether or not the Payment Method section of checkout_confirmation.php appears in your environment after doing Express Checkout? Mine is missing, but only after doing express checkout. It appears that $this->selected_module is null after returning from Paypal's site, and I can't figure out if it's because the payment selection stuff is gone then (since it's replaced with the switch function), or if I've done something else wrong. Thanks again!
  12. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Something strange is happening in my environment. On my checkout_confirmation screen, when I pay via Express Checkout, the Payment Method section doesn’t appear. If I refresh the browser, then it does appear. If I checkout using direct payment, the Payment Section appears like it should, without refreshing. I’ve been researching all day. Do you happen to have any ideas? Thanks in advance!
  13. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    This works perfectly Glen. Thanks so much!
  14. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    Hi guys, During Express Checkout, my test customer is sent to Paypal, and when they're finished there, they're sent back to an empty logged out shopping cart on my site, just like the <ReturnURL>PAYPAL_RETURN_URL</ReturnURL> tells it to. I have the EC button only on the shopping_cart.php, if that matters. $order_info['PAYPAL_RETURN_URL'] = tep_href_link(basename($_SERVER['SCRIPT_NAME']), 'action=express_checkout', 'SSL'); Is there a reason this line is sending them back to the page they came from instead of to the $return_to = FILENAME_CHECKOUT_SHIPPING? TIA
  15. technoczech

    PayPal WPP Direct Payments & Express Checkout Support

    In a nutshell, is this how the default add-on code works? before_process() – sets vars somewhat specific to if it's EC or DP wpp_execute_transaction() – sets vars that all transactions need (like currency, ip, api connection stuff), then creates or replaces the xml file with the correct var names, then sends the data to paypal Reason for asking – I’m looking at adding a recurring payments call, and am trying to figure out: 1. the best place to put it 2. if I need to create my own xml template or the code auto-generates it – I’m guessing I do need to create my own template, and that the code will just auto-populate it So if the above is correct, I need to: 1. add the code to set the additional variables that the recurring payments call needs 2. add the recurring payments call(s) 3. create the xml template Does that sound right? Is there anything more that you know of that I'll need to do? Thanks!
×