Jump to content


  • Content count

  • Joined

  • Last visited

Posts posted by Ian-San

  1. I am not an expert on sessions but I think this error occurs when you attempt to write the same session id twice to the sessions database which doesnt allow duplicates.


    There is a whole pile of reasons why this might happen - in the case of WP, my belief is that when you are retuning to your store from WP, your current session has become inactive after being written to the sessions database so when the session id is returned by WP, the store attemps to rewrite it to the database again, and so gets an error.


    To resolve, you need to discover why the active session is being lost whilst you are at Worldpay or why the store attempts to restart the same session again. e.g. do you have cookies turned off? Are you moving away from the hosting server? Are you retuning to a html page rather than php etc etc?


    I dont think this is a fault generated by the WP module - it is probably just that you only discover this fault when using WP.

  2. Yes the session id would be the best one to insert into the orders table. but do you know which page actually writes the order to the orders table?  


    checkout_process.php is the main file but you could update the order table from anywhere e.g. from wpcallback

  3. is worldpay integrated with recurring monthly payment? IF so i will sign up now. Please let me know if you know it can do the recurring monthly payment.  




    You cannot do this with this contribution although I think a few have spoken about it. I do not think it would be too hard to add but you would need a new form to enter the additional information and also to capture this information in a new database somewhere. Plus you would need some way to monitor / edit the transactions - thinking about it, maybe it would need to be a completely new contribution. :cry:

  4. As far as I can tell neither the osc order id is not being passed to worldpay or  the worldpay transaction id is not being passed back.


    I think that the key parameter is the session id - the WP transaction id is passed back but not stored - where would you put it? And passing the osc order id forward doesnt seem to achieve much to me?

  5. I'm curious that the MD5 option is not more widely used. How do you safeguard against people tampering with the payment form that gets submitted to Worldpay? Without MD5, one could just put in whatever amount they wish and Worldpay would be none the wiser. Or have I missed something?


    Well, in my case, I am not selling physical products and have a fully automatic checking system set up. In addition, I only have a handful of possible prices so they are easy to recognise.


    I get the reply from WP telling me what they have paid - plus a copy of the order email - and if the customer hasnt paid me the correct amount, I would just limit their access to my site until the issue is resolved. Actually, it has never happened.


    If anyone else want to pay me who is not one of my customers - I say thank you very politely.


    In addition, due to the nature of my web site, I track and store every click a customer makes so can go back and see what they did if any dispute.

  6. the following lines in function check():


    // Ian-san: Added MD5 here 6/4/2003:

    tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'");

    tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'");

    seem to be in the wrong place

    No - they are not actually required at all as the function remove() has a general delete based on the configuration keys. This error was corrected in the currency update version of worldpay.


    All MD5 is untested as none of the contribution authors seem to be using it and no feedback until now - so you are probably on your own there.

  7. Ben


    I suggest that you do do it and release it as a separate module - clearly labelled as such - for those who want to go down that path.


    For those who are happy with the existing stable release, then they can use Graeme's module.


    There is no such thing as one size fits all when it come to e-commerce!

  8. ....etc


    Ritchie, I am not sure if you have seen the latest version of the WP mod - MS1 - this uses a dynamic callback and allows for self-defined currencies.




    We seem to have at least 3 themes running through this thread and my brain hurts! :bomb:


    So we dont lose this useful information and get totally confused, can I suggest that you make recommendations for code changes against the latest version and that scottymcloo acts as arbiter for the official version (if he is willing that is!)?

  9. Excuse me, I dont mean to be rude
    I wonder ....


    Patience is a virtue
    ... but rarely practiced?


    Now I remember what the purpose of OSC was really about .... { :idea: shines in my head}!


    This is Open Source Code and at least one purpose of posting is to get free feedback and improvement to the code so that you might, if you wish, go on and use elsewhere for a profit.


    I personally never show my paypal account in any of my contributions but if you wish, why not solve the problem by replacing both of yours with mine?


    If anyone wants to do any free improvements to any contributions that I have made and re-post, I will be delighted to give you a list to work on!


    I thought this was a good idea when I saw it a few days ago - well done Druide - but though it a good idea to wait a bit until the code became a bit more stable.


    I am now very excited (in a paternal sort of way) about Warren's improvements and personally can't wait to see them.


    Yes, I know I am stepping into a private squabble and that you both probably feel I should keep my nose out of your affairs, but what the heck, that must be a Brit thing I guess?


    Anyway, I have lots of experience bringing up kids :evil: but know very little about Anti Robot Registration Validation ....


    At the moment, I am not improving my overall knowledge very much, if you get my drift...

  10. Thanks Ben - some of us have become very cautious about making changes to WP given that it has had unpredictable results in the past.


    I think we are getting close to a stable version here.


    Remember that checkout_process knows which payment module is being used as it is a registered global - you would only need to add an if statement to test for MODULE_PAYMENT_INSTALLED == worldpay I think?

  11. Ben


    Many thanks for this - it looks good. One issue might be that not everyone is using just WorldPay so any changes to checkout_process needs to allow for this. I think it only affect the change to tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

    require(DIR_WS_INCLUDES . 'application_bottom.php'); .


    You seem to have made a big step forward here - well done.




    It is quite easy to do - it will just need a new field in the database. Maybe someone could try to incorporate this change in the next release?

  12. What I believe is happening is that WorldPay's server is calling your PHP page from their own server and then using the response from that to deliver the webpage. Hence the PHP is processed on your server just like any other PHP, but WorldPay are giving the appearance that their machine is really doing the work.


    Agreed - in a test, I was able to update the database during a callback. The only problem is that WP seems to create a 'clean' copy of your script - like a search engine - so it doesnt have all the global variables. To make the wpcallback script perform the checkout, you would have to pass all the global variables / parameters through WP but in theory at least it must be possible. If that was done, you wouldnt need to have the redirect at all.

  13. So the idea is that the business logic which is currently contained in checkout_process and is called as a seperate process after the callback handler, should really be incorporated as part of the callback handler. This is the way that WordPay is designed to operate.


    In theory you might think that you could just copy and paste in the checkout process code (excluding the call to the payment module) into wpcallback (success option) and not redirect at all.


    But I do not think that it will work as this code is trapped in a WP frame as if it is running on the WP server - not your own - and so it cannot perform the database updates, check OSCIDs etc.

  14. I think all it needs is for checkout_process to make a provisional entry in the database before payment and then to update or delete that provisional entry after payment.


    On the face of it, it would just need small changes to checkout process. ie. add or change a flag in the existing order update sql and to move the payment module call down to below the order entry but above the email notification and to add a small sql to update or change the flag initially set....


    Anyone want to try it!

  15. WP require that customers have time to read their banner which is automatically inserted by them into the callback page - you will note that this page retains their url.


    On the other hand, OSC requires that checkout_process is completed before it registers the order.


    Finally, if the customer has medium security, they will get a pop-up window telling them that they are being redirected - maybe only happens if you are not running SSL.


    They may be a couple of solutions to this - you can try to reduce the delay before the redirect happens but at some point, WP will believe that its banner has not been shown and redirect the customer to a ResultC/Y files instead and anyway, it doesnt stop the problem of the pop-up.


    Or you could try to re-order checkout_process so that the order is registered before payment - then you would need to check that the orders were valid.


    Or you can go back to an earlier version of the WP module 3.X as this used an illegal method of redirect but never-the-less seemed to work.


    An obvious solution would be to attempt to register the order whilst the customer is reading the WP Banner but this failed for me as the callback page is not actually running on the OSC site (even though it looks like it is) and so a lot of global variables are missing.


    Another answer may be to install the order tracking mod mentioned somehwhere in these threads but I wasnt sure if that now worked with WP or not.


    Or any better ideas?

  16. I think it is a failure of WP advertising - I didn't even know about it until was added to the WP module! Until that point, no one asked me to add it to the module so I assume that no one used it.


    Now I think it is a good idea.

  17. Is it not possible to switch between the two? Is this just for those who don't use preauth? I thought there was another switch for that purpose.


    Each account id is set up in WP for either one or the other - so if you want to use both options, you would need to ask WP to set up new account ids for you and change the account id in Admin with making this switch. As far as I can tell, most do not use pre-auth so it is interesting that you do and that it works!

  18. I dont have a need for this just yet but would be interested in it if anyone can get it to work!


    On the face of it, it seems to be quite simple to set-up - just a few extra parameters to send to WP - like pre-auth I guess.


    But you do need to get it installed in your WP Admin first plus there is a separate guide - does anyone have a copy or know how to download the guide?