Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


cinolas last won the day on January 7 2017

cinolas had the most liked content!

Profile Information

  • Real Name

Recent Profile Visitors

10,692 profile views
  1. So a site audit on my osC 2.3.4 BS Gold site has pointed out that jQuery 1.11.1 an Bootstrap 3.3.7 have vulnerabilities that should be patched. Can I update jQuery and Bootstrap 3 without breaking my site? Which versions should I update to, to keep everything safe and working? Thanks!
  2. cinolas

    Moneris, eSelect plus

    @greasemonkey When you made the Moneris module for Phoenix, did you update it to use the new Moneris API? Or did you simply convert the process that was in the 2.2 / 2.3.x module? Moneris is saying that the 2.3.x module uses their old API (& 3dSecure 1.0) which is barely still supported by card issuers. I need to change this so it uses the new APIs...
  3. cinolas

    Moneris, eSelect plus

    My problem is not fixed.... it seems the one thing it's really doing wrong is that it's keeping failed AVS transactions in PRE-AUTH. Then the customer tries a few times, it locks up their available balance in the mutiple PRE-AUTH and then we get angry customers.
  4. cinolas

    Moneris, eSelect plus

    I'm not sure wether that's what was causing my problem or not, I'm not sure yet that it's fixed, but the format for the AVS response codes field is like "AWXYZ", no spaces, no commas. My selection of codes was a little wrong too.
  5. cinolas

    Moneris, eSelect plus

    New problems with this module while AVS check is enabled (still on osC 2.3.4 BS GOLD). @greasemonkey have you see this before? I just activated AVS check because we were getting a lot more fraud than before. In an effort not to stop orders coming in from Quebec (where addresses often contain accents) I’ve elected to accept the following AVS verification codes: A, W, X, Y, Z. I did some testing and everything seemed to be working reliably. Looking at our logs this morning it’s apparent that there’s a problem. Some transactions are being approved without the AVS check while others are being declined because of a bad AVS check. Some are approved with bad CVD while others are declined, and some not checked at all. Some of the payments that came in without an order were in Pre-Auth even though the options sate to Complete the transaction. Even worst, some transactions are being approved but osCommerce isn’t getting the response and isn’t creating an order and the only sign we get of the payment being received is in our local Moneris transaction log. It worked pretty flawlessly when I had AVS disabled. The options hereunder were the same except that the AVS response field was left blank, and the "How would you like to perform CVD verification?" option was set to "Allow Unparticipated Cards". Here's my AVS enabled configuration: Enable Moneris Solutions eSELECTplus Module Do you want to accept eSELECTplus payments?X True FalseEnvironmentTest or Production Server? Test ServerX Production ServerTransaction CompletionComplete transaction on checkout or manual completion X Completion on checkout Manual CompletionStore IDStore ID value obtained from the Moneris eSELECTplus Activation Letter MYSTOREIDAPI TokenAPI Token value obtained from the Store Settings Section of eSELECTPlus Merchant Resource Center MYAPITOKENOrder ID PrefixPrefix of the order id you would like on for the moneris transactions OSC_ORDER-Number Of RetriesNumber of Retries on the same credit card in the same transaction.(To disable retries limit, set it as '-1') 10VISA Card TransactionsHow would you like to perform VISA card transaction(s)? Do not accept Normal Transaction onlyX Perform AVS/CVD Perform VbV Perform VbV and AVS/CVDMaster Card TransactionsHow would you like to perform Master Card transaction(s)? Do not accept Normal Transaction onlyX Perform AVS/CVD Perform MCSC Perform MCSC and AVS/CVDAmerican Express TransactionsHow would you like to perform American Express transaction(s)?X Do not accept Normal Transaction only Perform CVDNovus/Discover TransactionsHow would you like to perform Novus/Discover transaction(s)?X Do not accept Normal Transaction only Perform AVSOther Card Types TransactionsWould you like to allow transaction(s) from other card types?X Do not accept Normal Transaction onlyCard Verification Digit (CVD)How would you like to perform CVD verification? Do Not PerformX Full Matches Only Allow Unparticipated CardsAddress Verification Service (AVS)Which AVS response code would you allow? (To disable AVS, leave the field blank) A, W, X, Y, Z Add Shipping TaxWould you like to turn the module to calculate shipping tax? YesX NoPayment ZoneIf a zone is selected, only enable this payment method for that zone. NoneSort order of display.Sort order of display. Lowest is displayed first. 0Set Order StatusSet the status of orders made with this payment module to this value default
  6. Never mind got it: I.IP.SURF,I.SP.SURF No space....
  7. @greasemonkey I'm having the same problem with the CanadaPost module not accepting the disallowed services, and storing 'array' in the DB instead.... I don't mind entering the disallowed services into the DB manually (unless there's an easy fix) but I can't figure out the proper format for the multiple choices. Specifically I entered those 2 services I need to disallow: I.IP.SURF, I.SP.SURF But when I look at the web interface it only seems to recognize Small Packet International Surface and not I.I P.SURF as "International Parcel Surface". Maybe it's not the format but the code... Is there a different code for that service now? Cheers!
  8. If someone feels competent enough in PHP and osC to troubleshoot this one for me / with me, I am willing to pay.
  9. Thanks @Jack_mcs I did not know of this function, looks promising.
  10. cinolas

    Gift Vouchers Secure

    @Jack_mcs I'm back! <sigh> I know that what I'm doing with Gift Voucher is FAR beyond regular support, but I'm having one last problem and I'm hoping you may have insights: After all the modifications I've done, when I try checking out with my regular CC payment method (Moneris) no Gift Voucher involved, the CC#, CC Expiration, and CVS gets blanked out as described here: Thanks!
  11. I'm using osC 2.3.4 BS GOLD with a modified version of the Gift Voucher add on. I just finished installing and customizing the Gift Voucher add-on for what I need it to do, and there's obviously something wrong in the modifications I did: the credit card number gets blanked out between the payment and confirmation page when I'm checking out with my CC payment method (Moneris). It's definitely something I changed on the checkout_payment or checkout_confirmation page, or related payment and order total classes. The CC info is being passed by the post but is not being added to the order object, a vardump shows: array(85) { ["_GET"]=> &array(0) { } ["_POST"]=> &array(10) { ["formid"]=> string(32) "5b219c15c93cb4e93f07353410eec71c" ["payment"]=> string(12) "moneriscampg" ["campg_cc_name"]=> string(15) "Nicolas Charest" ["campg_cc_number"]=> string(16) "47890111##########" (# removed, but it was correct) ["campg_cc_expires_month"]=> string(2) "01" ["campg_cc_expires_year"]=> string(2) "##" (# removed, but it was correct) ["campg_cvd"]=> string(3) "###" (# removed, but it was correct) ["cot_gv"]=> string(1) "0" ["gv_redeem_code"]=> string(0) "" But not in the order object: ["order"]=> object(order)#20 (7) { ["info"]=> array(15) { ["order_status"]=> string(1) "6" ["currency"]=> string(3) "CAD" ["currency_value"]=> string(10) "1.00000000" ["payment_method"]=> string(30) "Visa, MasterCard or Visa Debit" ["cc_type"]=> string(0) "" ["cc_owner"]=> string(0) "" ["cc_number"]=> string(0) "" ["cc_expires"]=> string(0) "" How can I troubleshoot this issue? I'm a total hack at php... where in the process do those variables get set? how can I trace them to see when they get reset? My php error log only logs an error in the Moneris payment module because the cc# is empty. Any help is greatly appreciated. Cheers!
  12. cinolas

    Gift Vouchers Secure

    @Jack_mcs I think I may have figured out a better way. The idea was to remove the redeem field from the payment page so that "Guests" (from the PWA guest checkout contrib) can't redeem gift vouchers. I'm going to use javascript to hide the field instead.
  13. cinolas

    Gift Vouchers Secure

    @Jack_mcs I'm going to bug you once more, about something that is far, FAR, beyond the scope of support I'm trying to move the gift voucher code redeem field. I don't want it on checkout_payment.php but on a page of it's own (redeem_gv.php) accessed from My Account. Is that a customization that I could hire you to do? PM me. I looked into it, and it looks like I would have to split the credit_selection() function into 2 different functions, one for the checkbox, one for the redeem code field. And then somehow build a form on redeem_gv.php that stands alone and calls the order_total classes. I just need a field to type in the gv code, and then run the verification and add the amount to the user's account. It sounds simple, but I'm not sure I can manage that myself in a timely manner. The reason is that Gift Voucher doesn't work well with Pay Without Account (obviously, since the balance must be stored in the user's account), I've modified account_pwa.php to prevent guest checkout when there's a gift voucher in the cart. If I can move the redeem process to a page accessed from My Account then I believe that covers me and guest users won't be able to buy or redeem gift vouchers. Let me know!
  14. cinolas

    Checkout when order total is $0

    I'm not entirely following you here @ecartz This line: if (($order->info['total'] - $total_deductions < 0) || ($payment == 'free' && ($order->info['total'] - $total_deductions > 0))) In my setup, the payment fails if credit_covers = true. So it looks to me like this says: payment fails IF (too much deductions were applied (total < total_deductions)) OR (if $payment == 'free' AND not enough deductions were applied to cover the total (total > deductions)) The second part is to catch the bug where $payment is 'free' as it should, but the deductions don't cover the total because they were not applied (because of the bug). Am I missing something? Thanks for working with me on this. Your help is GREATLY appreciated
  15. cinolas

    Checkout when order total is $0

    That is a good idea. Which actually leads me to the last modification I want to make: preventing checkout when the total after payment > 0 (not fully paid). In all my repetitive testing of the checkout process with Gift Vouchers I've found that sometimes (rarely, randomly it seems) the Gift Voucher balance doesn't actually get applied. I'm not sure why, and it only happens when going back and forth between checkout_confirm.php and checout_shipping.php repetitively. To prevent any chances of someone being able to checkout when the total after payment and discounts > $0 I'm thinking this would be a good place to add the check. That IF looks like this now, after your recommendations: if ($order->info['total'] - $total_deductions < 0 ) { if(!tep_session_is_registered('credit_covers')) tep_session_register('credit_covers'); $credit_covers = true; }else{ // belts and suspenders to get rid of credit_covers variable if it gets set once and they put something else in the cart if(tep_session_is_registered('credit_covers')) tep_session_unregister('credit_covers'); } I'm changing it to: if (($order->info['total'] - $total_deductions < 0) || ($payment == 'free' && ($order->info['total'] - $total_deductions > 0))) { if(!tep_session_is_registered('credit_covers')) tep_session_register('credit_covers'); $credit_covers = true; }else{ // belts and suspenders to get rid of credit_covers variable if it gets set once and they put something else in the cart if(tep_session_is_registered('credit_covers')) tep_session_unregister('credit_covers'); } Does that make sense? Just making sure I'm not doing anything dumb. Cheers!