Jump to content


  • Content count

  • Joined

  • Last visited

Profile Information

  • Real Name
    FX Berclaz
  1. Hello, VERY IMPORTANT information if you have the 'customer_testimonials.php' contribution installed. SQL Injection Vulnerability. It allows to inject sql code in the URL in get For more information: http://securityreason.com/exploitalert/3339 https://www.securinfos.info/alertes-bulleti...jection-SQL.php http://www.milw0rm.com/exploits/5075 http://www.securityfocus.com/bid/27664 ALL THE BEST
  2. asulis

    Postfinance Payment Module

    Hello sorry for the delay, but I don't really follow all the forum questions, it's better to contact me directly if you don't get the module to work. To answer you, you are right, reading your code, you don't have to write it twice, you don't have to add this line, as with your example the ...process_button() function is called for every payment module. The point with the get mode, is the point 2 : 2. ADD the following line in "checkout_confirmation.php" (recall in get mod) : // add it BEFORE : require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_CONFIRMATION); if(!isset($HTTP_GET_VARS['isingetmod'])) {tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'isingetmod=1', 'SSL'));} BUT if you don't to make the redirect in get mod and have problem for other modules which must be in POST MOD you should have it like this : if (is_array($payment_modules->modules) && $$payment->code == 'postfinance') {if(!isset($HTTP_GET_VARS['isingetmod'])) {tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL').'&isingetmod=1');}} Kindest regards ASULIS
  3. asulis

    Official PayPal IPN Support Thread

    No question....just a big thank you to Terra and all the others for this contribution.... and I must say, I was amazed of all the support you give.... Here under changes we made to use this contribution in another way. Maybe it can help somebody. If not many changes had been done in the OSC version you are using, the contribution worked fine and directly after the first installation. Again thank you as it is a great job. But for us we made so many changes to checkout_process.php (marketing tracking, extra quickorder processing with create account at the end, mail sending, etc.), that we wanted to keep all this functionalities at one place, including the stocks updates as even if the payment is still not accepted, the quantities shouldn’t be available anymore. We also really wanted to sent the mail directly at the end of the checkout_process.php and allow the call of paypal at the end of the order on the checkout_success.php page. So we inverted a little bit the process : 1. in paypal_ipn.php : we commented out the save order part 2. in paypal_ipn.php : we commented out the tep_redirect in the before_process() function so that it could go through the checkout_process.php page 5. in checkout_confirmation.php : we allowed to go directly to checkout_ process.php instead of opening paypal 3. in checkout_process.php : we saved the order completely and send the mails, like usual, just adding a note in the mail to tell that this order is still temporary before the payment is accepted 4. in paypal_ipn.php : we updated the after_process() function which is launched at the end of checkout_process.php to update the database to know that the mail as been sent for this paypal order and to prepare the paypal calling 6. in checkout_success.php : we allowed open paypal instead of doing this in the checkout_confirmation.php page. 7. ipn.php : we commented out the sending mail part for the order confirmation + the stock updates as it has already been done in checkout_process.php This is fine, but big negative issue is that if people cannot pay via paypal or want to abort paypal process, they won't be able to come back and change the payment method before checking out, but we liked it better like this und we don’t have all these paypal temporary orders if people quit before checking out. Kindest regards and thank you again for all you did. ASULIS
  4. asulis

    Postfinance Payment Module

    you should ask yellowpay to change to http mod to validate the order. regards
  5. asulis

    PostFinance module problem

    Hello, Check at the error handling txt file for the answer : " Para.1 (important set the URL/HTTP mode in primary choice not email): http://www.yoursite.com/checkout_process.php?step=process " If you lose order maybe you have to set to URL mode and not email, because your order is completed in OsC only if your customer push the continue button. Ask postfinance to do the changes. Regards FX
  6. asulis

    Postfinance Payment Module

    Hello, The replacement for currency codes and titles have been fixed in the contribution. And for your question, maybe your page is not realoded. Did you add the tep_redirect line at the right place? Check the readme file again. Sorry for all the worries. We only updated the contribution of somebody else, but it's not an easy contribution to install, as well as not the easiest payment module as well.... Regards ASULIS
  7. asulis

    SaferPay and different currencies

    hi cuspis, if you are speaking about the saferpay contribution of Chantal http://www.oscommerce.com/community/contributions,2338 and still need help just reply and we will find the solution.
  8. asulis

    Payment Modul

    if still needed, Chantal did the saferpay contrib. the contribution can be found there : http://www.oscommerce.com/community/contributions,2338