Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent Help Needed with ePDQ Payments


rickhudson

Recommended Posts

Hi Joe

 

Just did a quick comparison against the files in version 1.2 and they all appear to be the same - can you do a quick check of your posted version to make sure the correct files were included.

 

Thanks

Ian

 

 

Go fetch the code here:

 

http://www.oscommerce.com/community/contributions,430

 

I hope it works out alright for you people.

 

Let me know what you think, it's mainly a learning experience for me especially it being my first OsC contrib even within 5 weeks of working with the software.

 

Johan a.k.a. JoeMcManus

 

PS B*ll*cks! Just noticed the version was already up to 1.2!

 

I'm sure you'll find some bugs, then we'll rename it Version 2...

Link to comment
Share on other sites

  • Replies 388
  • Created
  • Last Reply

Top Posters In This Topic

New Version 2 uploaded.

 

The epdq_success language file wasn't actually needed (see readme) but I have included it for sake of completeness.

 

I added commenting as well and fixed the CPI/complete security issue (only affecting myself). Can I request that to be deleted perhaps somewhere?

 

It's below the public http root, is it a threat even after renaming stuff?

 

Anyway, I added some more guidance in the README file to help you because I fully realize this isn't the easiest OsC quest. If only I had 48 hours in a day, it would have been easy peasy for you.

 

Something I'm going to add later is a digital invoice/print receipt in the ePDQ's after_process function. IF there's interest I'll make it public as and when.

 

I'm sorry for all the hardcoded stuff, I just haven't got to the stage where I know how to add nice admin forms and db configuration table entries dynamically yet.

 

Let me know if there's anything else I can help with (but do read all files first and try to get a gist of what's going on please).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Hi Joe

 

Just did a quick comparison against the files in version 1.2 and they all appear to be the same - can you do a quick check of your posted version to make sure the correct files were included.

 

Thanks

Ian

 

Just downloaded both myself and used Beyone Compare and they are correct.

 

Only readme has changed significantly.

Language file was added.

Obsolete passwd file deleted (passwd file is below the http root - SEE CPI/HTACCESS - the passwd folder there needs to contain the password that Barclays CPI uses to post back (should have mentioned in the README).).

Added a few more comment to ePDQ.php

 

(Comparing seems to suggest that the old contrib had the wrong CPI/complete file as well)

Edited by JoeMcManus

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

About that passwd file:

 

SEE CPI/HTACCESS - the passwd folder named in there needs to be placed in that folder on your server and contain the password/login details that Barclays CPI uses to post back (should have mentioned this in the README :blush: ).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

I never got round to commenting on this. I'll walk you through it so you and other get an idea of what this contrib now does...

 

This sounds great. You've probably already thought of this but :

 

if youhave multiple customers paying at the same time how does the complete.php work out which "temporary" order to move to OSC completed orders table from the data posted back from epdq. Is there some code passed to epdq which uniquely identifies the order "on hold"?

 

The order now gets stored before payment, at the checkout_confirmation stage. It gets assigned what I called 'awaiting x' where x is either 'cheque', 'direct bank transfer' or 'card payment'. These are the three payment modules I use. They are hardcoded in there now. In check-out_process you'll find a list of status_id's and names as I used it:

 

  /*     [SEE HERE - ePDQ] ---- This varies according to your status settings and what you call your payments

  status_id  orders_status_name
1      Awaiting Payment
2    Awaiting Cheque
3    Awaiting Bank Transfer
4    Awaiting Card Transaction
 5    Payment Received
6    Payment Declined
 7    Order Partially Sent
 8    Order Sent In Full
9    Order Partially Delivered
10    Order Delivered In Full

   Direct Bank Transfer
   Pay By Cheque
   Credit or Debit Card

 */

 

So before going to the CPI it stores the order with status '4' - Awaiting Card Transaction. Off they go to the ePDQ server (carrying their order number with them behind the scenes) and they fill out their card details. ePDQ posts back to complete.php (with a password so yes, only ePDQ can post back - plus I even rang them for their IPs so it's 100% secure) which converts the 'success' or 'declined' message into either '5' or '6' (see list). This is based on the order number again so no mix ups possible. Now it's up to them to click continue or not, you don't really care.

 

Does the script make sure that the post from epdq is actually from epdq and not from another web site? If you place an order and go to pay but then force a POST to the shops complete.php from another site with the payment success details what stops the shops complete.php script accepting this bogus post data? If I understand correctly it is in a new session rather than the existing session already set up.

(I may be well of mark on this one but having talked to the technical guys at epdq this was one area I was still woolly on despite their efforts to educate me).

 

As mentioned above, yes it's password (and for me IP) protected so only Barclays can post back. Complete.php doesn't use sessions but just the order number that's passed back and forth between the two.

 

Is there a timeout on the amount of time between leaving to go the epdq site and the return post coming back after which the temporary order can't be transferred to the completed orders.

 

Not as far as this code is concerned. It's not session based, complete just awaits the POST with the order# and the status message. During beta testing I must have had the ePDQ payment screen open for 20 mins or so and it processed just fine.

 

I don't think its a big deal clearing out the "payment failed" orders. If 10% of orders fail (which I think is a high estimate) and you get 100 orders per day thats still a very small amount of extra records by the end of the month. It would be better to be able to identify the customer from the "uncompleted" order and their basket contents and to display all their orders to see if they had a newer order that was successful and if not to contact them if you can complete the order on the phone and to ask how to make theier shopping experience better. It might be good to be able to email "[email protected]" with the details after the "time out" so that you have the option of following it up whilst the order is still fresh in their mind.

 

The way it's set up now (see my table above which you might well want to alter in localization-status - then see phpmyadmin for the appropriate ID's) you can see when payment is still awaiting or declined.

 

When they select ePDQ as their payment option and go back to checkout_payment, the script deletes the order entirely and starts fresh, letting them choose a new payment method so no ghost orders will remain. The only ones remaining are declined or awaiting payment when they aborted altogether. It's up to you to either follow up in an attempt to convert or to write a cron (or manually) to delete those orders. But at least they will be clearly marked as such.

 

"Hello this is Mike from myoscshop customer services. Our records show you might have experienced a problem shopping on our site. We apolgise for any inconvenience this has caused you. Would you still like to place the order? I can take the details over the phone if you wish? For security you may wish to call us back on the telephone number on our website. Just ask for Mike when you get through."

 

...is much more likely to create a returning customer than no action at all or a call at the end of the month. Of course you can decide whether to call them or not based on wether they have placed a subsequent successful order.

 

Agree. They tried to pay so they want the item.

 

Did you say that if it returns unsuccessful complete.php will display "You seem to have had a problem" and return them to the shop with their cart still containing their order items so that they can try again?

 

Complete doesn't output anything publibly to the end user. If payment failed, complete will mark the order as such. Then when the DO click continue, checkout_process can tell from the order status and redirect to the checkout again. What I haven't done here is display a useful error message yet. ePDQ told them it was declined so they should know but it would be nice if your shop says something as well. epdq_succes, which is called upon somewhere in between to delete the temporal (pretty obsolete) epdq_status table, actually redirects to the checkout with ?err=something so you could take that from the URL and use that to display a 'Payment Failed, please try again or a different method of payment' type of message.

 

Edited by JoeMcManus

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Well, I'll assume that it works perfectly then.

 

Considering how desperate some of you were, I was expecting a bit more feedback.

 

Or are you still trying to get it to work?

 

Joe

No client fiddled with website and has changed priorities to be offline payment. SHould get work done this week.

I'll let you know how I get on although he's not applied for epdq account yet!

Thanks again

Chris

Link to comment
Share on other sites

Well, I'll assume that it works perfectly then.

 

Considering how desperate some of you were, I was expecting a bit more feedback.

 

Or are you still trying to get it to work?

 

Hi Joe

 

Great job - just finished integration into a new site this morning.

 

Apart from the hard coded vars just changed one item in checkout_process.php

 

Changed

  }         //else if it IS ePDQ; complete.php already did it

 

to

 

  } else  {     //else if it IS ePDQ; complete.php already did it just update customer_notified
   $customer_notification = (SEND_EMAILS == 'true') ? '1' : '0';
   $sql_data_array = array('orders_id' => $insert_id,
                                'orders_status_id' => $order->info['order_status'],
                                'customer_notified' => $customer_notification);
   $old_orders_status_id = '2';  //change to success status code set in complete.php
   $old_customer_notified = '0';
   tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array, 'update','orders_id=' . $insert_id . ' AND orders_status_id=' . $old_orders_status_id . ' AND customer_notified=' . $old_customer_notified . '');
}

 

all this does is set the customer_notified flag to TRUE once the order process email has been sent - just need to change the value of $old_orders_status_id to your own success status code set in complete.php.

 

Thanks for your work

Ian

Link to comment
Share on other sites

Ian,

 

Good find.

 

I remember doing that bit of code and thought for a second that setting it in complete.php to 1 would e-mail it off instantly which is nonsense ofcourse. But then I never updated it in checkout_process.

 

Nice catch, very useful else people won't get a confirmation.

 

Glad to hear it works for you.

 

I hate it btw how the CPI lets users insert a delivery address again etc. They should skip that stage IMO when it's provided. I basically don't want to give them the seperate delivery address option when they purchase with noaccount. It's a sort of member privilege and helps fighting fraud as well. But then Barclays asks them the same question OsC just did... I'll have to ring them about that.

 

I also wished they reported something between Success and Declined. Perhaps dependant on your fraud rules, like 'Success', 'Needs Review' and 'Decline'. Now you alsways need both OsC backend and CPI login open to sort out which can be processed and which need sussing out. Would be nice if you knew that 'Success' meant 100% clean so you can process it and worry about money in one batch at the end of the day for instance.

 

Just my CPI rants.

 

Let us know if you find more scope for improvement...

Edited by JoeMcManus

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Hi Joe,

 

I've been monitoring this thread and trying to understand what you guys are all talking about, i am new to osCommerce and trying to set up ePDQ for my first osc site. This might be a bit trivial for you, but as a non-technical designer (no experience with php or sql) i'm having a bit of trouble following the read me file and instructions to get this to work. So here is a quick round up of all the problems i've been having, i would be extreemly grateful if you could point me in the right direction, as i am desprate to get this working.

 

All files copied into correct places (as per file structure given) and instructions followed as close as pos.

 

Don't understand what the following means, what should the file be renamed to? "CPI/htaccess.txt.htaccess needs to be altered to suit your

## server environment and renamed to .htaccess ."

 

Where should the ePDQ.sql file be placed/used? (i didn't understand this from previous version either)

 

Where your "[sEE HERE - ePDQ]" comments are is it necessary to change code, or will it work by default the way you have coded it?

 

Also other questions i have-

 

when setting up the CPI admin what should the POST URL be and the user name and password, i figured this is something to do with the CPI/htaccess.txt.htaccess file, but not quite sure.

 

I realise these questions are probably a bit basic, and even with this info i'll probably have more problems, but it would really help me out of a sticky situation i've been put in. Any help would be great, and could probably go towards a novice's guide to installing ePDQ for osCommerce, something i think alot of people would find incredibly useful.

 

Please reply, just to let me know if you can help or not, understand if you're too busy.

 

Thanks

Edited by smesol
Link to comment
Share on other sites

Don't understand what the following means, what should the file be renamed to? "CPI/htaccess.txt.htaccess needs to be altered to suit your

## server environment and renamed to .htaccess  ."

 

The htaccess file has specific server paths in it which are likely to be different on your server. So you need to open it and change the folder of your password file. Read up online on htaccess and password protection to understand its functionality. This basically prevents all other non-barclays requests from entering the CPI folder.

 

Where should the ePDQ.sql file be placed/used? (i didn't understand this from previous version either)

 

SQL files don't go anywhere. They contain Database instructions. You need to open PhpMyAdmin (normally provided by your host) and use the SQL Inport function to 'upload' this file into MySQL. Or copy and paste its contents in a PhpMyAdmin SQL statement.

 

Where your "[sEE HERE - ePDQ]" comments are is it necessary to change code, or will it work by default the way you have coded it?

 

Most of those instances REQUIRE changing. It will definitely not work without altering these. This not-so-beautiful code makes it a necessity for you to understand what is going on. You shouldn't really be altering OsC and contribs if yuo don't understand the code. Read first what happens along the way of someone putting something in his basket, via checkout_shipping.php, checkout_billing.php, checkout_confirmation.php via ePDQ and complete.php on to checkout_process.php and checkout_success.php. Read this chronologically and try and understand the variables first (trust me, I spent days doing this before I could make this contrib available). As the contrib explains, you HAVE to be able to work on it yourself. I can only help so much from a distance. OsCommerce and definitely contribs are not (well IMO at least) for people who can't write PHP and MySQL themselves. No offense to you, it just appears to be the harsh reality but also the essence of Open Source code.

 

Also other questions i have-

 

when setting up the CPI admin what should the POST URL be and the user name and password, i figured this is something to do with the CPI/htaccess.txt.htaccess file, but not quite sure.

 

The POST Url will be cpi/complete.php on your server. The password will be in that passwd file as described in the htaccess file in /cpi/. Note that you will have to rename htaccess.txt.htaccess on your server to .htaccess (nothing in front but including the dot).

 

I realise these questions are probably a bit basic, and even with this info i'll probably have more problems, but it would really help me out of a sticky situation i've been put in. Any help would be great, and could probably go towards a novice's guide to installing ePDQ for osCommerce, something i think alot of people would find incredibly useful.

 

They are basic but more advanced than the very basic so you're getting there.

Trying to really understand the OsC processes and how this contrib ties in with that will definitely help you. This is no quick fix and many contribs I have come accross require at least half a day of tweaking to get it to work so investigating the file sequence mentioned above will help you with your shop in all future encouters of upgrading and tweaking etc.

 

 

Please reply, just to let me know if you can help or not, understand if you're too busy.

 

Thanks

 

That's alright.

 

I would recommend printing out the files mentioned above and just mark the processes with comments in your own plain English. This helps a lot. Or open them in PHP Coder or similar editor and comment it to death. Like I have done in many places it really helps to comment IF statements etc. It makes you understand what is going on instead of copying and pasting other people's stuff in there.

 

It might seem daunting but since you got this far, you must have the brains to sus it out.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

  • 4 weeks later...

I am getting these errors:

 

Notice: Undefined index: oid in C:\Inetpub\Public\mckie.jappihome.co.uk\cpi\complete.php on line 69

 

Notice: Undefined index: transactionstatus in C:\Inetpub\Public\mckie.jappihome.co.uk\cpi\complete.php on line 75

 

Notice: Undefined variable: order in C:\Inetpub\Public\mckie.jappihome.co.uk\cpi\complete.php on line 111

 

Any ideas?

:wq!

Link to comment
Share on other sites

this is stopping transactions completely (which shouldn't happen with just notice errors) so i unable to use this. i have tried manually entering the required details into the code for a test run, but it then just comes up with a blank page?

 

any help with this would be appreciated greatly.

:wq!

Link to comment
Share on other sites

Sounds like the session is destroyed when the user goes off to Barclay's pages. Then when they come back, OsC doesn't know who this person is in this session. Hence showing the undefined errors.

 

I can't really help you with this because I really think it's something to do with the way your server is configured. Not so much OsC. And I'm not an expert on php.ini etc. settings.

 

Search Google and php.net for the error for some clues.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

it's ok now i've gone back to using the previous version (before the paypal ipn style addition) and it's working fine now. i think it's a bug in the way the new verison passes the hidden values to barclays.

:wq!

Link to comment
Share on other sites

  • 1 month later...
Hi Joe

 

Great job - just finished integration into a new site this morning.

 

Apart from the hard coded vars just changed one item in checkout_process.php

 

Changed

 ?} ? ? ? ? //else if it IS ePDQ; complete.php already did it

 

to

 

 ?} else ?{ ? ? //else if it IS ePDQ; complete.php already did it just update customer_notified
? ?$customer_notification = (SEND_EMAILS == 'true') ? '1' : '0';
? ?$sql_data_array = array('orders_id' => $insert_id,
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 'orders_status_id' => $order->info['order_status'],
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 'customer_notified' => $customer_notification);
? ?$old_orders_status_id = '2'; ?//change to success status code set in complete.php
? ?$old_customer_notified = '0';
? ?tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array, 'update','orders_id=' . $insert_id . ' AND orders_status_id=' . $old_orders_status_id . ' AND customer_notified=' . $old_customer_notified . '');
}

 

all this does is set the customer_notified flag to TRUE once the order process email has been sent - just need to change the value of $old_orders_status_id to your own success status code set in complete.php.

 

Thanks for your work

Ian

 

HI,

 

I have installed the EPDQ on a cart that uses shared ssl.

 

All goes well until the client (assuming they feel inclined to) presses the EPDQ Continue after payment is collected: The return URL has lost the session.

 

This is not a problem since all they need do is log back in, but my question is:

 

Is there any code that would enable complete.php to send the order email, update the status to customer notified and reset the basket - in the event of a successful process:

 

Can some of the code above be used?

 

Glad of any help...

 

Kind Regards,

 

Garry

Garry

Link to comment
Share on other sites

Hi,

 

Thanks.

 

I have changed customer_notified to 1 and this works OK.

 

I have added 2 lines to reset the cart and send the email, but my knowledge is very limited and I am not sure if I have done this correclty.

 

I would appreciate it if someone could have a look and see what i have done wrong:

 

Many Thanks,

 

Garry

 

        if($status == "Success")
       {
           $new_status = 1;   // [SEE HERE] Depends on your status setup
       }
       else
       {
           $new_status = 5;   // [SEE HERE] Depends on your status setup
       }
       $selstr2 = "UPDATE orders SET orders_status = '$new_status', last_modified = NOW() WHERE orders_id = '$oid'";

       //Make new insert into status history
       $sql_data_array = array('orders_id' => $oid,
                               'orders_status_id' => $new_status,  //4 is Awaiting Card Transaction
                               'date_added' => 'now()',
                               'customer_notified' => '1',
                               'comments' => $order->info['comments']);
       tep_db_perform('orders_status_history', $sql_data_array);

//       tep_db_query($selstr);

 $result = mysql_query($selstr, $link);
       //Update order status to payment received but only if transaction status is success
       if($status == "Success")
       {
           $result2 = mysql_query($selstr2, $link),

// Added 2 new lines to reset cart and send email ?

           $cart->reset(true),
           $customer_notification = (SEND_EMAILS == 'true') ? '1' : '0';
       }
       else
       {
           $result2 = "Not updated, transaction not successful. Please follow up.";
       }

Garry

Link to comment
Share on other sites

The comma after $cart->reset(true) seems misplaced. Should be semicolon.

 

But I don't see the need for this. complete.php isn't making use of the user session since it's in the background and never loaded in a browser.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

  • 4 weeks later...

hi all, had apdq up and running for a few months and all has been hunky dorry.

 

however now it decides to die the day we get our biggest ever order!! for some reason it process orders and places an entry in the db but the order id ungenerated!

Warning: mysql_insert_id(): A link to the server could not be established in /var/www/shop/includes/functions/database.php on line 113

 

that comes up on the checkout confirmaation page b4 it wisses them of to epdq.

this makes no sense! it can connect for everything but the order no.. im guessing maybe soemthing to do with session seing thats where the order no comes form??

 

also i noted in the debugging mail i get from the epdq moudle it says teh orde rno it some really long 16digit+ no? should only be 3 at most.?? the epdq transaction goes through fine and records the really long 16 digit no. the order id in the db is 0 though!

 

any clues anyone???

 

be very gratefull

Link to comment
Share on other sites

If it all worked before and all of a sudden stops that can only be caused by a couple of things.

 

1. Your host 'upgraded' and some new functionality is breaking your os code.

2. Someone altered the files.

 

If yuo have a back-up of back when it worked just fine, I'd do a Beyond Compare with the current online version and see what's going on.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Hi Joe,

Only trouble is im renting a vds server doing myself :D anyhow, i recently added ssl but did a test and it worked after i did that. i also changed a perl directory but thats about it. Surely that shouldnt affect it? doign a compare fo files to make sure i didnt do something silly... any idea why the order no when inserted into the database is zero. then if i do a refresh using phpadmin it generated an order no...then when it comes back form epdq it is using a difefrent one!

 

in debug email get stuff like this...

 

cid = 429eeae3

INSERT INTO epdq_transactions (oid, transaction_status, transaction_time) VALUES

('429eeae3-d071-3000-0002-0003ba297d8f','Success',NOW());

Result1 = 1

 

Thanks Lee

 

If it all worked before and all of a sudden stops that can only be caused by a couple of things.

 

1. Your host 'upgraded' and some new functionality is breaking your os code.

2. Someone altered the files.

 

If yuo have a back-up of back when it worked just fine, I'd do a Beyond Compare with the current online version and see what's going on.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...