Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution]Paypal IPN - Devosc


devosc

Recommended Posts

Hi Joed

 

wow thanks for this this is great :)

can you explain which numbers correspond to which status' ...Im not to good at this stuff Im afraid. I can get into the database with phpmyadmin so i think i can change them

 

thanks again this is so easy with your help :)

 

 

Hi Wooly

 

No problem, the are numbers just as they are listed;

 

0 Processing

1 On Hold

2 Refunded

3 Canceled

4 Delivered

5 Preparing [PayPal IPN]

 

keep going, you'll get there in the end.

Link to comment
Share on other sites

  • Replies 2.1k
  • Created
  • Last Reply

Top Posters In This Topic

hello joed,

 

thanks for the detailed explanation. i have removed contribution 2679 and installed 1753.

 

these are my order status:

 

0 Processing (default)

1 On Hold

2 Refunded

3 Cancelled

4 Delivered

5 Preparing [Paypal IPN]

 

 

and these are my download settings:

 

 

Enable download - true

Download by redirect - false

Expiry delay (days) - 7

Maximum number of downloads - 1

Downloads Controller Update Status Value - 12

Downloads Controller Download on hold message - <BR><font color="FF0000">NOTE: Downloads are not available until payment has been confirmed</font>

Downloads Controller Order Status Value - 10

 

 

1) are these values ok? i'm specifically concered about the download settings.

2) from the FAQ for contribution 2679:

What url should I specify for the IPN feature to be used.

You don't need to, it will automatically be specified.

i don't understand? how will my store receive the notification? i'm using the sandbox environment for testing right now.

Link to comment
Share on other sites

hello joed,

 

thanks for the detailed explanation. i have removed contribution 2679 and installed 1753.

 

these are my order status:

 

0 Processing (default)

1 On Hold

2 Refunded

3 Cancelled

4 Delivered

5 Preparing [Paypal IPN]

 

 

and these are my download settings:

Enable download - true

Download by redirect - false

Expiry delay (days) - 7

Maximum number of downloads - 1

Downloads Controller Update Status Value - 12

Downloads Controller Download on hold message - <BR><font color="FF0000">NOTE: Downloads are not available until payment has been confirmed</font>

Downloads Controller Order Status Value - 10

1) are these values ok? i'm specifically concered about the download settings.

2) from the FAQ for contribution 2679:

 

i don't understand? how will my store receive the notification? i'm using the sandbox environment for testing right now.

 

Your setting are the same as mine except for 2, mine are;

 

Downloads Controller Update Status Value - 4

Downloads Controller Order Status Value - 2

 

paypal returns a message that says the order is Completed. Completed is ID 4 in my Orders_status and the above line updates the download controller if the value is 4. It all ties in.

 

i don't understand? how will my store receive the notification? i'm using the sandbox environment for testing right now.

 

I'm not sure how this works, but I have IPN turned on in my paypal account. I'm sure I read somewhere that you don't need it turned on, but it's on and everything is working so I'm not going to change it.

 

Paypal returns a message, somehow, to your site. Not sure how, but it does. There is a setting somewhere, debug emails in the paypal module I think, if you turn it on you get an email of all the details paypal would send. That is useful for checking that all your information is correct.

 

 

One more point, do you have United States accounts set up in the paypal sandbox? According to the sandbox forums UK accounts just don't work. I can vouch for that!

Link to comment
Share on other sites

hello joed,

 

thanks for the detailed explanation. i have removed contribution 2679 and installed 1753.

 

these are my order status:

 

0 Processing (default)

1 On Hold

2 Refunded

3 Cancelled

4 Delivered

5 Preparing [Paypal IPN]

 

 

and these are my download settings:

Enable download - true

Download by redirect - false

Expiry delay (days) - 7

Maximum number of downloads - 1

Downloads Controller Update Status Value - 12

Downloads Controller Download on hold message - <BR><font color="FF0000">NOTE: Downloads are not available until payment has been confirmed</font>

Downloads Controller Order Status Value - 10

1) are these values ok? i'm specifically concered about the download settings.

2) from the FAQ for contribution 2679:

 

i don't understand? how will my store receive the notification? i'm using the sandbox environment for testing right now.

 

Forgot something!

 

Maximum number of downloads - 1

 

Mine is set to 5

 

If you set it to 1 the customer only has one chance to download the file. If something goes wrong during the download they won't get a second chance.

Link to comment
Share on other sites

Hi Joed this is almost there

 

I'm not sure how this works, but I have IPN turned on in my paypal account. I'm sure I read somewhere that you don't need it turned on, but it's on and everything is working so I'm not going to change it.

 

I have looked Paypal and there is a required Notification URL:

 

what did you use for that?

 

Phew I've been at this too long now.. I need food ;)

 

should say im not using ssl if it matters

 

 

cheers

 

W

Edited by wooly
Link to comment
Share on other sites

Hi Joed this is almost there

I have looked Paypal and there is a required Notification URL:

 

what did you use for that?

 

Phew I've been at this too long now.. I need food ;)

 

should say im not using ssl if it matters

cheers

 

W

 

Just had a look at the paypal docs but am not quite sure whether i should do this as the OSC docs say to leave it off...heres the text for the notification url

 

IPN Notification and Notification Validation

After your server receives Instant Payment Notification, you must confirm that you received

it. This is known as notification validation, which is a means for PayPal to help you prevent

spoofing or ?man-in-the-middle? attacks.

You have two methods by which you can validate the notification:

 

1. Sending a shared secret, described in ?Shared Secret Validation? on page 27. PayPal

recommends this method because it decreases network traffic to and from your website.

Shared secret validation is appropriate:

? if you are not using a shared website hosting service.

? if you have enabled SSL on your web server.

? if you are using PayPal Encrypted Website Payments.

? if you use the notify_url variable on each individual payment transaction.

 

2. Sending a POST back to PayPal after you receive the IPN, described in ?HTTPS Postback

to PayPal? on page 27. Postback is appropriate:

? if you rely on a shared website hosting service

? if you do not have SSL enabled on your web server

 

Both methods rely on the concept of a notification URL, which is described in the next

section.

Shared Secret Per Transaction or by Profile Setting

The URL to which PayPal posts IPN data is called the notification URL. It can be set either

with each individual payment transaction or globally in your Profile for all transactions:

 

* Per Transaction: If you want to receive payment notifications for different payments at

different URLs (for example, if you need to separate payments to different websites you

run), use the notify_url variable to pass the notification URL. With each payment

PayPal saves the value of the notify_url for a specific payment, and any subsequent

updates to that payment (such as a cleared eCheck) are sent to that notify_url. When

you pass a notify_url in your post, it overrides the setting in your Profile.

 

* Profile Setting. If you want to receive your IPNs at only a single URL, enter that URL in

the Preferences section of your Profile.

Likewise, the shared secret you can use to validate that you have received an IPN can be set

either with each individual payment transaction or globally in your Profile for all transactions:

 

* Per Transaction: If you want a distinct shared secret for each notification for each

payment, append a FORM variable name and a shared secret value to the value of the

notify_url variable. When you pass a shared secret in your payment post, it overrides

the setting in your Profile.

 

*Profile Setting. If you want the same shared secret for each and every transaction, enter

that shared secret in the Preferences section of your Profile.

 

Shared Secret Validation

The first and recommended method for notification validation is to use a shared secret on

individual payment transactions. Add a shared secret variable and value to the value of the

notify_url variable to which the IPN data is posted after a payment is made. The shared

secret consists of the following:

 

notify_url=yourIPNnotificationURL?shared_secret_variable_name=shared_secret_value

where:

 

*yourIPNNotificationURL is a URL on your website at which you want to receive notification.

*shared_secret_variable_name is any variable name you want.

*shared_secret_value is the shared secret itself

 

For example, the value of notify_url variable might look like this:

notify_url=https://www.mysite.com/PP-IPN-Validate.cfm?secret=shhhhhhh

 

Security Considerations with Shared Secret Validation

 

To ensure the security of your shared secret, you should use Encrypted Website Payments

(EWP). For information about EWP, see the PayPal Standard Checkout Integration Guide.

The value of the shared secret is not encrypted; it is in clear text for easier processing.

Therefore, the shared secret value is recorded in your web server?s access log. Be sure to

practice proper security for your server access logs. If you use a web server hosting service,

ensure that your provider practices proper security of your data.

 

IMPORTANT: Your notification URL should check the validity of the returned shared secret

and flag for investigation any transaction that does not have the correct

shared secret.

 

 

How important is this stuff?

 

W

Link to comment
Share on other sites

Hi Joed this is almost there

I have looked Paypal and there is a required Notification URL:

 

what did you use for that?

 

Phew I've been at this too long now.. I need food ;)

 

should say im not using ssl if it matters

cheers

 

W

 

Hi Wooly

 

I forgot about that, but now you mention it I used my store url, just the address to the root as in;

 

http://www.mystore.co.uk

 

I don't use ssl either, but I have some text somewhere in the store that tells the customer that no financial details are entered, or stored on my server.

 

It probably doesn't make a difference, but many people worry about online fraud these days. So I made a point of letting visitors to my store know that they will be transfered to a secure server to make the payment.

 

If it's any consolation, it took me nine days solid to get downloads working. I had a week off work, so I started on saturday morning and it took me until the following weekend to get it working.

 

It won't take you that long. I made two big mistake which wasted 8 days, then I decided to delete everything and start again. I deleted the whole store and started from scratch, and had downlaods working the same day.

Link to comment
Share on other sites

Just had a look at the paypal docs but am not quite sure whether i should do this as the OSC docs say to leave it off...heres the text for the notification url

How important is this stuff?

 

W

 

Hi Wooly

 

I'm not sure, I have not seen that at all.

 

I'm only guessing here, but I think it may have something to do with the Digest key in the paypal IPN module in your store admin. This appears to be some sort of secret key that your store sends to paypay and vice versa.

 

If you are not using ssl then only part 2 of the doc applies. I assume that you supply the digest key and the paypal module adds the other bits.

 

All I can say is change your digest key to something only you know and forget about it. Or should that be "keep it in the back of your mind just in case you can't get things working". We can look into it as a last resourt.

Link to comment
Share on other sites

Hi Wooly

 

I'm not sure, I have not seen that at all.

 

I'm only guessing here, but I think it may have something to do with the Digest key in the paypal IPN module in your store admin. This appears to be some sort of secret key that your store sends to paypay and vice versa.

 

If you are not using ssl then only part 2 of the doc applies. I assume that you supply the digest key and the paypal module adds the other bits.

 

All I can say is change your digest key to something only you know and forget about it. Or should that be "keep it in the back of your mind just in case you can't get things working". We can look into it as a last resourt.

 

Thanks for the advice Joed

 

I havent changed any f that for the moment ... but I got a little problem on clicking on 'checkout'

 

I get a blacnk page with the error message

Parse error: parse error, unexpected T_DOUBLE_ARROW in /home/mysite.com/public_html/includes/classes/order.php on line 133

 

 

the url shows

 

 

Have you any idea about this.. ? I searched for it and found some people have had problems with the files and its normally something to do with a an extra ); or something....

 

if it helps heres my includes/classes/order.php

 

<?php

/*

$Id: order.php,v 1.33 2003/06/09 22:25:35 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

class order {

var $info, $totals, $products, $customer, $delivery, $content_type;

 

function order($order_id = '') {

$this->info = array();

$this->totals = array();

$this->products = array();

$this->customer = array();

$this->delivery = array();

 

if (tep_not_null($order_id)) {

$this->query($order_id);

} else {

$this->cart();

}

}

 

function query($order_id) {

global $languages_id;

 

$order_id = tep_db_prepare_input($order_id);

 

$order_query = tep_db_query("select customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value, date_purchased, orders_status, last_modified from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");

$order = tep_db_fetch_array($order_query);

 

$totals_query = tep_db_query("select title, text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int)$order_id . "' order by sort_order");

while ($totals = tep_db_fetch_array($totals_query)) {

$this->totals[] = array('title' => $totals['title'],

'text' => $totals['text']);

}

 

// begin PayPal_Shopping_Cart_IPN

$order_total_query = tep_db_query("select text, value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int)$order_id . "' and class = 'ot_total'");

// end PayPal_Shopping_Cart_IPN

$order_total = tep_db_fetch_array($order_total_query);

 

//begin PayPal_Shopping_Cart_IPN

$shipping_method_query = tep_db_query("select title, value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int)$order_id . "' and class = 'ot_shipping'");

//end PayPal_Shopping_Cart_IPN

$shipping_method = tep_db_fetch_array($shipping_method_query);

 

$order_status_query = tep_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . (int)$languages_id . "'");

$order_status = tep_db_fetch_array($order_status_query);

 

$this->info = array('currency' => $order['currency'],

'currency_value' => $order['currency_value'],

'payment_method' => $order['payment_method'],

'cc_type' => $order['cc_type'],

'cc_owner' => $order['cc_owner'],

'cc_number' => $order['cc_number'],

'cc_expires' => $order['cc_expires'],

'date_purchased' => $order['date_purchased'],

//begin PayPal_Shopping_Cart_IPN

'orders_status_id' => $order['orders_status'],

'shipping_cost' => $shipping_method['value'],

'total_value' => $order_total['value'],

//end PayPal_Shopping_Cart_IPN

'orders_status' => $order_status['orders_status_name'],

'last_modified' => $order['last_modified'],

'total' => strip_tags($order_total['text']),

'shipping_method' => ((substr($shipping_method['title'], -1) == ':') ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title'])));

 

$this->customer = array('id' => $order['customers_id'],

'name' => $order['customers_name'],

'company' => $order['customers_company'],

'street_address' => $order['customers_street_address'],

'suburb' => $order['customers_suburb'],

'city' => $order['customers_city'],

'postcode' => $order['customers_postcode'],

'state' => $order['customers_state'],

'country' => $order['customers_country'],

'format_id' => $order['customers_address_format_id'],

'telephone' => $order['customers_telephone'],

'email_address' => $order['customers_email_address']);

 

$this->delivery = array('name' => $order['delivery_name'],

'company' => $order['delivery_company'],

'street_address' => $order['delivery_street_address'],

'suburb' => $order['delivery_suburb'],

'city' => $order['delivery_city'],

'postcode' => $order['delivery_postcode'],

'state' => $order['delivery_state'],

'country' => $order['delivery_country'],

'format_id' => $order['delivery_address_format_id']);

 

if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {

$this->delivery = false;

}

 

$this->billing = array('name' => $order['billing_name'],

'company' => $order['billing_company'],

'street_address' => $order['billing_street_address'],

'suburb' => $order['billing_suburb'],

'city' => $order['billing_city'],

'postcode' => $order['billing_postcode'],

'state' => $order['billing_state'],

'country' => $order['billing_country'],

'format_id' => $order['billing_address_format_id']);

 

$index = 0;

$orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$order_id . "'");

while ($orders_products = tep_db_fetch_array($orders_products_query)) {

$this->products[$index] = array('qty' => $orders_products['products_quantity'],

'id' => $orders_products['products_id'],

//begin PayPal_Shopping_Cart_IPN

'orders_products_id' => $orders_products['orders_products_id'],

//end PayPal_Shopping_Cart_IPN

'name' => $orders_products['products_name'],

'model' => $orders_products['products_model'],

'tax' => $orders_products['products_tax'],

'price' => $orders_products['products_price'],

'final_price' => $orders_products['final_price']);

 

$subindex = 0;

//begin PayPal_Shopping_Cart_IPN

$attributes_query = tep_db_query("select products_options_id, products_options_values_id, products_options, products_options_values, options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int)$order_id . "' and orders_products_id = '" . (int)$orders_products['orders_products_id'] . "'");

//end PayPal_Shopping_Cart_IPN

if (tep_db_num_rows($attributes_query)) {

while ($attributes = tep_db_fetch_array($attributes_query)) {

$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'],

'value' => $attributes['products_options_values'],

'prefix' => $attributes['price_prefix'],

'price' => $attributes['options_values_price']

//begin PayPal_Shopping_Cart_IPN

'option_id' => $attributes['products_options_id'],

'value_id' => $attributes['products_options_values_id'],);

//end PayPal_Shopping_Cart_IPN

 

$subindex++;

}

}

 

$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';

 

$index++;

}

}

 

function cart() {

global $customer_id, $sendto, $billto, $cart, $languages_id, $currency, $currencies, $shipping, $payment;

 

$this->content_type = $cart->get_content_type();

 

$customer_address_query = tep_db_query("select c.customers_firstname, c.customers_lastname, c.customers_telephone, c.customers_email_address, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, co.countries_id, co.countries_name, co.countries_iso_code_2, co.countries_iso_code_3, co.address_format_id, ab.entry_state from " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " co on (ab.entry_country_id = co.countries_id) where c.customers_id = '" . (int)$customer_id . "' and ab.customers_id = '" . (int)$customer_id . "' and c.customers_default_address_id = ab.address_book_id");

$customer_address = tep_db_fetch_array($customer_address_query);

 

$shipping_address_query = tep_db_query("select ab.entry_firstname, ab.entry_lastname, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, ab.entry_country_id, c.countries_id, c.countries_name, c.countries_iso_code_2, c.countries_iso_code_3, c.address_format_id, ab.entry_state from " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " c on (ab.entry_country_id = c.countries_id) where ab.customers_id = '" . (int)$customer_id . "' and ab.address_book_id = '" . (int)$sendto . "'");

$shipping_address = tep_db_fetch_array($shipping_address_query);

 

$billing_address_query = tep_db_query("select ab.entry_firstname, ab.entry_lastname, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, ab.entry_country_id, c.countries_id, c.countries_name, c.countries_iso_code_2, c.countries_iso_code_3, c.address_format_id, ab.entry_state from " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " c on (ab.entry_country_id = c.countries_id) where ab.customers_id = '" . (int)$customer_id . "' and ab.address_book_id = '" . (int)$billto . "'");

$billing_address = tep_db_fetch_array($billing_address_query);

 

$tax_address_query = tep_db_query("select ab.entry_country_id, ab.entry_zone_id from " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) where ab.customers_id = '" . (int)$customer_id . "' and ab.address_book_id = '" . (int)($this->content_type == 'virtual' ? $billto : $sendto) . "'");

$tax_address = tep_db_fetch_array($tax_address_query);

 

$this->info = array('order_status' => DEFAULT_ORDERS_STATUS_ID,

'currency' => $currency,

'currency_value' => $currencies->currencies[$currency]['value'],

'payment_method' => $payment,

'cc_type' => (isset($GLOBALS['cc_type']) ? $GLOBALS['cc_type'] : ''),

'cc_owner' => (isset($GLOBALS['cc_owner']) ? $GLOBALS['cc_owner'] : ''),

'cc_number' => (isset($GLOBALS['cc_number']) ? $GLOBALS['cc_number'] : ''),

'cc_expires' => (isset($GLOBALS['cc_expires']) ? $GLOBALS['cc_expires'] : ''),

'shipping_method' => $shipping['title'],

'shipping_cost' => $shipping['cost'],

'subtotal' => 0,

'tax' => 0,

'tax_groups' => array(),

'comments' => (isset($GLOBALS['comments']) ? $GLOBALS['comments'] : ''));

 

if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) {

$this->info['payment_method'] = $GLOBALS[$payment]->title;

 

if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) {

$this->info['order_status'] = $GLOBALS[$payment]->order_status;

}

}

 

$this->customer = array('firstname' => $customer_address['customers_firstname'],

'lastname' => $customer_address['customers_lastname'],

'company' => $customer_address['entry_company'],

'street_address' => $customer_address['entry_street_address'],

'suburb' => $customer_address['entry_suburb'],

'city' => $customer_address['entry_city'],

'postcode' => $customer_address['entry_postcode'],

'state' => ((tep_not_null($customer_address['entry_state'])) ? $customer_address['entry_state'] : $customer_address['zone_name']),

'zone_id' => $customer_address['entry_zone_id'],

'country' => array('id' => $customer_address['countries_id'], 'title' => $customer_address['countries_name'], 'iso_code_2' => $customer_address['countries_iso_code_2'], 'iso_code_3' => $customer_address['countries_iso_code_3']),

'format_id' => $customer_address['address_format_id'],

'telephone' => $customer_address['customers_telephone'],

'email_address' => $customer_address['customers_email_address']);

 

$this->delivery = array('firstname' => $shipping_address['entry_firstname'],

'lastname' => $shipping_address['entry_lastname'],

'company' => $shipping_address['entry_company'],

'street_address' => $shipping_address['entry_street_address'],

'suburb' => $shipping_address['entry_suburb'],

'city' => $shipping_address['entry_city'],

'postcode' => $shipping_address['entry_postcode'],

'state' => ((tep_not_null($shipping_address['entry_state'])) ? $shipping_address['entry_state'] : $shipping_address['zone_name']),

'zone_id' => $shipping_address['entry_zone_id'],

'country' => array('id' => $shipping_address['countries_id'], 'title' => $shipping_address['countries_name'], 'iso_code_2' => $shipping_address['countries_iso_code_2'], 'iso_code_3' => $shipping_address['countries_iso_code_3']),

'country_id' => $shipping_address['entry_country_id'],

'format_id' => $shipping_address['address_format_id']);

 

$this->billing = array('firstname' => $billing_address['entry_firstname'],

'lastname' => $billing_address['entry_lastname'],

'company' => $billing_address['entry_company'],

'street_address' => $billing_address['entry_street_address'],

'suburb' => $billing_address['entry_suburb'],

'city' => $billing_address['entry_city'],

'postcode' => $billing_address['entry_postcode'],

'state' => ((tep_not_null($billing_address['entry_state'])) ? $billing_address['entry_state'] : $billing_address['zone_name']),

'zone_id' => $billing_address['entry_zone_id'],

'country' => array('id' => $billing_address['countries_id'], 'title' => $billing_address['countries_name'], 'iso_code_2' => $billing_address['countries_iso_code_2'], 'iso_code_3' => $billing_address['countries_iso_code_3']),

'country_id' => $billing_address['entry_country_id'],

'format_id' => $billing_address['address_format_id']);

 

$index = 0;

$products = $cart->get_products();

for ($i=0, $n=sizeof($products); $i<$n; $i++) {

$this->products[$index] = array('qty' => $products[$i]['quantity'],

'name' => $products[$i]['name'],

'model' => $products[$i]['model'],

'tax' => tep_get_tax_rate($products[$i]['tax_class_id'], $tax_address['entry_country_id'], $tax_address['entry_zone_id']),

'tax_description' => tep_get_tax_description($products[$i]['tax_class_id'], $tax_address['entry_country_id'], $tax_address['entry_zone_id']),

'price' => $products[$i]['price'],

'final_price' => $products[$i]['price'] + $cart->attributes_price($products[$i]['id']),

'weight' => $products[$i]['weight'],

'id' => $products[$i]['id']);

 

if ($products[$i]['attributes']) {

$subindex = 0;

reset($products[$i]['attributes']);

while (list($option, $value) = each($products[$i]['attributes'])) {

$attributes_query = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . (int)$products[$i]['id'] . "' and pa.options_id = '" . (int)$option . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . (int)$value . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . (int)$languages_id . "' and poval.language_id = '" . (int)$languages_id . "'");

$attributes = tep_db_fetch_array($attributes_query);

 

$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options_name'],

'value' => $attributes['products_options_values_name'],

'option_id' => $option,

'value_id' => $value,

'prefix' => $attributes['price_prefix'],

'price' => $attributes['options_values_price']);

 

$subindex++;

}

}

 

$shown_price = tep_add_tax($this->products[$index]['final_price'], $this->products[$index]['tax']) * $this->products[$index]['qty'];

$this->info['subtotal'] += $shown_price;

 

$products_tax = $this->products[$index]['tax'];

$products_tax_description = $this->products[$index]['tax_description'];

if (DISPLAY_PRICE_WITH_TAX == 'true') {

$this->info['tax'] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax)));

if (isset($this->info['tax_groups']["$products_tax_description"])) {

$this->info['tax_groups']["$products_tax_description"] += $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax)));

} else {

$this->info['tax_groups']["$products_tax_description"] = $shown_price - ($shown_price / (($products_tax < 10) ? "1.0" . str_replace('.', '', $products_tax) : "1." . str_replace('.', '', $products_tax)));

}

} else {

$this->info['tax'] += ($products_tax / 100) * $shown_price;

if (isset($this->info['tax_groups']["$products_tax_description"])) {

$this->info['tax_groups']["$products_tax_description"] += ($products_tax / 100) * $shown_price;

} else {

$this->info['tax_groups']["$products_tax_description"] = ($products_tax / 100) * $shown_price;

}

}

 

$index++;

}

 

if (DISPLAY_PRICE_WITH_TAX == 'true') {

$this->info['total'] = $this->info['subtotal'] + $this->info['shipping_cost'];

} else {

$this->info['total'] = $this->info['subtotal'] + $this->info['tax'] + $this->info['shipping_cost'];

}

}

}

?>

 

Thanks in advance for helping.. I think I need to buy you a beer ;)

 

W

Link to comment
Share on other sites

Thanks for the advice Joed

 

I havent changed any f that for the moment ... but I got a little problem on clicking on 'checkout'

 

I get a blacnk page with the error message

the url shows

Have you any idea about this.. ? I searched for it and found some people have had problems with the files and its normally something to do with a an extra ); or something....

 

if it helps heres my includes/classes/order.php

Thanks in advance for helping.. I think I need to buy you a beer ;)

 

W

 

Hi Wooly

 

It's bed time here in the UK, so I don't have time to properly look at your file. I'll do it tomorrow.

 

One thing i did notice is your file is called order.php while mine is called orders.php. The top line of my orders.php file is;

 

$Id: orders.php,v 1.112 2003/06/29 22:50:52 hpdl Exp $

 

I have just done a search and the only file that refers to this file is the filenames.php.

 

While I am asleep could you check that the file name is correct and that filename.php has it spelled correctly.

 

I had this problem with download.php, some files "included" downloads.php (note the s)

 

If it helps, I downloaded osCommerce between 2 to 3 weeks ago, so I guess I'm using the latest version. But your order.php is a different version to mine. Are we both using the same version of osCommerce?

Link to comment
Share on other sites

name='Joed' date='Apr 13 2006, 11:19 PM' post='838181']

Hi Wooly

 

It's bed time here in the UK, so I don't have time to properly look at your file. I'll do it tomorrow.

 

Hi Joed, Im in the uK too (London, Ealing) but I cant let this get the better of me... I hate to be tied to this stuff this way but i cant sleep unless i feel i have succeded for the day or whatever....

 

One thing i did notice is your file is called order.php while mine is called orders.php. The top line of my orders.php file is;

 

$Id: orders.php,v 1.112 2003/06/29 22:50:52 hpdl Exp $

 

I have just done a search and the only file that refers to this file is the filenames.php.

 

While I am asleep could you check that the file name is correct and that filename.php has it spelled correctly.

 

I had this problem with download.php, some files "included" downloads.php (note the s)

 

I do have an orders.php in catalog/admin which matchs your header Id :

$Id: orders.php,v 1.112 2003/06/29 22:50:52 hpdl Exp $

 

but I guess maybe you missed that i was discussing the catalog/includes/classes/order.php and not catalog/admin/orders.php

 

Anyay you prompted me to check header ids and i had another look at the install package and there are two order.php in there,

 

one at

\PayPal_Shopping_Cart_IPN_v3.1.5\MS2-2.2OverWriteAndRun\includes\classes\order.php

 

and another at

\PayPal_Shopping_Cart_IPN_v3.1.5\MS2-2.2OverWriteAndRun\admin\includes\classes\order.php

 

I guess i must have not overwritten them (though I'm sure i did it at least three or four times trying to solve the problem before asking the questions)

 

Anyway I now have a working order.php :D :D :D and the header info is:

 

$Id: order.php,v 1.1.1.1 2004/09/22 13:45:13 devosc Exp $

 

 

 

I have been exhaustive here (sorry if its a boring one) so others following have all the info

 

Note also that I took your lead on changing my files called download.php to downloads.php as you mentioned in an earlier post.. i guess it'll come out in the wash tomorrow on some live testing..

 

If it helps, I downloaded osCommerce between 2 to 3 weeks ago, so I guess I'm using the latest version. But your order.php is a different version to mine. Are we both using the same version of osCommerce?

 

The Oscommerce version I have installed is oscommerce-2.2ms2-051113

 

I have checked the 'checkout button' and all seems fine and i get the payment methods with credit card gifs etc AND the Paypal 'splash' on the way to paypal (nice) and......... now for the GOOD BIT...

 

When I try to back out of Paypal it wont let me back into the accounts section (like the problem with OSC IPN 1.1 which allowed a downlaod without paying) ... so that makes me real happy :)

 

I will continue to test payments tomorrow and post results....

 

Now...AT LAST ...IM OFF TO BED TOO...NITE all ;)

 

BIG THANKS TO YOU JOED for your help. ....YAWN... 01:19am

 

W

Link to comment
Share on other sites

Hi Devosc

 

I have installed oscommerce-2.2ms2-051113 and your PayPal_Shopping_Cart_IPN 3.1.5 and Downloads

Controller, the newest version, can't remember version number. :-"

 

I have been testing in the sandbox and I can't get the orders made to get past the "processing" phase.

I am getting no errors and no debug emails. Everything works I think except when you come back to

the store.

I'm not real familiar with osCommerce so I'm very lost. I had the PayPal IPN installed before but it would

sometimes take a payment and allow the download and next time (same person) PayPal refused the order,

said it had already been made.

 

Anyway if you can give me any help I would appreciate it, I have been working on this whole project for months

and I am so close to getting it done. I'm at the end of my rope on this.

 

BTW, I don't know if this has anything to do with this but my installation is not under catalog, it has another name.

 

my order status:

 

0 Processing (default)

1 On Hold

2 Refunded

3 Cancelled

4 Delivered

5 Preparing [Paypal IPN]

 

 

my download settings:

Enable download - true

Download by redirect - false

Expiry delay (days) - 7

Maximum number of downloads - 1

Downloads Controller Update Status Value - 12

Downloads Controller Download on hold message - <BR><font color="FF0000">NOTE: Downloads are not available until payment has been confirmed</font>

Downloads Controller Order Status Value - 10

 

I'm very sorry if you have addressed these issues before but I have searched and searched and I just can't find much to help, these topics are so big.

 

Thanks for looking.

Oh, if anyone can answer this I need it dumbed down, I'm not much of a PHP or Database person. :blush:

Link to comment
Share on other sites

 

 

Hi

 

Brilliant, it looks like you are there, well done.

 

the files

 

catalog\account_history_info.php

catalog\checkout_success.php

 

contain the line

 

if (DOWNLOAD_ENABLED == 'true') include(DIR_WS_MODULES . 'download.php');

 

 

and the file

 

catalog\includes\filenames.php

 

includes the line

 

define('FILENAME_DOWNLOAD', 'download.php');

 

make sure they all match.

Link to comment
Share on other sites

 

 

Hi

 

Your setting look the same as mine, except for the following lines

 

 

Downloads Controller Update Status Value - 4

Downloads Controller Order Status Value - 2

 

The download controller I use only allows downloads when the Order Status reaches 4.

 

Also the line below only allows the customer one chance to download the file. Mine is set to 5

 

Maximum number of downloads - 1

Link to comment
Share on other sites

Hi again

 

well i tested the payment system live and it works fine with payment going through and downloads working

 

I also checked out the filenames and that ot tallied with the code you posted Joed.. i have it working now but at first i had problems as having all of the download.php files named to downloads.php wasnt working for me.. i then looked back on the oiginal install dir i had downloaded and unpacked and the only file that needed to be named downloads.php was in /public_html/includes/modules.

 

The others at /catalog/, and catalog/includes/languages/english/ and /german and /espanol etc are all still named download.php

 

The only other thing that slightly worries me is that the URL and order id that can be viewed when hovering over the download link when in the 'my account' after payment is not obfuscated or encrypted... which means an unscrupulous custumer who has already paid 'could' then copy out this link by hand and then email it to a friend or post it on a newsgroup etc... and the file can then be downloaded by others BUT only up to the maximum amount set by the store admin. I guess this is not much of an issue but I suppose aybe thats what the paypal secret message url is for..to encrypt the url? (but only if you are on SSL and paypal securepayments, which i am not :( )

 

The other way recommended in the paypal doc info i posted above is to use https postback, but I have no idea ho to implement this with oscommerce... IF ANY KNOWS, PLEASE POST HERE.

 

Anyway Hope this helps someone.

 

Thanks again Joed, anytime you fancy a beer and you are in Ealing , let me know ;)

 

W

Link to comment
Share on other sites

Hi again

 

The only other thing that slightly worries me is that the URL and order id that can be viewed when hovering over the download link when in the 'my account' after payment is not obfuscated or encrypted... which means an unscrupulous custumer who has already paid 'could' then copy out this link by hand and then email it to a friend or post it on a newsgroup etc... and the file can then be downloaded by others BUT only up to the maximum amount set by the store admin. I guess this is not much of an issue but I suppose aybe thats what the paypal secret message url is for..to encrypt the url? (but only if you are on SSL and paypal securepayments, which i am not :( )

 

 

Thanks again Joed, anytime you fancy a beer and you are in Ealing , let me know ;)

 

W

 

Hi

 

That slightly worries me too. I didn't check this out, didn't even think about it!

 

I can't check it out now as all my test purchases have expired, but maybe you could help me. Does the customer get a link to the file in the downloads folder, or does the file get moved to a temp folder?

 

I have my downloads set to 1 day and 5 attempts as I think anyone who pays for a download will want to download the file as soon as it's paid for. They aren't going pay then wait 3 days to download the file, are they?

 

Anyway, I'm glad you got it all working, and if I'm ever in ealing I'll hold you to that beer.

Link to comment
Share on other sites

Hi

 

That slightly worries me too. I didn't check this out, didn't even think about it!

 

I can't check it out now as all my test purchases have expired, but maybe you could help me. Does the customer get a link to the file in the downloads folder, or does the file get moved to a temp folder?

 

I have my downloads set to 1 day and 5 attempts as I think anyone who pays for a download will want to download the file as soon as it's paid for. They aren't going pay then wait 3 days to download the file, are they?

 

Anyway, I'm glad you got it all working, and if I'm ever in ealing I'll hold you to that beer.

 

 

Hi Joed the link has the name of the download file eg. song1.mp3 but links to a download.php i.e. like this:

 

hxxp://mysite.com/download.php?order=155&id=19

 

I think that this may be in the temp folder but i dont know... only that it works if i copy it and then open a new browser window and paste it in...but only for the number or downloads set... maybe this is cookie based to the session but i dont know.

 

hope this helps

 

W

Link to comment
Share on other sites

Hi Joed the link has the name of the download file eg. song1.mp3 but links to a download.php i.e. like this:

 

hxxp://mysite.com/download.php?order=155&id=19

 

I think that this may be in the temp folder but i dont know... only that it works if i copy it and then open a new browser window and paste it in...but only for the number or downloads set... maybe this is cookie based to the session but i dont know.

 

hope this helps

 

W

 

Thanks Wooly, that helps a lot and answered all my questions.

 

Maybe it's because it's good friday and I have nothing better to do, but it crossed my mind that someone could take the link and get other downloads. If they changed the order to 154 and then tried changing the id, starting at 1 and increasing each time, they could possible get the previous order too.

 

Then I realised that on my store the link expires after 1 day so I doubt it will be a problem.

 

Then again, you know the internet, if there is the slightest chance of getting something for nothing someone will try it. :-)

Link to comment
Share on other sites

Thanks Wooly, that helps a lot and answered all my questions.

 

Maybe it's because it's good friday and I have nothing better to do, but it crossed my mind that someone could take the link and get other downloads. If they changed the order to 154 and then tried changing the id, starting at 1 and increasing each time, they could possible get the previous order too.

 

Then I realised that on my store the link expires after 1 day so I doubt it will be a problem.

 

Then again, you know the internet, if there is the slightest chance of getting something for nothing someone will try it. :-)

 

 

ooops yeah.... this time I didnt think of that one... I tried it and it doesnt work by changing the variables to the order id and download id to those for other products that i have in the database ...phew almost a stressy...

 

Then again, you know the internet, if there is the slightest chance of getting something for nothing someone will try it. :-)

 

 

Yeah I havent got redirect turned on in the downlaoad cause i know there are losts of possible spxxf tricks out there... and i dont want to risk it...not that i can find an explanation of what the exact function of turning it on is anywhere in the oscommerce docs....

 

Cheers

 

W

Link to comment
Share on other sites

Hi, Noticed something very strange today. Suddenly (at 2:10am today) hundreds of my orders changed from either pending or delivered to cancelled in what looks like a mass update of the orders table. I've never noticed this happen before, they are mostly orders which never went past the pending stage and go back well over a year.

 

Is this normal or should I be worried??

 

Note, I'm using v2.9 of the paypal IPN

 

Thanks for any help you can offer!

 

Brian

Light, in the absence of eyes, illuminates nothing.

Link to comment
Share on other sites

Hi, Noticed something very strange today. Suddenly (at 2:10am today) hundreds of my orders changed from either pending or delivered to cancelled in what looks like a mass update of the orders table. I've never noticed this happen before, they are mostly orders which never went past the pending stage and go back well over a year.

 

Is this normal or should I be worried??

 

Note, I'm using v2.9 of the paypal IPN

 

Thanks for any help you can offer!

 

Brian

I have not installed v2.9, but things should not happen like that without some action by you. Did you install something or change something?

Link to comment
Share on other sites

I have not installed v2.9, but things should not happen like that without some action by you. Did you install something or change something?

 

No, haven't made any changes for a while. I don't suppose it could be paypal catching up on the housekeeping?

Light, in the absence of eyes, illuminates nothing.

Link to comment
Share on other sites

No, haven't made any changes for a while. I don't suppose it could be paypal catching up on the housekeeping?

I don't see how.

 

My understanding is that it can only happen at your end. Does anyone else have acess to your admin?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...