Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PayPal Payflow Pro [New Version]


dynamoeffects

Recommended Posts

@FlyingKites: I'm looking into it and moving the project to github.

 

@AM/PM-Girl: Yep you need to update your checkout_process.php script. Change these lines:

 

// load the before_process function from the payment modules
$payment_modules->before_process();

require(DIR_WS_CLASSES . 'order_total.php');
$order_total_modules = new order_total;

$order_totals = $order_total_modules->process();

 

to this:

 

require(DIR_WS_CLASSES . 'order_total.php');
$order_total_modules = new order_total;

$order_totals = $order_total_modules->process();

// load the before_process function from the payment modules
$payment_modules->before_process();

 

The reasoning being that the payment module is being processed before the order totals have been properly calculated.

 

Thank you for the quick reply Brian

 

I tried that change and what happens is that the order is processed to Checkout_success.php but the credit card is not charged.

 

So what happens is that it looks like the order is paid for but in fact it is not.

 

Any Ideas on why this is happening or possible fix?

 

I really appreciate the help

Taylor

Link to comment
Share on other sites

Hello:

 

I have osCommerce with the PayFlow Pro module installed. All is running on a shared hosting platform (GoDaddy). Everything works fine a majority of the time. However, about 25% of the orders get a 500 error. The cards are processed and charged. Customers then go back and order again. Those to whom I have spoken, tell me they get the 500 error the second time as well. Any suggestions as to where I can explore?

Link to comment
Share on other sites

Hello:

 

I have osCommerce with the PayFlow Pro module installed. All is running on a shared hosting platform (GoDaddy). Everything works fine a majority of the time. However, about 25% of the orders get a 500 error. The cards are processed and charged. Customers then go back and order again. Those to whom I have spoken, tell me they get the 500 error the second time as well. Any suggestions as to where I can explore?

 

 

 

Some additional info. I have found that the error may be generated every time. Most folks are just ignoring it. Can anyone help me trace what would cause the problem?

Link to comment
Share on other sites

even more info....

 

This is driving me crazy.

 

It appears this issue arose after the September change. Things worked perfectly prior to the change by PayPal.

Can anyone out there help? I am close to looking for a different shopping cart, and starting over....

Link to comment
Share on other sites

@AM/PM-Girl: Follow these instructions and post the response (Remove all personal info such as API credentials and card numbers)

 

@jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is.

Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail.

Link to comment
Share on other sites

Hi

 

Before we had a 114 (invalid CVV) get thru without an error and now we got a 104 (timeout) get thru.

 

As far as I can see, they cannot get thru unless the code is sent back with a blank error message. Which presumably cannot happen but apparently now is.

 

I think that the code that checks non-specific errors

 

if ($RespMsg != '') {

$payment_error_return = 'payment_error=' . $this->code . '&error=' . urldecode($RespMsg);

 

should be changed to check the error code instead:

 

if (($result_code != 0) { ) {

$payment_error_return = 'payment_error=' . $this->code . '&error=' . urldecode($RespMsg);

Link to comment
Share on other sites

 

@jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is.

 

 

I finally got the server logs. Here is the relevant entry:

 

[Thu Oct 15 13:04:54 2009] [error] [client <snip>IP</snip>] malformed header from script. Bad header=No recipient addresses found i: <snip>path to my implementation</snip> /checkout_process.php

 

Thanks so much for the response! I appreciate any assistance you can offer.

 

Roger

Link to comment
Share on other sites

I finally got the server logs. Here is the relevant entry:

 

[Thu Oct 15 13:04:54 2009] [error] [client <snip>IP</snip>] malformed header from script. Bad header=No recipient addresses found i: <snip>path to my implementation</snip> /checkout_process.php

 

Thanks so much for the response! I appreciate any assistance you can offer.

 

Roger

Are you sure you have your module setup properly in Admin?

Link to comment
Share on other sites

@AM/PM-Girl: Follow these instructions and post the response (Remove all personal info such as API credentials and card numbers)

 

@jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is.

 

 

Brian,

 

Did you want me to do this with this change active?

 

require(DIR_WS_CLASSES . 'order_total.php');

$order_total_modules = new order_total;

 

$order_totals = $order_total_modules->process();

 

// load the before_process function from the payment modules

$payment_modules->before_process();

 

or without this change?

 

Thanks

Taylor

Link to comment
Share on other sites

Development has been moved to github. Please add all issues or requested code fixes under the issues tab at the following website:

http://github.com/Dy...-for-oscommerce

@FlyingKites: The whole error handling portion has been updated and pushed to GitHub (you'll need to download it from the link above). It now handles all error responses correctly. Please test it and let me know if there are any problems with it. If it's fine I'll update the contribution.

 

@jrcreasy: I honestly have no idea. Try disabling sending emails in your admin configuration settings and see if that fixes the problem. Also try using a different payment module like COD. More than likely the problem is further down in your checkout flow.

 

@AM/PM-Girl: Yes, that bug fix I showed you needs to be applied whether you use this module or not.

Edited by dynamoeffects

Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail.

Link to comment
Share on other sites

 

 

@jrcreasy: I honestly have no idea. Try disabling sending emails in your admin configuration settings and see if that fixes the problem. Also try using a different payment module like COD. More than likely the problem is further down in your checkout flow.

 

 

I think I found the source of the problem. There were no e-mail addresses listed in Configuration=>My Store=>Send Extra Order e-mails to

So, my theory is when the script tried to call sendmail, it generated an error because there was no "T0:" address.

 

Let me know if my theory sounds valid.

Thanks for your time.

Link to comment
Share on other sites

  • 2 months later...

I'm having a few issues with this module that I'm trying to work out. First off - Is there any sort of javascript validation? I notice the function is empty and I can submit the form without any number being imported. Worse than that, when I do this I get:

 

Warning: str_repeat() [function.str-repeat]: Second argument has to be greater than or equal to 0 in ********/paypal_payflow_pro.php on line 85

 

I double checked the code and everything appears to be up to date. Am I missing something here?

Link to comment
Share on other sites

I want to add a brief tip for anyone having problems integrating this or any other PayFlow Pro contribution. I just discovered that the PayFlow Gateway password cannot contain any special characters. I'm not sure why, but I suspect they may be stripped out somewhere as a security precaution. Regardless of the reason, I've confirmed this is indeed an issue. What is frustrating is that the PayPal gateway site will allow you to save a password for your gateway connection with special characters (e.g. @, !, *, etc.). If their password entry would not allow you to do so then it would avoid this problem (or at least provide a notification if they're not going to screen out the characters).

Link to comment
Share on other sites

Another tip for anyone with the bug that credit card errors are returned with the message "Credit Card Error!" and no details....

 

Check your URL that is trying to return the credit card error. You may see something like this, "https://<store url>/checkout_payment.php?payment_error=paypal_payflow_pro&error=<error message>"

 

Note the & portion. Brian's PayFlow Pro mod uses $_GET to dissect the returned error message, which expects to see the & symbol denoting a new variable (in this case the variable name is "error"). The problem that I ran into is that my URLs were showing & instead of &. This resulted in a string of amp;error retrieved by the $_GET command, which of course Brian's mod ignored, thereby diligently displaying nothing! (Note: Brian, you may want to consider adding a generic 'catch all' error message at some point)

 

I'm not sure which mod is the culprit (though I suspect it is Ultimate SEO URLs), but regardless this scenario proved (for me) to be the source of the blank error messages. I was able to correct it by making the following change in /includes/modules/payment/paypal_payflow_pro.php:

 

Line 337 from:

 

       'error' => stripslashes(urldecode($_GET['error'])));

 

to:

 

       'error' => stripslashes(urldecode($_GET['amp;error'])));

 

Now I see the error messages! Hooray! Hopefully, this will help out someone else as well. :)

 

David

Edited by Richard Cranium
Link to comment
Share on other sites

  • 4 weeks later...

 

Warning: str_repeat() [function.str-repeat]: Second argument has to be greater than or equal to 0 in ********/paypal_payflow_pro.php on line 85

 

 

We started receiving the same Warning message suddenly a few days ago and have had to disable Payflow Pro meaning we can't accept credit cards at the moment. Can anyone explain how to overcome this warning?

Link to comment
Share on other sites

  • 2 months later...

I am getting an error in Internet Explorer 8.

 

Paypal Payflow Pro is working in all other browsers and seems to be localised to IE 8.

 

The problem is with the start date drop down list. it displays all months except January.

 

Has anybody else experienced this?

 

Is there a fix that can be applied to make the module work with IE8. I suppose the best thing to do would be to suggest using a decent browser such as Firefox, Chrome or Safari.

 

IE is such a pain!

 

Adam

Link to comment
Share on other sites

We started receiving the same Warning message suddenly a few days ago and have had to disable Payflow Pro meaning we can't accept credit cards at the moment. Can anyone explain how to overcome this warning?

 

I'm also having the exact same issue. It appears to only happen when one of the credit card fields is left blank. Any ideas?

Link to comment
Share on other sites

  • 2 months later...

everything appears to be installed correctly, however once i put my credit card info in it simply returns to the credit card page..it doesnt log it as an order or anything..it just loops back to the credit card input page..your help would be greatly appreciated.

Link to comment
Share on other sites

  • 2 months later...

Has anybody else had problems with sales tax not being applied to shipping and the low order fee being ignored?

 

The order confirmation the customer gets has all the correct info:

 

sales amount

+ shipping

+ low order fee

+ tax on all three items

= total amount charged

 

However, in PayPal we get

 

sales amount

+ tax on sales amount only

+ shipping

= total amount charged

 

Help!

Link to comment
Share on other sites

  • 2 months later...

Hi there. Thanks for your work on this module, it has helped us a great deal.

 

I have a question though about the Authorization process. I have set the TRXTYPE to A so we can do a Delayed Capture in the Payflow Manager when we are ready to process the order. This is because sometimes an item is out of stock with a supplier and we don't want to charge them until an item is shipped. Everything works great except that the module sends the Authorization for the full order total even when there is a mismatch on the cards address or security code. The customer does get the error response fine, and they get the opportunity to correct their billing address or CSC just fine. However, each time they do this, they are authorizing their card for the order total, so if they keep entering the wrong billing and retrying, they could potentially max out their card without knowing.

 

What should happen, is the payflow pro module should do an Account Verification by sending a TRXTYPE=A for zero dollars, then if the response states that the parameters such as CSC all matched, it should do another authorization for the full dollar amount of the order. Does anyone know how I would add this feature to the module?

Link to comment
Share on other sites

  • 7 months later...

Anyone using this module should check their database for complete plain text credit card numbers.

 

Some versions of the module do NOT obscure the first numbers with XXX so you get

 

1234567812345678 instead of XXXXXXXXXXXX5678

 

Not only is this really bad for your costumers should someone hack your site but it is also a major violation of your credit card acceptance contract.

 

Link to comment
Share on other sites

  • 1 year later...

PayPal Payflow Pro [New Version] v0.3 is vulnerable to an SSL man in the middle attack as described in CVE-2012-5796. To fix it, edit paypal_payflow_pro/catalog/includes/modules/payment/paypal_payflow_pro.php and replace the OLD line with the NEW line.

 

OLD: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

OLD: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...