AM/PM-Girl Posted October 9, 2009 Share Posted October 9, 2009 @FlyingKites: I'm looking into it and moving the project to github. @AM/PM-Girl: Yep you need to update your checkout_process.php script. Change these lines: // load the before_process function from the payment modules $payment_modules->before_process(); require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_totals = $order_total_modules->process(); to this: require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_totals = $order_total_modules->process(); // load the before_process function from the payment modules $payment_modules->before_process(); The reasoning being that the payment module is being processed before the order totals have been properly calculated. Thank you for the quick reply Brian I tried that change and what happens is that the order is processed to Checkout_success.php but the credit card is not charged. So what happens is that it looks like the order is paid for but in fact it is not. Any Ideas on why this is happening or possible fix? I really appreciate the help Taylor Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 13, 2009 Share Posted October 13, 2009 Hello: I have osCommerce with the PayFlow Pro module installed. All is running on a shared hosting platform (GoDaddy). Everything works fine a majority of the time. However, about 25% of the orders get a 500 error. The cards are processed and charged. Customers then go back and order again. Those to whom I have spoken, tell me they get the 500 error the second time as well. Any suggestions as to where I can explore? Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 14, 2009 Share Posted October 14, 2009 Hello: I have osCommerce with the PayFlow Pro module installed. All is running on a shared hosting platform (GoDaddy). Everything works fine a majority of the time. However, about 25% of the orders get a 500 error. The cards are processed and charged. Customers then go back and order again. Those to whom I have spoken, tell me they get the 500 error the second time as well. Any suggestions as to where I can explore? Some additional info. I have found that the error may be generated every time. Most folks are just ignoring it. Can anyone help me trace what would cause the problem? Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 15, 2009 Share Posted October 15, 2009 More info The 500 error is only on approval; declines do not cause a problem...except we don't generate revenue :-) Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 15, 2009 Share Posted October 15, 2009 even more info.... This is driving me crazy. It appears this issue arose after the September change. Things worked perfectly prior to the change by PayPal. Can anyone out there help? I am close to looking for a different shopping cart, and starting over.... Quote Link to comment Share on other sites More sharing options...
dynamoeffects Posted October 19, 2009 Author Share Posted October 19, 2009 @AM/PM-Girl: Follow these instructions and post the response (Remove all personal info such as API credentials and card numbers) @jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is. Quote Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail. Link to comment Share on other sites More sharing options...
ozEworks Posted October 19, 2009 Share Posted October 19, 2009 Hi Before we had a 114 (invalid CVV) get thru without an error and now we got a 104 (timeout) get thru. As far as I can see, they cannot get thru unless the code is sent back with a blank error message. Which presumably cannot happen but apparently now is. I think that the code that checks non-specific errors if ($RespMsg != '') { $payment_error_return = 'payment_error=' . $this->code . '&error=' . urldecode($RespMsg); should be changed to check the error code instead: if (($result_code != 0) { ) { $payment_error_return = 'payment_error=' . $this->code . '&error=' . urldecode($RespMsg); Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 19, 2009 Share Posted October 19, 2009 @jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is. I finally got the server logs. Here is the relevant entry: [Thu Oct 15 13:04:54 2009] [error] [client <snip>IP</snip>] malformed header from script. Bad header=No recipient addresses found i: <snip>path to my implementation</snip> /checkout_process.php Thanks so much for the response! I appreciate any assistance you can offer. Roger Quote Link to comment Share on other sites More sharing options...
ozEworks Posted October 20, 2009 Share Posted October 20, 2009 I finally got the server logs. Here is the relevant entry: [Thu Oct 15 13:04:54 2009] [error] [client <snip>IP</snip>] malformed header from script. Bad header=No recipient addresses found i: <snip>path to my implementation</snip> /checkout_process.php Thanks so much for the response! I appreciate any assistance you can offer. Roger Are you sure you have your module setup properly in Admin? Quote Link to comment Share on other sites More sharing options...
AM/PM-Girl Posted October 20, 2009 Share Posted October 20, 2009 @AM/PM-Girl: Follow these instructions and post the response (Remove all personal info such as API credentials and card numbers) @jrcreasy: A 500 error is an Internal Server Error. You would need to review your apache error logs to see exactly what the cause is. Brian, Did you want me to do this with this change active? require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_totals = $order_total_modules->process(); // load the before_process function from the payment modules $payment_modules->before_process(); or without this change? Thanks Taylor Quote Link to comment Share on other sites More sharing options...
dynamoeffects Posted October 21, 2009 Author Share Posted October 21, 2009 (edited) Development has been moved to github. Please add all issues or requested code fixes under the issues tab at the following website: http://github.com/Dy...-for-oscommerce @FlyingKites: The whole error handling portion has been updated and pushed to GitHub (you'll need to download it from the link above). It now handles all error responses correctly. Please test it and let me know if there are any problems with it. If it's fine I'll update the contribution. @jrcreasy: I honestly have no idea. Try disabling sending emails in your admin configuration settings and see if that fixes the problem. Also try using a different payment module like COD. More than likely the problem is further down in your checkout flow. @AM/PM-Girl: Yes, that bug fix I showed you needs to be applied whether you use this module or not. Edited October 21, 2009 by dynamoeffects Biancoblu 1 Quote Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail. Link to comment Share on other sites More sharing options...
jrcreasy Posted October 21, 2009 Share Posted October 21, 2009 @jrcreasy: I honestly have no idea. Try disabling sending emails in your admin configuration settings and see if that fixes the problem. Also try using a different payment module like COD. More than likely the problem is further down in your checkout flow. I think I found the source of the problem. There were no e-mail addresses listed in Configuration=>My Store=>Send Extra Order e-mails to So, my theory is when the script tried to call sendmail, it generated an error because there was no "T0:" address. Let me know if my theory sounds valid. Thanks for your time. Quote Link to comment Share on other sites More sharing options...
jrcreasy Posted October 21, 2009 Share Posted October 21, 2009 Can anyone help with how to set Payflow's Comment1 and Comment2? Quote Link to comment Share on other sites More sharing options...
matthewkris Posted January 11, 2010 Share Posted January 11, 2010 I'm having a few issues with this module that I'm trying to work out. First off - Is there any sort of javascript validation? I notice the function is empty and I can submit the form without any number being imported. Worse than that, when I do this I get: Warning: str_repeat() [function.str-repeat]: Second argument has to be greater than or equal to 0 in ********/paypal_payflow_pro.php on line 85 I double checked the code and everything appears to be up to date. Am I missing something here? Quote Link to comment Share on other sites More sharing options...
Richard Cranium Posted January 14, 2010 Share Posted January 14, 2010 I want to add a brief tip for anyone having problems integrating this or any other PayFlow Pro contribution. I just discovered that the PayFlow Gateway password cannot contain any special characters. I'm not sure why, but I suspect they may be stripped out somewhere as a security precaution. Regardless of the reason, I've confirmed this is indeed an issue. What is frustrating is that the PayPal gateway site will allow you to save a password for your gateway connection with special characters (e.g. @, !, *, etc.). If their password entry would not allow you to do so then it would avoid this problem (or at least provide a notification if they're not going to screen out the characters). Quote Link to comment Share on other sites More sharing options...
Richard Cranium Posted January 14, 2010 Share Posted January 14, 2010 (edited) Another tip for anyone with the bug that credit card errors are returned with the message "Credit Card Error!" and no details.... Check your URL that is trying to return the credit card error. You may see something like this, "https://<store url>/checkout_payment.php?payment_error=paypal_payflow_pro&error=<error message>" Note the & portion. Brian's PayFlow Pro mod uses $_GET to dissect the returned error message, which expects to see the & symbol denoting a new variable (in this case the variable name is "error"). The problem that I ran into is that my URLs were showing & instead of &. This resulted in a string of amp;error retrieved by the $_GET command, which of course Brian's mod ignored, thereby diligently displaying nothing! (Note: Brian, you may want to consider adding a generic 'catch all' error message at some point) I'm not sure which mod is the culprit (though I suspect it is Ultimate SEO URLs), but regardless this scenario proved (for me) to be the source of the blank error messages. I was able to correct it by making the following change in /includes/modules/payment/paypal_payflow_pro.php: Line 337 from: 'error' => stripslashes(urldecode($_GET['error']))); to: 'error' => stripslashes(urldecode($_GET['amp;error']))); Now I see the error messages! Hooray! Hopefully, this will help out someone else as well. :) David Edited January 14, 2010 by Richard Cranium Quote Link to comment Share on other sites More sharing options...
russellsinterflora Posted January 17, 2010 Share Posted January 17, 2010 This is the support thread for the new PayPal Payflow Pro module. Any questions you have should be directed here. Hi, how are you? i install paypal pay flow pro,when i click to confirm the payment it will loop back to the checkout again,i appreciated if you could give me some advice on this. Many thanks Quote Link to comment Share on other sites More sharing options...
gocchin Posted February 14, 2010 Share Posted February 14, 2010 Warning: str_repeat() [function.str-repeat]: Second argument has to be greater than or equal to 0 in ********/paypal_payflow_pro.php on line 85 We started receiving the same Warning message suddenly a few days ago and have had to disable Payflow Pro meaning we can't accept credit cards at the moment. Can anyone explain how to overcome this warning? Quote Link to comment Share on other sites More sharing options...
greenitcompany Posted April 23, 2010 Share Posted April 23, 2010 I am getting an error in Internet Explorer 8. Paypal Payflow Pro is working in all other browsers and seems to be localised to IE 8. The problem is with the start date drop down list. it displays all months except January. Has anybody else experienced this? Is there a fix that can be applied to make the module work with IE8. I suppose the best thing to do would be to suggest using a decent browser such as Firefox, Chrome or Safari. IE is such a pain! Adam Quote Link to comment Share on other sites More sharing options...
slappy_d0 Posted April 26, 2010 Share Posted April 26, 2010 We started receiving the same Warning message suddenly a few days ago and have had to disable Payflow Pro meaning we can't accept credit cards at the moment. Can anyone explain how to overcome this warning? I'm also having the exact same issue. It appears to only happen when one of the credit card fields is left blank. Any ideas? Quote Link to comment Share on other sites More sharing options...
luckygirrl Posted July 6, 2010 Share Posted July 6, 2010 everything appears to be installed correctly, however once i put my credit card info in it simply returns to the credit card page..it doesnt log it as an order or anything..it just loops back to the credit card input page..your help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
petercascio Posted September 20, 2010 Share Posted September 20, 2010 Has anybody else had problems with sales tax not being applied to shipping and the low order fee being ignored? The order confirmation the customer gets has all the correct info: sales amount + shipping + low order fee + tax on all three items = total amount charged However, in PayPal we get sales amount + tax on sales amount only + shipping = total amount charged Help! Quote Link to comment Share on other sites More sharing options...
awscales Posted December 13, 2010 Share Posted December 13, 2010 Hi there. Thanks for your work on this module, it has helped us a great deal. I have a question though about the Authorization process. I have set the TRXTYPE to A so we can do a Delayed Capture in the Payflow Manager when we are ready to process the order. This is because sometimes an item is out of stock with a supplier and we don't want to charge them until an item is shipped. Everything works great except that the module sends the Authorization for the full order total even when there is a mismatch on the cards address or security code. The customer does get the error response fine, and they get the opportunity to correct their billing address or CSC just fine. However, each time they do this, they are authorizing their card for the order total, so if they keep entering the wrong billing and retrying, they could potentially max out their card without knowing. What should happen, is the payflow pro module should do an Account Verification by sending a TRXTYPE=A for zero dollars, then if the response states that the parameters such as CSC all matched, it should do another authorization for the full dollar amount of the order. Does anyone know how I would add this feature to the module? Quote Link to comment Share on other sites More sharing options...
petercascio Posted August 7, 2011 Share Posted August 7, 2011 Anyone using this module should check their database for complete plain text credit card numbers. Some versions of the module do NOT obscure the first numbers with XXX so you get 1234567812345678 instead of XXXXXXXXXXXX5678 Not only is this really bad for your costumers should someone hack your site but it is also a major violation of your credit card acceptance contract. Quote Link to comment Share on other sites More sharing options...
JimbobobHacker Posted November 19, 2012 Share Posted November 19, 2012 PayPal Payflow Pro [New Version] v0.3 is vulnerable to an SSL man in the middle attack as described in CVE-2012-5796. To fix it, edit paypal_payflow_pro/catalog/includes/modules/payment/paypal_payflow_pro.php and replace the OLD line with the NEW line. OLD: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); OLD: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.