bmccon02 Posted May 31, 2003 Share Posted May 31, 2003 I believe that the biggest problem of all might be WorldPay's terms and conditions. It seems as though they want the customer to know explicity when they are on the WorldPay site, if you do it all in the background by talking to the WorldPay servers, then this may upset them and they may not approve your site. They are VERY Pernickety. As a slight side note, I decicided not to do anymore work on my changes on integrating the checkout_processing into the checkout module and releasing it to the public. This is because it seems that Graeme is unwilling to make the necessary changes to the module to overcome the present 'feature' that 1 in 10 orders fail to regiseter with osc despite the 'stablility' of the design. Quote Link to comment Share on other sites More sharing options...
Ian-San Posted May 31, 2003 Share Posted May 31, 2003 Ben I suggest that you do do it and release it as a separate module - clearly labelled as such - for those who want to go down that path. For those who are happy with the existing stable release, then they can use Graeme's module. There is no such thing as one size fits all when it come to e-commerce! Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
GuntherR Posted May 31, 2003 Share Posted May 31, 2003 Ben, You did quite some work on the "checkout and not updating the database" problem. I did a quick fix for it and would like to get some feedback. Instead of having the 5-10 seconds redirect delay in the wpcallback.php script, I simply moved it into the worldpay.php module: after_process() { sleep (5); // show WorldPay result for 5 seconds return false; } In wpcallback.php I replaced the 5 seconds delay with 0 echo "<meta http-equiv='Refresh' content='0; Url="$url"'>"; And it seems to work fine (In test mode). But of course doing the update in the callback script would be better. In case the result is never displayed on the customers PC, the DB would be updated. By the way, the failure section of the callback script seems to be not necessary as the script will only be called on success or cancellation. Gunther Quote Link to comment Share on other sites More sharing options...
alfaowner Posted June 3, 2003 Share Posted June 3, 2003 I hope that some one can help? We have found that our Worldpay module is not operating as it was designed, after completing the purchase, we are being returned to an empty shopping cart.php instead of the page that says ?Order processed successfully? I am using the Latest MS1 version (Worldpay_MS1_version_a) from the OS contributions with my call back set up exactly as stated in the INSTALL.TXT file. (http://<wpdisplay item="MC_callback">) with both my tick boxes, ticked. Any one had this problem, I am in test mode so feel free to make a purchase with 4444333322221111 http://www.alfaowner.com/store We are desperate to go live, please help us if you can. I tried emailing graeme but he must be busy. Regards, AO Quote Link to comment Share on other sites More sharing options...
alfaowner Posted June 3, 2003 Share Posted June 3, 2003 Oh yeah, I did notice that when you are on the payment recieved page (catalog/wpcallback.php) the "Welcome shoppers name" turns back to the "Hello Guest!" as if you were not logged in. then goes back to the Welcome shoppers name again when it reaches the shopping cart.php Thanks again AO Quote Link to comment Share on other sites More sharing options...
GuntherR Posted June 3, 2003 Share Posted June 3, 2003 It works for me! ------------ Thank you, your payment was successful Merchant's Reference: osCsid=36149f304dd709365dd91c5968904e70 WorldPay Transaction ID: 40474160 TEST MODE - this is not a live transaction Please contact WorldPay immediately if there has been a problem making your payment. ------------ Your callback address looks good: <input type="hidden" name="MC_callback" value="www.alfaowner.com/store/wpcallback.php?language=en"> Quote Link to comment Share on other sites More sharing options...
mrjeff Posted June 3, 2003 Share Posted June 3, 2003 I was worried that might happen, it does take the order okay, thats one good thing, but we get an error on 3 machines (all running XP proffesional BTW) on the redirect part after the proccesing has completed and is taking you to checkout_success.php, for some reason, we end up at shopping_cart.php with the text saying that there is nothing in your cart, but then sometimes it proccesses the payment successfully and takes you to this URL. http://www.alfaowner.com/store/checkout_pr...40220787761da50 which gives a 404 error, if any one knows how to rectify this, I am prepared to make a Pay Pal payment for your time as long as you know what you are doing and resolve the problem. Thanks again for reading this. regards, AO Quote Link to comment Share on other sites More sharing options...
GuntherR Posted June 3, 2003 Share Posted June 3, 2003 After Worldpay calls the callback script wpcallback.php, checkout_process.php is called to update the DB (with a 5 second redirect delay, which can cause a problem when interrupted). Once the DB is successfully updated, checkout_success.php is called. If the DB was already updated, shopping_cart.php is called instead. I see one problem after WorldPay is calling wpcallback.php ... the 5 second redirect delay! I did a little change to minimize this problem: Change the redirect delay to 0 (in wpcallback.php) as described in my previous posting and insert a sleep(5) into includes/modules/payment/worldpay.php after_process(). Loosing information ... could it be that you have a cookie problem? Quote Link to comment Share on other sites More sharing options...
mrjeff Posted June 3, 2003 Share Posted June 3, 2003 That did not work, I did what the post suggested, but if I tupe in the address bar http://www.alfaowner.com/store/checkout_success.php after the error, all is well, could I not simply change the redirect to a manual button that the customer has to click? Quote Link to comment Share on other sites More sharing options...
GuntherR Posted June 3, 2003 Share Posted June 3, 2003 I never get the 404 error on your site. Things are looking good from here. When I have cookies enabled (stored/non-stored) I do not get the session ID at the end of your URL (e.g. osCsid=6eaa0a8a04c5a920540220787761da50), just when cookies are disabled. At least that is how IE5.5 is handling it. There is some issue with IE6 as mentioned also at WorldPay. I might have to activate IE6 to check it out ... but have no XP here. I do not see how you can get the 404 error??? The page is there and the additional ?osCsid.... should not matter as it is simply a [GET] parameter for that page and will usually be ignored when the page does not need it. Quote Link to comment Share on other sites More sharing options...
GuntherR Posted June 3, 2003 Share Posted June 3, 2003 I got the page not found (actually dnserror) with IE6 once! But then it was working fine. Quote Link to comment Share on other sites More sharing options...
alfaowner Posted June 3, 2003 Share Posted June 3, 2003 looks like I am stuffed here, its a weird one Quote Link to comment Share on other sites More sharing options...
alfaowner Posted June 4, 2003 Share Posted June 4, 2003 Well it works with a fresh install on a fresh WP install also, so its not my computer, + I have tested on 2 others. Seriously confused and in the sh*t Quote Link to comment Share on other sites More sharing options...
GuntherR Posted June 5, 2003 Share Posted June 5, 2003 mmh ... Don't have that problem. But did you exactly check what type of error message you get? I got a dnserror and not a 404 page not found when I used IE6 on your site. Is it maybe XP related? Too much security ... in the wrong place... Quote Link to comment Share on other sites More sharing options...
scottymcloo Posted June 5, 2003 Author Share Posted June 5, 2003 :: Minor update to the instructions :: In the installation instructions, it mentions to modify filesnames.php. This file does not exist in all installations - (ie only in releases after MS1). Therefore add the line to application_top.php and everything will work. Graeme ps. Gunther has been very busy and suggested a change to the module to move the redirect time to the after_process() function. I will incorporate this into my module and post as an update in the next couple of days. Thank you Gunther for your help. This should help to further prevent the possibility of losing the database updates if a user closes the window or navigates away. Quote Link to comment Share on other sites More sharing options...
crayon Posted June 6, 2003 Share Posted June 6, 2003 I've just started with OSC and am trying to get the MD5 working. There are some typos in: catalog/includes/modules/payment/worldpay.php the following lines in function check(): // Ian-san: Added MD5 here 6/4/2003: tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'"); tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'"); seem to be in the wrong place and prevents the MD5 options from showing in the Admin>Modules>Payment. I moved them to inside function remove(), which looks like where they belong. Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'. And now for my question, I want to use 'currency' in the signatureFields, which variable can I get it from? thanks Quote Jason Wong Link to comment Share on other sites More sharing options...
crayon Posted June 6, 2003 Share Posted June 6, 2003 And now for my question, I want to use 'currency' in the signatureFields, which variable can I get it from? It's OK, I've found it! :wink: Quote Jason Wong Link to comment Share on other sites More sharing options...
Ian-San Posted June 6, 2003 Share Posted June 6, 2003 the following lines in function check(): // Ian-san: Added MD5 here 6/4/2003: tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'"); tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'"); seem to be in the wrong place No - they are not actually required at all as the function remove() has a general delete based on the configuration keys. This error was corrected in the currency update version of worldpay. All MD5 is untested as none of the contribution authors seem to be using it and no feedback until now - so you are probably on your own there. Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
Ian-San Posted June 6, 2003 Share Posted June 6, 2003 Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'. Yep - well spotted. Thanks for pointing it out. Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
crayon Posted June 7, 2003 Share Posted June 7, 2003 Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'. Yep - well spotted. Thanks for pointing it out. OK, some prelimary testing indicates that MD5 works. That is, without the changes outlined above, Worldpay spits out an error. After the corrections the transaction is accepted. I'm curious that the MD5 option is not more widely used. How do you safeguard against people tampering with the payment form that gets submitted to Worldpay? Without MD5, one could just put in whatever amount they wish and Worldpay would be none the wiser. Or have I missed something? thanks Quote Jason Wong Link to comment Share on other sites More sharing options...
Ian-San Posted June 7, 2003 Share Posted June 7, 2003 I'm curious that the MD5 option is not more widely used. How do you safeguard against people tampering with the payment form that gets submitted to Worldpay? Without MD5, one could just put in whatever amount they wish and Worldpay would be none the wiser. Or have I missed something? Well, in my case, I am not selling physical products and have a fully automatic checking system set up. In addition, I only have a handful of possible prices so they are easy to recognise. I get the reply from WP telling me what they have paid - plus a copy of the order email - and if the customer hasnt paid me the correct amount, I would just limit their access to my site until the issue is resolved. Actually, it has never happened. If anyone else want to pay me who is not one of my customers - I say thank you very politely. In addition, due to the nature of my web site, I track and store every click a customer makes so can go back and see what they did if any dispute. Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
alfaowner Posted June 7, 2003 Share Posted June 7, 2003 I am confused? Mine is just a drop down with all 3 currencies, with the relevant amount on the drop down, how can they change that? ?/ AO Quote Link to comment Share on other sites More sharing options...
crayon Posted June 8, 2003 Share Posted June 8, 2003 I am confused? Mine is just a drop down with all 3 currencies, with the relevant amount on the drop down, how can they change that? ?/ AO By using the oldest trick in the book. They: 1) save a copy of checkout_confirmation.php 2) change the amount and/or currency 3) reload the doctored page back into their browser and click [confirm order] Quote Jason Wong Link to comment Share on other sites More sharing options...
pilot1 Posted June 9, 2003 Share Posted June 9, 2003 Thats interesting, why could'nt something like @referers = ('your site.com'); be implemented so it would work only from the hosts website? Quote What goes up MUST come down Link to comment Share on other sites More sharing options...
crayon Posted June 9, 2003 Share Posted June 9, 2003 Thats interesting, why could'nt something like @referers = ('your site.com'); be implemented so it would work only from the hosts website? If you're referring to HTTP_REFERER then they're just as easy to forge and cannot be relied upon :( Quote Jason Wong Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.