Jump to content
Sign in to follow this  
scottymcloo

Worldpay Support

Recommended Posts

I believe that the biggest problem of all might be WorldPay's terms and conditions. It seems as though they want the customer to know explicity when they are on the WorldPay site, if you do it all in the background by talking to the WorldPay servers, then this may upset them and they may not approve your site. They are VERY Pernickety.

 

As a slight side note, I decicided not to do anymore work on my changes on integrating the checkout_processing into the checkout module and releasing it to the public. This is because it seems that Graeme is unwilling to make the necessary changes to the module to overcome the present 'feature' that 1 in 10 orders fail to regiseter with osc despite the 'stablility' of the design.

Share this post


Link to post
Share on other sites

Ben

 

I suggest that you do do it and release it as a separate module - clearly labelled as such - for those who want to go down that path.

 

For those who are happy with the existing stable release, then they can use Graeme's module.

 

There is no such thing as one size fits all when it come to e-commerce!


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

Ben,

 

You did quite some work on the "checkout and not updating the database" problem.

 

I did a quick fix for it and would like to get some feedback.

 

Instead of having the 5-10 seconds redirect delay in the wpcallback.php script, I simply moved it into the worldpay.php module:

 

after_process() {

sleep (5); // show WorldPay result for 5 seconds

return false;

}

 

In wpcallback.php I replaced the 5 seconds delay with 0

echo "<meta http-equiv='Refresh' content='0; Url="$url"'>";

 

And it seems to work fine (In test mode).

But of course doing the update in the callback script would be better. In case the result is never displayed on the customers PC, the DB would be updated.

 

By the way, the failure section of the callback script seems to be not necessary as the script will only be called on success or cancellation.

 

Gunther

Share this post


Link to post
Share on other sites

I hope that some one can help?

 

We have found that our Worldpay module is not operating as it was designed, after completing the purchase, we are being returned to an empty shopping cart.php instead of the page that says ?Order processed successfully?

 

 

 

I am using the Latest MS1 version (Worldpay_MS1_version_a) from the OS contributions with my call back set up exactly as stated in the INSTALL.TXT file. (http://<wpdisplay item="MC_callback">) with both my tick boxes, ticked.

 

Any one had this problem, I am in test mode so feel free to make a purchase with 4444333322221111

 

http://www.alfaowner.com/store

 

We are desperate to go live, please help us if you can. I tried emailing graeme but he must be busy.

 

Regards,

 

AO

Share this post


Link to post
Share on other sites

Oh yeah, I did notice that when you are on the payment recieved page (catalog/wpcallback.php) the "Welcome shoppers name" turns back to the "Hello Guest!" as if you were not logged in. then goes back to the Welcome shoppers name again when it reaches the shopping cart.php

 

Thanks again

 

AO

Share this post


Link to post
Share on other sites

It works for me!

------------

Thank you, your payment was successful

Merchant's Reference: osCsid=36149f304dd709365dd91c5968904e70

WorldPay Transaction ID: 40474160

 

TEST MODE - this is not a live transaction

Please contact WorldPay immediately if there has been a problem making your payment.

------------

Your callback address looks good:

<input type="hidden" name="MC_callback" value="www.alfaowner.com/store/wpcallback.php?language=en">

Share this post


Link to post
Share on other sites

I was worried that might happen, it does take the order okay, thats one good thing, but we get an error on 3 machines (all running XP proffesional BTW) on the redirect part after the proccesing has completed and is taking you to checkout_success.php, for some reason, we end up at shopping_cart.php with the text saying that there is nothing in your cart, but then sometimes it proccesses the payment successfully and takes you to this URL. http://www.alfaowner.com/store/checkout_pr...40220787761da50 which gives a 404 error, if any one knows how to rectify this, I am prepared to make a Pay Pal payment for your time as long as you know what you are doing and resolve the problem. Thanks again for reading this.

 

regards,

 

AO

Share this post


Link to post
Share on other sites

After Worldpay calls the callback script wpcallback.php, checkout_process.php is called to update the DB (with a 5 second redirect delay, which can cause a problem when interrupted). Once the DB is successfully updated, checkout_success.php is called. If the DB was already updated, shopping_cart.php is called instead.

 

I see one problem after WorldPay is calling wpcallback.php ... the 5 second redirect delay! I did a little change to minimize this problem:

Change the redirect delay to 0 (in wpcallback.php) as described in my previous posting and insert a sleep(5) into includes/modules/payment/worldpay.php after_process().

 

Loosing information ... could it be that you have a cookie problem?

Share this post


Link to post
Share on other sites

I never get the 404 error on your site. Things are looking good from here. When I have cookies enabled (stored/non-stored) I do not get the session ID at the end of your URL (e.g. osCsid=6eaa0a8a04c5a920540220787761da50), just when cookies are disabled. At least that is how IE5.5 is handling it. There is some issue with IE6 as mentioned also at WorldPay. I might have to activate IE6 to check it out ... but have no XP here. I do not see how you can get the 404 error??? The page is there and the additional ?osCsid.... should not matter as it is simply a [GET] parameter for that page and will usually be ignored when the page does not need it.

Share this post


Link to post
Share on other sites

I got the page not found (actually dnserror) with IE6 once! But then it was working fine.

Share this post


Link to post
Share on other sites

Well it works with a fresh install on a fresh WP install also, so its not my computer, + I have tested on 2 others. Seriously confused and in the sh*t

Share this post


Link to post
Share on other sites

mmh ... Don't have that problem. But did you exactly check what type of error message you get? I got a dnserror and not a 404 page not found when I used IE6 on your site. Is it maybe XP related? Too much security ... in the wrong place...

Share this post


Link to post
Share on other sites

:: Minor update to the instructions ::

 

In the installation instructions, it mentions to modify filesnames.php. This file does not exist in all installations - (ie only in releases after MS1).

 

Therefore add the line to application_top.php and everything will work.

 

Graeme

 

ps. Gunther has been very busy and suggested a change to the module to move the redirect time to the after_process() function. I will incorporate this into my module and post as an update in the next couple of days. Thank you Gunther for your help.

 

This should help to further prevent the possibility of losing the database updates if a user closes the window or navigates away.

Share this post


Link to post
Share on other sites

I've just started with OSC and am trying to get the MD5 working.

 

There are some typos in:

 

catalog/includes/modules/payment/worldpay.php

 

the following lines in function check():

 

// Ian-san: Added MD5 here 6/4/2003:

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'");

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'");

seem to be in the wrong place and prevents the MD5 options from showing in the Admin>Modules>Payment.

 

I moved them to inside function remove(), which looks like where they belong.

 

 

Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'.

 

 

And now for my question, I want to use 'currency' in the signatureFields, which variable can I get it from?

 

thanks


Jason Wong

Share this post


Link to post
Share on other sites
And now for my question, I want to use 'currency' in the signatureFields, which variable can I get it from?

 

It's OK, I've found it! :wink:


Jason Wong

Share this post


Link to post
Share on other sites
the following lines in function check():

 

// Ian-san: Added MD5 here 6/4/2003:

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'");

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'");

seem to be in the wrong place

No - they are not actually required at all as the function remove() has a general delete based on the configuration keys. This error was corrected in the currency update version of worldpay.

 

All MD5 is untested as none of the contribution authors seem to be using it and no feedback until now - so you are probably on your own there.


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites
Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'.

 

Yep - well spotted. Thanks for pointing it out.


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

 

Secondly, in function process_button() the signatureFields specified are 'amount:language:email', but the hidden fields passes 'lang' rather than 'language'.

 

Yep - well spotted. Thanks for pointing it out.

 

OK, some prelimary testing indicates that MD5 works. That is, without the changes outlined above, Worldpay spits out an error. After the corrections the transaction is accepted.

 

I'm curious that the MD5 option is not more widely used. How do you safeguard against people tampering with the payment form that gets submitted to Worldpay? Without MD5, one could just put in whatever amount they wish and Worldpay would be none the wiser. Or have I missed something?

 

thanks


Jason Wong

Share this post


Link to post
Share on other sites
I'm curious that the MD5 option is not more widely used. How do you safeguard against people tampering with the payment form that gets submitted to Worldpay? Without MD5, one could just put in whatever amount they wish and Worldpay would be none the wiser. Or have I missed something?

 

Well, in my case, I am not selling physical products and have a fully automatic checking system set up. In addition, I only have a handful of possible prices so they are easy to recognise.

 

I get the reply from WP telling me what they have paid - plus a copy of the order email - and if the customer hasnt paid me the correct amount, I would just limit their access to my site until the issue is resolved. Actually, it has never happened.

 

If anyone else want to pay me who is not one of my customers - I say thank you very politely.

 

In addition, due to the nature of my web site, I track and store every click a customer makes so can go back and see what they did if any dispute.


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

I am confused? Mine is just a drop down with all 3 currencies, with the relevant amount on the drop down, how can they change that?

 

?/

 

AO

Share this post


Link to post
Share on other sites
I am confused? Mine is just a drop down with all 3 currencies, with the relevant amount on the drop down, how can they change that?

 

 

?/

 

 

AO

 

 

By using the oldest trick in the book. They:

 

 

1) save a copy of checkout_confirmation.php

 

2) change the amount and/or currency

 

3) reload the doctored page back into their browser and click [confirm order]


Jason Wong

Share this post


Link to post
Share on other sites

Thats interesting, why could'nt something like

 

@referers = ('your site.com');

 

be implemented so it would work only from the hosts website?


What goes up MUST come down

Share this post


Link to post
Share on other sites
Thats interesting, why could'nt something like

 

@referers = ('your site.com');

 

be implemented so it would work only from the hosts website?

 

If you're referring to HTTP_REFERER then they're just as easy to forge and cannot be relied upon :(


Jason Wong

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×