Jump to content
Sign in to follow this  
scottymcloo

Worldpay support III

Recommended Posts

Or you could enable MD5 to improve things a bit

Worldpay problems

 

This page explains the problems with Select Junior better than I can. I can confirm though, that the issues it outlines are still present and affect anyone using Worldpay, including via the OSC contribution.

 

That page doesn't include my technique of using a Javscript debugger, which is more likely to work than the way it suggests.

 

So yeah MD5 would sort the main part of the insecure-ness out. The contribution needs to be changed for that to work, I think, but that would be simple. IMHO a 12-character password is secure enough, and as for its point about the callback - I've not looked into that but what it's saying makes sense.

 

One way or the other, there are some pretty big problems with the current OSC worldpay system. If you check your orders by hand and ensure the amounts/totals make sense, then you'll be OK.

Share this post


Link to post
Share on other sites

sorry

i should readthrough the whole thread. The answer was in there. Worldpay doesn't work with STS Template.

There is a message suggesting it can be used but i was left a little confused. has anyone managed to get worldpay and sts working together?

 

cheers

Share this post


Link to post
Share on other sites

I have just set up worldpay on a new site and when doing a test I noticed the new look pages for the first time on the worldpay server.

 

That big black bar at the top of the site and the huge padlock couldnt look more different from the site.

 

Has anyone had any luck with changing the look of the payment pages?


Feel free to ask me for help

beep... beep....My Pager

Share this post


Link to post
Share on other sites

Yeah..

 

My payment pages look good enough - not great, but good enough. You need to upload HTML for it to use in the Header and Footer, and use Styles. Go through and change all the colours it uses to match your site.

 

It is possible but it's more work than it should be..

Share this post


Link to post
Share on other sites
Come on, some one must have some better solutions for the 1062-Duplicate entry error???

Nimmit solved his problem by the looks of things. Read his posts, and if not, get in touch and see if his solution might work for you.

 

I thought it was to do with cookie addresses, and Nimmit said:

If anyone else has this problem in the future it was to do with my https cookie domain set up in configue.php I had a typo! Typical it's the little things that can really mess you up!

 

Good luck..

Share this post


Link to post
Share on other sites

Hiya,

in refrence to the dubplicate entry error. Have a good read of

this wiki its just the basic configure file that needs to be checked in this situation.

 

Make sure that you have every setting as it should be.

 

I tried so many things around the time I had that problem. And I'm pretty sure this was what was causing it.

Nimmit


Knowledge is knowing that a tomato is a fruit, wisdom is not putting one in a fruit salad :D

Share this post


Link to post
Share on other sites

Hi,

 

Ived tried pretty much everything in my config.php. this is what it looks like:

 

define('HTTP_SERVER', 'http://www.gameessentials.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://webatwork2.cheapdomainsuk.com/~gameesse'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.gameessentials.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'webatwork2.cheapdomainsuk.com/~gameesse');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/gameesse/public_html/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'xxxxxx');

define('DB_SERVER_PASSWORD', 'xxxxxx');

define('DB_DATABASE', 'xxxxxx');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

 

Ive spoken to Ady who had the same problem, he has solved it by setting his HTTPS_COOKIE_DOMAIN the same as his HTTP_COOKIE_DOMAIN.

This didnt work for me, I starting to thing that this is a problem with my Shared SSL. Do you think buying a dedicated SSL could cause this problem? Im also getting the Paypal IPN error.

 

Cheers

Rob

Share this post


Link to post
Share on other sites

Hiya,

I just started looking into this problem and in the process BROKE MY STORE AGAIN (panic!!!) But have now fixed it again! (phew!).

I'm not saying that this is right for everyone but in MY CASE it is todo with that cookie domain.

If i put a http or https on the front of it it gives the duplicate entry problem. The moment I take it away its fixed again... whether or not this going to be the case for everyone or not is another question.

 

Keep at it

 

Nimmit

 

p.s. both my http & https cookie things are the same


Knowledge is knowing that a tomato is a fruit, wisdom is not putting one in a fruit salad :D

Share this post


Link to post
Share on other sites

I have put a fix in a new virsion of the contribution.

 

Your configure settings are correct for this new contribution.

 

The only file that I have changed is catalog->includes->modules->payment->worldpay.php

 

Worldpay 4.0 version 1.5

 

Regards

 

Nimmit


Knowledge is knowing that a tomato is a fruit, wisdom is not putting one in a fruit salad :D

Share this post


Link to post
Share on other sites

Does anyone know how to pass the WP reference number back and have it included on the invoice or anywhere else? It's a pain having to find it when a customer returns something, if it were on the actual invoice or order page it would make life easier.

Share this post


Link to post
Share on other sites

heh - that was one of the things I was going to look at wasn't it..

 

I'm in a good mood today so I might see what I can do..

 

If I don't, feel free to kick me up the ass on this.

 

Adam

Share this post


Link to post
Share on other sites

When the order arrives, copy the WP Transaction ID and paste it into the account history. If you get a return you can quickly locate the WP ID via the shop order number.

Not perfect though it does work.

 

Greg

Share this post


Link to post
Share on other sites

I've got a problem that I think is due to a cookie stored on my box somewhere as a result of a failed transaction.

 

Worldpay processes the transaction and sends its confirmation emails.

The call back url http://<wpdisplay item="MC_callback"> produces the WP box at the top of the page and the header beneath it.

 

The rest of the page won't load and the sale is not confirmed/logged by OSC.

WP does not send a failure email and there are no warningmessages.

 

Although I go through the WP process. The goods are still in my cart.

 

Can anyone help and shed light on what I'm missing.

 

(MS2.2 - WP 4 1.5b - no other contribs)

 

regards

Kev

Share this post


Link to post
Share on other sites

Its sounds like maybe one of the files you uploaded is corrupt. I think its called wp-callback.php or similar. Try re-uploading the files and see what happens.


Feel free to ask me for help

beep... beep....My Pager

Share this post


Link to post
Share on other sites

Hi Guys,

 

I just setup the Worldpay module in a ms2.2 installation. I am having the same callback problem. I have checked the installation id and it is correct. Any other ideas? As a result of no callback the cart remains full and order is not put into osc. Thanks!

 

rw

Share this post


Link to post
Share on other sites

Once the order is confirmed by WorldPay the customer is sent to this base URL:

 

https://select.worldpay.com/aequitas/card?

 

with the following text:

 

 

Thank You.

 

This was NOT a live transaction - no money has changed hands

Thank you, your payment was successful

Merchant's Reference: osCsid=f0acc5a58dc031838cba408ac70e1dbf

WorldPay Transaction ID: 64803702

 

Please contact WorldPay immediately if there has been a problem making your payment.

 

 

 

 

Any ideas are appreciated.

 

thanks,

 

rw

Share this post


Link to post
Share on other sites

Probably, you are in Test Mode.

 

Set to live in Admin.

 

The mode you are working in (100 = Test Mode Accept, 101 = Test Mode Decline, 0 = Live


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

I will try it, So the callback does not work in test mode?

 

ALSO,

 

Is there a reason this mod uses dynamic callback? ie: builds the callback url? Is this strictly to support multiple languages? I've tried plugging the callback URL right into the Worldpay panel and it works fine.

 

ie:

 

www.mydomain.com/wpcallback.php

 

instead of:

 

http://<wpdisplay item="MC_callback">

 

When i use http://<wpdisplay item="MC_callback">

 

it does not work (in test mode or otherwise). I have even tried hardcoding in my callback url to modules/payment/worldpay.php file

 

ie:

 

143: tep_draw_hidden_field('MC_callback', 'http://www.mydomain.com/wpcallback.php?language=' . $language_code) .

 

143: tep_draw_hidden_field('MC_callback', $worldpay_callback[1] . '?language=' . $language_code) .

 

and the dynamic callback still will not work. I can see the hidden field is in fact there and is being passed to worldpay.

 

Anyway it is working when i put the callback directly into the worldpay panel. Is there any reason i shouldn't be doing this?? Thanks!

 

rw

Share this post


Link to post
Share on other sites

Hi peeps,

 

Not sure if anyone has seen this potential security risk.

 

After I've done a checkout and redirected to the WorldPay page, i am able to enter this: www.mystore.com/wpcallback.php?transStatus=Y, and the order will be processed as success even without paying.

 

Ivan.

Share this post


Link to post
Share on other sites

What I propose is to change the following code in /catalog/wpcallback.php

if(isset($transStatus) && $transStatus == "Y") { ?

to

$transStatus = "";
$transStatus = $_POST['transStatus'];
if(isset($_POST['transStatus']) && $transStatus == "Y") { ?

Edited by ivanteo

Share this post


Link to post
Share on other sites

It is a security hole yes, and there are several with this module that I've already hinted at previous in the thread. Well spotted though!

 

As for code, I'd replace your:

 

$transStatus = "";
$transStatus = $_POST['transStatus'];
if(isset($_POST['transStatus']) && $transStatus == "Y") {  

 

with..

 

if(isset($_POST['transStatus']) AND ($_POST['transStatus'] == "Y")) {  

 

I use 'AND' rather than '&&' - i believe it's better in most situations.

 

It's probably no more secure though - you could construct a form that POSTs 'transStatus=Y' to wpcallback.php and it would probably work just like faking the GET variable as you're suggesting.

 

The answer is to make use of Worldpay's MD5 passwords and other security features, detailed in its integration guide and missing from the current OSC module.

Share this post


Link to post
Share on other sites

Hi, any one any ideas on the callback failure?

I have the same problem, if I put http://<wpdisplay item="MC_callback"> into the WP callback URL I get a failure. Replacing the callback URL with www.mysite.com results in a callback success and everything is fine.

Using osCommerce MS2 with Worldpay 4.0 v1.4

 

Robr

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×