Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PayPal_Shopping_Cart_IPN


devosc

Recommended Posts

I just read an update announcement about the secpay module, and actually I had a similar idea but specifically in regard to the customers session id and that is to encrypt the info passed to PayPal

We're investigating this. As you may have noticed, we recently added the ability to encrypt buttons created at our site. It's trickier to support this for "off-site" created buttons because of the "key" exchange. It is unlikely we will have this capability anytime soon.

 

The key to preventing order-tampering is to check the data that is received through IPN:

1) that the IPN is authentic (when posted back to PayPal, a "VERIFIED" response is returned)

2) ipn.business = button.business

3) ipn.mc_gross = button.amount & ipn.mc_currency = button.currency_code

4) ipn.payment_status = Completed

5) ipn.txn_id has not been previously processed

Edited by pbreit

Patrick Breitenbach

Link to comment
Share on other sites

  • Replies 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

Hi Patrick,

 

Over the weekend I developed/rededsigned the contribtion to soley work off the IPN irrespective of how the customer is returned (i.e. no rm 2), I had to bite the bullet and pre-store the order, but the stock is currently not updated/subtracted untill the IPN is received.

 

My preliminary tests seemed to show that it works well, but downloads still remain to immediately available, but as far as accepting payments it does the job.

E-checks and pending PayPal payments should now be looked into, but I am sort of limited in a means to test these types of transactions.

 

the mc_gross, currency, and number of cart items tests can/should now be looked into further. Currently as long as the payment is verified, completed, valid receiver and business emails, and the txn_id not previously stored then the IPN/order is processed.

 

The latter now needs to be revised in terms of pending payments and possible refunds.

 

I haven't had time to enable to offer the choice of which version to use, i.e. using rm 2, so I think it easiest to just go with new design, which still includes all of it's additional features, namely Method 2 Itemized Cart, Full IPN details in the admin section, and specification of PayPal page customization parameters.

 

Untill the order is verified by the IPN it remains in a Pending Payment status.

 

Is there any way I can mimick an e-check transaction quickly?

 

Also I noticed a new field in the Manual called 'image' which enables replacing the process button with our own image button, is this specified in the same way as the 'image_url' and do you need any options set in the account profile in order to use this feature? I tried quickly etc.....

 

Regards,

Greg.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Greg, that sounds great. I guess until osC implements the capability to store carts/orders prior to payment processing, that's what needs to be done. I'm really surprised that osC doesn't store unpaid carts since that information is so valuable to merchants.

 

I think it's OK to wait for the payment before permanently decrementing inventory. I think the ideal is that inventory is temporarily decremented when added to a cart and then either permanently deleted upon payment or released back to the store shelf after a period of time. This isn't really a PayPal issue, tho.

 

We're working on a sandbox which should become available next month. Until then, testing echeck IPN is difficult.

 

Basically, the first echeck IPN and the second are nearly identical. The differences are:

First IPN: payment_status=Pending, pending_reason=echeck

Second IPN: payment_status=Completed

 

The easiest approach is to disregard the first IPN. A second approach is to indicate that for a particular order, payment is pending via PayPal echeck.

 

I'm not aware of a field named "image". Where did you see that? We have something called "page_style" which enables a merchant to specify different page customization screens. Probably best just to do nothing which will use the merchant's default page style.

Patrick Breitenbach

Link to comment
Share on other sites

Greg,

 

Pre-storing the order is an excellent idea. I have tried this before without using IPN, by modifying checkout_confirmation.php, checkout_process.php, and paypal.php, worked well, but what about the confirmation email? Having the email sent before payment is risky, we had several problems with customers insisting they paid but really did not. But if there is a way to continue sending the email when the IPN is generated, that would be perfect.

 

Also, if you would like assistance testing echecks, I would be glad to help, just let me know if you're interested.

Link to comment
Share on other sites

Hi Sky,

 

Thanks. I've tried to make it as smooth as possible, i.e. when the customer clicks confirm they are actually posted straight to checkout_process.php, when the $payment_modules_>before_process() module is called a revised version of the original checkout_process.php is then used which has now been seperated into two seperate module files:

 

[1] modules/payment/paypal/checkout_process.php - called via the before_process()

and

[2] modules/payment/paypal/checkout_update.php - called when the IPN is received and validated.

 

The purpose of [1] is soley to insert the order into the customer related 'orders' db tables.

Another order table has been created called 'orders_session_info' where the customer_id, orders_id, language, currency, sendto and billto vars are temporarily stored until the IPN is recieved.

 

Once [1] has stored the 'order' info a basic page is shown which only contains the store logo, a processing transaction msg and a PayPal Checkout button, this page is automatically submitted onLoad, and can be manually submitted if the customer is not using javascript.

As said this page is very plain, since the only thing that the customer should have the ability to do is click the page submit form and they don't neccessarily need to see the main site template, although I have set this page as a template defined in modules/payment/paypal/processing.tpl.php where if the original site template needs to be shown it can be re-implemented here as usual.

Session info is removed at this time.

 

Once the customer returns to the site they should now be automatically returned to checkout_success.php.

 

When the IPN is received, [2] is called which will go through the revised original script but this time it's sole purpose is to now update the 'products' db tables, e.g. inventory, once this is done the email confirmations are sent.

 

If for example the customer confirmed the order but abandoned the process at the PayPal site, you would see the order show in the admin with a Pending Payment order status, and that the customer has not been notified.

 

The customer themselves can see this order in their account history with the Pending Payment status.

 

The order status 'Pending Payment' currently must be created by the store owner in the admin section and must then be set as the status to be used when a PayPal order occurs, i.e. set in admin->modules->payment->paypal.

 

So far the latter of the above has meant that this order status id does not need to be hard coded.

 

Once the IPN is received the original orders_status_history is then updated with the 'default' order status as defined in the admin, e.g usually 'Pending', and the last_modidified field is updated to 'now()' at the same time as inserting the PayPal transaction id into the main 'orders' db table.

 

Since the session info has been removed once they click the osC confirmation button, they should not be able to re-post / spoof another order, i.e if they returned to checkout_process.php after the first confirmation, they would be redirected by osC to the shopping_cart.php page as usual since their cart is empty.

 

At present this does mean downloads could be made immediately available, but something like the Downloads controller should be able to handle whether or not they should be made available.

 

The contrib now uses it's own application_top.php so session settings will no longer be an issue.

 

I have a bit more testing to do, and because IPNs with different payment statuses will be stored, e.g pending, I'm looking into putting a little search filter in the admin section, but I might leave it out or very basic for now.

 

I would like to get this lot done this week. I'll let you know soon and you could then test it locally on your own server, by the way I changed the cURL bit so it should now work more often.

But it should be ok, as now I think it can be tested by adapting the test ipn.html to suit.

 

I think this methodology should suffice for now. Although I have made some somewhat signifcant changes as to the structure of the contrib especially in the catalog section, since all new related files are soley stored in a paypal directory in inlcudes/modules/payment, thus the new version means deleting the old files.

 

Also due to the seperation purposes of the original checkout_process.php page, means implementing revisions to this content made by other contributions means that updating these files might not be able to be done exactly as how described in those contribs readme files.

 

Regards,

Greg.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Problem with Quickbooks Mod on Paypal purchases

 

I just installed both the Quickbooks IIF import and Paypal IPN contributions. Both work great, except that the scripts don't generate the IIF files for transactions paid with Paypal. The IIF files are generated just fine when I use Cash On Delivery as payment method, but not when Paypal is used. Has anyone else has this problem?

Link to comment
Share on other sites

I am having a problem with shipping passing through to Paypal. I am using 2.2 ms2 and I have the latest contribution (v1.7). The site is in a testing phase. It is Stilwell.biz. I am using the Paypal itemized shopping cart method.

 

On the first purchase, a customer will have shipping pass through to Paypal. However, if that customer comes back to my website later and makes another purchase, shipping will not pass through.

 

Now if the customer deletes cookies, the shipping will pass through again.

 

Could this have to do with sessions? Any help would be appreciated.

 

Thanks,

 

Jess

Link to comment
Share on other sites

Greg,

 

Thank you for all the hard work you have put into this contribution. I've run into a couple of problems that appear to be lockstep with part of the conversations that you and Patrick are having. Any advice you can offer would be greatly appreciated:

 

SCENARIO 1:

Configuration:

System:

osCommerce: MS2

PayPal IPN: 1.7

Other Mods: UPSXML, UPSXML Tracking

(these mods aren't being used during the test)

PayPal setup:

IPN - On (no address)

Auto Return - Off

Prompt for unverified addess

OsCommerce PayPal set up:

Include Note - No

Shopping Cart Method - Itemized

Enable PayPal Shipping Address - False

(want the user to use the osCommerce address book)

PayPal Auto-Return - No

Email Notifications - 1

Test Mode - Off (tried with it turned on too)

Notification Address - an independent address

Return URL Behavior - Post

 

Test:

Run a purchase of an item ($.01) using an unverified address and flat rate shipping of $0.00.

 

Results/Problem:

Transaction initially processes properly. Order shows up in Admin/Customers/Orders with notes that the order is pending due to address verification. Admin/Customers/IPN notes the order pending due to address verification. The problem comes in when I log into PayPal and approve the payment. I get an email (as the purchaser) that the payment has been accepted. Unfortunately nothing else happens in IPN. It never updates. I can live with this but if order volume picks up it could present a problem.

 

SCENARIO 2:

Configuration:

System:

osCommerce: MS2

PayPal IPN: 1.7

Other Mods: UPSXML, UPSXML Tracking

(these mods aren't being used during the test)

PayPal setup:

IPN - On (no address)

Auto Return - On

Auto Return Address - (the secure url to my success page)

Prompt for unverified addess

OsCommerce PayPal set up:

Include Note - No

Shopping Cart Method - Itemized

Enable PayPal Shipping Address - False

(want the user to use the osCommerce address book)

PayPal Auto-Return - Yes

Email Notifications - 1

Test Mode - Off (tried with it turned on too)

Notification Address - an independent address

Return URL Behavior - Post

 

Test:

Run a purchase of an item ($.01) using an unverified address and flat rate shipping of $0.00.

 

Results/Problem:

Transaction returns to the success screen. Nothing shows up under Admin/Customers/Orders. This bothers me because I don't have anything inside the store that acknowledges that a purchase has been made and needs attention in PayPal. Once I go to PayPal and accept the payment I receive the notification emails and entries show up in Admin/Customers/Orders - Admin/Customers/PayPal IPN but they are all missing the purchaser information and item(s) purchased.

 

GENERAL COMMENTS:

If possible I would prefer to not use PayPals autoreturn feature. With it turned off the user is promptly returned the success page without ever seeing the PayPal redirect page. Also, I really like having the order show up in osC admin with comments as to why the order is pending. That way I have a single point to start with when processing orders.

 

Once again, thank you for the contribution and any assistance you can offer.

 

Sincerely,

Allen

Link to comment
Share on other sites

Hi Allen,

 

A new release will be available shortly that should alleviate these issues, but at present will involve uninstalling any previous version of this contrib.

I'm about to test out the install notes, so it shouldn't be too long.

 

eChecks will now be handled. As well as accepting any pending payment, but the order will not be created unless the Payment is Completed, i.e. customer notified and inventory updated.

 

Downloads will also be managed by the above method, i.e. they will not be made available untill a PayPal notification that it's payment status is Completed.

 

Regards,

Greg.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Hi Safoo,

 

I just had look, I think you should be ok, it seems that the only amendment that it made to an original osCommerce file was in account_history.php where it has o.orders_status != '99999' I think what this is supposed to do is to prevent the first order status of the order from being shown.

In the case of this contribution this order status id would actually be whatever value is assigned to MODULE_PAYMENT_PAYPAL_ORDER_STATUS_ID which is the status that you set in admin->modules->payment->paypal, which is the order status created as directed in Step 4 of this (PayPal_Shopping_Cart_IPN) contribs install notes.

 

If you like you just change in account_history.php

and o.orders_status != '99999' to

and o.orders_status != MODULE_PAYMENT_PAYPAL_ORDER_STATUS_ID

 

But this will prevent allowing the customer see that the order is awaiting payment => 'Pending Payment'

 

Other than that you could just remove the old files, i.e. reverse the install process.

 

AH, checkout_success.php, you'll need to get rid of that stuff too.

 

Later on we can come up with a better customized page for PayPal customers, but in general the assumption should be made upon their return that we do not know the status of their payment, i.e. you might not of received the IPN by then, so you could just let customer know to check their account history for this information, but by default or rather in the orignal osCommerce method, you tell them thanks and would you like to have any product notfications as usual. If the IPN has been received and it is a downloadable product the download will then be available otherwise they would have to check their account history to see the status of the order and when it becomes Completed, the download link will then appear there as usual.

 

Hence it might be better to just completely remove the

and o.orders_status != '99999'

all together so every one knows what's what.

 

Also the name 'Pending Payment' is just a suggestion you could always specify something else, e.g. 'Pending PayPal Payment'

 

Incidentally I re-read the FAQ section and actually the customer is returned to checkout_success.php and not checkout_process.php

 

I would suggest that you back up everything, files and db, install this contribution see if it suits your needs, and if happy you know that it should be ok to deleted the old stuff etc...

 

If it works etc we could later get the account history to provide more information about why an order is still pending payment, e.g. awaiting payment notification from PayPal, awaiting eCheck to clear etc...

 

Regards,

Greg.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

I am having a problem with shipping passing through to Paypal. I am using 2.2 ms2 and I have the latest contribution (v1.7). The site is in a testing phase. It is Stilwell.biz. I am using the Paypal itemized shopping cart method.

 

On the first purchase, a customer will have shipping pass through to Paypal. However, if that customer comes back to my website later and makes another purchase, shipping will not pass through.

 

Now if the customer deletes cookies, the shipping will pass through again.

 

Could this have to do with sessions? Any help would be appreciated.

 

Thanks,

 

Jess

 

Hi - Maybe I didn't provide enough information. Here is my scenario:

  • Customer with items in cart checks out choosing Paypal and UPS Ground.
  • Confirms order and is sent to Paypal where all is correct shipping is sent thru correctly.
  • Payment is completed on the Paypal pages and customer is sent to oscommerce success page.
  • Shopping Cart is empty. Customer makes another purchase using Paypal & UPS Ground.
  • Confirms order and is sent to Paypal page. Where there is no shipping. Shipping did not pass thru.
  • Customer hits back to oscommerce page and then deletes cookies.
  • Customer once again confirms order and is sent to Paypal Page.
  • This time Shipping is there - It passed thru this time.

I see in /checkout_process.php:

 

// unregister session variables used during checkout

tep_session_unregister('sendto');

tep_session_unregister('billto');

tep_session_unregister('shipping');

tep_session_unregister('payment');

tep_session_unregister('comments');

 

Doesn't this reset or clear the shipping variable after the first purchase is completed? Why would deleting cookies change whether or not shipping is passed through to Paypal?

 

Is there any place someone can direct me to look to correct this? Any help would be appreciated.

 

Thanks,

 

Jess

Link to comment
Share on other sites

HI,

I hope i am asking in the correct thread, as mine is an install problem more than development as i see from most posts. I just installed ipn 2.0 (twice) with the same error.

Fatal error: Cannot redeclare class paypal in &&&/catalog/includes/modules/payment/paypal.php on line 14 because of this i am not able to enable the payment module at all.

i commented out

class paypal {

var $code, $title, $description, $enabled;

which is line 14 for me and am able to access the other payment module ( that i don't use!). Does it sound like i need to re contruct my database or could this be just in a tmp file?? Any help is greatly appreciated as i am still just learning.

and much kudos to the author!!

Link to comment
Share on other sites

Jess,

As a starting point, first uninstall the PayPal module in the admin, then copy the orginal osCommerce PayPal module back to catalog/includes/modules/payment/paypal.php, and then reinstall PayPal in the admin, now try your tests again, if the problem is still occurring then at least you know it is not anything to do with the PayPal module, actually the contrib version is just an extension of the orginal one so the shipping bit never really changed.

 

John,

When you copied over the paypal.php file to catalog/includes/modules/payment/ what did you do with the original one, you cannot rename it and leave it with a '.php' extension, try '.phpX' or remove it from that directory completely.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Greg,

 

Just installed 2.0 on my MS2 cart. GREAT DOCS!!! I have run into one problem. When I add something to the cart and go thru the checkout process I get the following error when 'checkout_process.php' prepares to run me over to PayPal:

 

1146 - Table 'my_systems_dbname.TABLE_ORDERS_SESSION_INFO' doesn't exist

 

insert into TABLE_ORDERS_SESSION_INFO (orders_id, sendto, billto, language, currency, content_type) values ('24', '2', '2', 'english', 'USD', 'physical')

 

[TEP STOP]

 

On the surface this looks like I simply missed that table when I ran the sql. I've checked thru PHPmyAdmin and the table does exist and appears to be fine. If you have any ideas they would be greatly appreciated.

 

Forgive me if I've pulled the trigger too early. It is rather late and the code is starting to run together.

 

Thanks again.

 

Allen

Link to comment
Share on other sites

Hi Allen because the error msg is showing 'TABLE_ORDERS_SESSION_INFO' suggests that this database table name has not been declared in catalog/includes/database_tables.php.

 

One problem with the html doc is that copying and pasting with some editors seems to pick up / insert unwanted hidden characters.

 

Regards,

Greg.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

I have installed the latest update and now I get the order in the orders database with the "awaiting payment" status but no IPN record ever shows up? ANy clues where I should look to resolve this one?

Link to comment
Share on other sites

Did you receive any debug emails at all?

Did you enable IPN in your PayPal account profile? (see the FAQs in the install docs)

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

I have been using your code since December and all has been working fine except for the occasional IPN record with no order. I thought maybe this update would help with that. I did get debug records and all look good. I can send them to you if you like or post them here?

Link to comment
Share on other sites

Greg,

 

Awake and refreshed. I'm sorry, I shouldn't have written last night. You are right in that the problem was in the catalog/includes/database_tables.php. I did a cut and paste from your very nicely assembled (PayPal_Shopping_Cart_IPN.html) directions. After reviewing today with a fresh set of eyes I noticed an extra space in the declare before 'orders_session_info'. Once I removed it everything started functioning. Time to test.

 

catalog/includes/database_tables.php

 

From the PayPal_Shopping_Cart_IPN.html directions:

define('TABLE_ORDERS_SESSION_INFO', 'orders_session_info');

 

As updated:

define('TABLE_ORDERS_SESSION_INFO','orders_session_info');

 

FYI, I am now seeing the same error as 35thSLP in that I never get a payment confirmation back into my cart (PayPal_IPN table). I need to look at it more. I'm attaching the a one of my debugs for review. Fields modified to protect data are enclosed in single quotes. These fields matched exactly with the exception of the email fields that had %40 substituted for the @ symcol. The only real difference that I see is PayPal is converting characters (space, @, :, etc) in the 'PayPal Reconstructed Post' response.

 

------------------------------------------------------

PayPal ORIGINAL POST

------------------------------------------------------

txn_type=cart

payment_date=07:43:12 Apr 02, 2004 PST

last_name=Cartright

pending_reason=address

payment_gross=0.01

mc_currency=USD

business='[email protected]'

payment_type=instant

num_cart_items=1

payer_status=verified

verify_sign='Sign Matched'

payer_email='[email protected]'

tax=0.00

txn_id='Tax ID Matched'

first_name=Allen

receiver_email='[email protected]'

invoice=29

payer_id='Payer ID Matched'

receiver_id='Receiver ID Matched'

payer_business_name=Spraxis

payment_status=Pending

mc_gross=0.01

item_name1=Microsoft IntelliMouse Pro

custom=29

item_number1=MSIMPRO

notify_version=1.6

quantity1=1

tax1=0.00

 

 

------------------------------------------------------

PayPal Reconstructed Post

------------------------------------------------------

cmd=_notify-validate

txn_type=cart

payment_date=07%3A43%3A12+Apr+02%2C+2004+PST

last_name=Cartright

pending_reason=address

payment_gross=0.01

mc_currency=USD

business='nospam_%40rockerland.nope'

payment_type=instant

num_cart_items=1

payer_status=verified

verify_sign='Sign Matched'

payer_email='nospam_%40hotmail.nope'

tax=0.00

txn_id='Tax ID Matched'

first_name=Allen

receiver_email='nospam_%40rockerland.nope'

invoice=29

payer_id='Payer ID Matched'

receiver_id='Receiver ID Matched'

payer_business_name=Spraxis

payment_status=Pending

mc_gross=0.01

item_name1=Microsoft+IntelliMouse+Pro

custom=29

item_number1=MSIMPRO

notify_version=1.6

quantity1=1

tax1=0.00

 

Thanks for your help and hardwork.

 

Allen

Link to comment
Share on other sites

Allen your one is a bit simplier because the payment_status is still 'Pending' the customer needs to verify their address since the pending_reason is 'address', didn't this show in the admin or does it still say 'Pending Payment' ? on the customers/catalog side it will still say 'Pending Payment' you need to go into your paypal account and accept the payment, you could also to configure so as to always accept payments regardless of the address verification.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Ok, new problem this morning. 2Checkout and Money Order/Cashier's Check checkouts seem to work, but Paypal is broken. When I hit CONFIRM ORDER, I get this error:

 

1062 - Duplicate entry '' for key 1

 

insert into orders (customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, date_purchased, orders_status, currency, currency_value) values ('44', 'test testtt', '', '4062 s 4th', '', 'las', '90320', 'California', 'United States', '4105623253', '[email protected]', '2', 'test testtt', '', '4062 s 4th', '', 'las', '90320', 'California', 'United States', '2', 'test testtt', '', '4062 s 4th', '', 'las', '90320', 'California', 'United States', '2', 'PayPal', '', '', '', '', now(), '4', 'USD', '1.00000000')

 

[TEP STOP]

 

Any ideas on what I did now? :P

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...