1) adding the line sending paypal the invoice number (see thread below). This prevents duplicate charges, and
2) Removing a call for a rogue file (probably a hacking attempt though cwatch security did NOT catch it which is troubling) (see thread below)
I've used the paypal pro module that comes with v2.2 since 2.2 was released with no issues. Over the past few weeks, credit card payments placed thru it are suddenly being charged multiple times - usually 3-4 times per order.
Each is coming thru with a different paypal transaction ID and it seems like the success page is never being triggered - at least it wasn't when I tested it with my own credit card. Pressing the final confirm order button on my check out pages triggers the normal "Please wait" text message but then just sits back on that page without moving to the success page (paypal and money order payments are working normally and displaying the success page).
This is not happening with every credit card order and not if someone uses a credit card thru the paypal standard checkout, only thru Payments Pro. Out of 25 credit card orders this morning, 3 of them were charged multiple times and all the others were fine.
The only thing Paypal support suggests is sending thru the order number as their invoiceid field, but I haven't figured out how to do that.
I am stumped why this is suddenly happening when I have not made any changes. Is there an updated paypal pro module that would solve this issue? I am not seeing anything in marketplace but thought I would ask here to see if anyone has a suggestion.
I am refunding the duplicate payment immediately but naturally this is a hassle for me and my customers.
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Code: Select all
$request .= '&INVNUM=' . (int)$order_info['order_id'];
https://github.com/opencart/opencart/bl ... o.php#L103
Reference here.
https://developer.paypal.com/docs/archi ... yment-nvp/
I think even CUSTREF is wrong and should be CUSTOM. But then the PayPal documentation rarely completely matches the actual APIs.
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Is there some way I can force the success page better?
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Check your web browser development console network tab that index.php?route=payment/pp_pro/send returns an 200 OK status.
Also check the JavaScript code that redirects to the success page hasn't changed.
https://github.com/opencart/opencart/bl ... pl#L73-L99
Code: Select all
Warning: include(pp_check.php): failed to open stream: No such file or directory in /public_html/catalog/controller/payment/pp_pro.php on line 87
Warning: include(pp_check.php): failed to open stream: No such file or directory in /public_html/catalog/controller/payment/pp_pro.php on line 87
Warning: include(): Failed opening 'pp_check.php' for inclusion (include_path='.:/opt/cpanel/ea-php70/root/usr/share/pear') in /public_html/catalog/controller/payment/pp_pro.php on line 87
Notice: Undefined index: cc_type in /public_html/catalog/controller/payment/pp_pro.php on line 98
Notice: Undefined index: cc_number in /public_html/catalog/controller/payment/pp_pro.php on line 99
Notice: Undefined index: cc_start_date_month in /public_html/catalog/controller/payment/pp_pro.php on line 100
Notice: Undefined index: cc_start_date_year in /public_html/catalog/controller/payment/pp_pro.php on line 100
Notice: Undefined index: cc_expire_date_month in /public_html/catalog/controller/payment/pp_pro.php on line 101
Notice: Undefined index: cc_expire_date_year in /public_html/catalog/controller/payment/pp_pro.php on line 101
Notice: Undefined index: cc_cvv2 in /public_html/catalog/controller/payment/pp_pro.php on line 102
Notice: Undefined index: cc_type in /public_html/catalog/controller/payment/pp_pro.php on line 104
Notice: Undefined index: cc_type in /public_html/catalog/controller/payment/pp_pro.php on line 104
{"error":"This transaction cannot be processed. Please enter a valid credit card number and type."}
Reason: Added code tags.
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Also, if that error was enough to cause problems then it means that you have display errors on. This can be a security risk, as it provides very helpful information for attackers. It also causes problems where a minor error or even a warning will break something where it normally wouldn't, as you have just found. You will need to switch of displaying of errors in three places.
1. In your PHP settings. This should be off by default, but there are some poor hosts that leave it on. Set display_errors = off in the php.ini or user.ini.
2. In the OpenCart configuration files. https://github.com/opencart/opencart/bl ... lt.php#L44
3. In the Error Handling section under the Server tab in you OpenCart settings.
not because the user is hitting the button twice (i only get one order in oc) but i think because paypal is just charging it twice.
Will adding this line also work in pp_payflow instead of pro? version 2.0.3.1
$request .= '&INVNUM=' . (int)$order_info['order_id'];
I added it here
$request = 'USER=' . urlencode($this->config->get('pp_payflow_user'));
$request .= '&VENDOR=' . urlencode($this->config->get('pp_payflow_vendor'));
$request .= '&PARTNER=' . urlencode($this->config->get('pp_payflow_partner'));
$request .= '&PWD=' . urlencode($this->config->get('pp_payflow_password'));
$request .= '&TENDER=C';
$request .= '&TRXTYPE=' . $payment_type;
$request .= '&INVNUM=' . (int)$order_info['order_id'];
It's a different API, so probably not. You might be able to set ORDERID. Check the documentation.tinabanana wrote: ↑Thu Jul 15, 2021 3:33 ami know this is an older post but i'm having issues with duplicate transactions in paypal.
not because the user is hitting the button twice (i only get one order in oc) but i think because paypal is just charging it twice.
Will adding this line also work in pp_payflow instead of pro? version 2.0.3.1
$request .= '&INVNUM=' . (int)$order_info['order_id'];
I added it here
$request = 'USER=' . urlencode($this->config->get('pp_payflow_user'));
$request .= '&VENDOR=' . urlencode($this->config->get('pp_payflow_vendor'));
$request .= '&PARTNER=' . urlencode($this->config->get('pp_payflow_partner'));
$request .= '&PWD=' . urlencode($this->config->get('pp_payflow_password'));
$request .= '&TENDER=C';
$request .= '&TRXTYPE=' . $payment_type;
$request .= '&INVNUM=' . (int)$order_info['order_id'];
https://developer.paypal.com/docs/payfl ... n%20errors.
(Optional) Checks for a duplicate order. If you pass ORDERID in a request and pass it again in the future, the response returns DUPLICATE=2 along with the ORDERID.
Note: Do not use ORDERID to catch duplicate orders processed within seconds of each other. Use ORDERID with Request ID to prevent duplicates as a result of processing or communication errors.
So the duplicate within seconds is what i'm trying to avoid.
I could not find any information about Request ID.
After adding the
$request .= '&INVNUM=' . (int)$order_info['order_id'];
I noticed that my paypal payments now show the opencart order number, so it does seem like its doing something.
Since i added this and fixed a bug that wasn't letting my 'confirm order' button become disabled while processing, all duplicate orders have stopped until this morning.
I got a duplicate this morning from someone with an invalid email, not sure if that had anything to do with letting the duplicate slide in
The sender of this payment doesn't have a PayPal account yet.
invalid_email_supplied@PayPal.com
Any help would be appreciated to get this resolved.
https://developer.paypal.com/docs/payfl ... ow-headers
It's set here.
https://github.com/opencart/opencart/bl ... w.php#L132
Maybe it's too random and mt_rand() would be better changed to a time value with a resolution of seconds or minutes.
is it just a matter of adding this line and that will fix the duplicate payments?
curl_setopt($curl, CURLOPT_HTTPHEADER, array('X-VPS-REQUEST-ID: ' . md5($this->session->data['order_id'] . mt_rand())));
Other than that store the ID in the session and regenerate on a payment error.
Users browsing this forum: No registered users and 63 guests