View unanswered posts | View active topics

Board index » Loaded Commerce Support » Payment Processing & Gateways

All times are UTC - 5 hours

PCI / Verisign (paypal) and silent return URL

Moderator: Moderators

Page 1 of 1

[ 7 posts ]

Previous topic | Next topic

Author

Message

cheapo

Post subject: PCI / Verisign (paypal) and silent return URL

Posted: Wed Sep 01, 2010 6:08 pm

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

This is a subject that hasn't been written about for a while that I can find but I need help.

I was using Paypal's payflowpro (used to be verisigns payflowpro) but with the PCI compliance need to have credit card information be sent off site to get processed (in order to have an easier time being compliant) I decided to transition to payflowlink and use an old module that I had to update so it passed the shipping infomation and update the link.

It works! BUT the problem is people don't seem to finalize the order once paypal gives them the "APPROVED" message. This has the credit card get processed but nothing is sent back to the database to get recorded. (they have to press the finalize button for that to happen).

Now there is a silent post option that was used in the past that is supposed to go to "verisignreturn.php" in the background to write the order without the customer having to press the final button. But it doesn't work. :cry:

Here is the verisignlink.php file:

Code:

<?php
/*
  $Id: verisign.php,v 1.16 2002/01/20 16:07:40 hpdl Exp $
  The Exchange Project - Community Made Shopping!
  http://www.theexchangeproject.org
  Copyright (c) 2000,2001 The Exchange Project
  Released under the GNU General Public License
*/
  class verisign {
    var $code, $title, $description, $enabled;
// class constructor
    function verisign() {
      $this->code = 'verisign';
      $this->title = MODULE_PAYMENT_VERISIGN_TEXT_TITLE;
      $this->description = MODULE_PAYMENT_VERISIGN_TEXT_DESCRIPTION;
      $this->sort_order = MODULE_PAYMENT_VERISIGN_SORT_ORDER;
      $this->enabled = ((MODULE_PAYMENT_VERISIGN_STATUS == 'True') ? true : false);
//     $this->form_action_url = 'https://payflowlink.verisign.com/payflowlink.cfm';
     $this->form_action_url = 'https://payflowlink.paypal.com';
    }
// class methods
    function javascript_validation() {
      return false;
    }
    function selection() {
      return array('id' => $this->code,
                   'module' => $this->title);
    }
    function pre_confirmation_check() {
      return false;
    }
    function confirmation() {
         return false;
    }
    function process_button() {
      global $HTTP_POST_VARS, $CardName, $CardNumber, $order, $total_tax, $shipping_cost;
//        $HTTP_POST_VARS[$HTTP_POST_VARS['USER1']] = $HTTP_POST_VARS['USER2'];
//        $HTTP_GET_VARS[$HTTP_POST_VARS['USER1']] = $HTTP_POST_VARS['USER2'];
//        reset ($HTTP_POST_VARS);
//        reset ($HTTP_GET_VARS);
    $_POST[$_POST['USER1']] = $_POST['USER2'];
    $_GET[$_POST['USER1']] = $_POST['USER2'];
    reset ($_POST);
    reset ($_GET);
      if (strlen($HTTP_POST_VARS['payflowlink_cc_first_name']) && strlen($HTTP_POST_VARS['payflowlink_cc_last_name'])){
      $Name = $HTTP_POST_VARS['payflowlink_cc_first_name']. ' ' . $HTTP_POST_VARS['payflowlink_cc_last_name']; }else{
      $Name = $order->customer['firstname'] . ' ' . $order->customer['lastname'];
      }
      $process_button_string = tep_draw_hidden_field('LOGIN',login).
                               tep_draw_hidden_field('PARTNER',partner).
                               tep_draw_hidden_field('TYPE',MODULE_PAYMENT_VERISIGN_TYPE) .
                               tep_draw_hidden_field('EXPDATE', $this->cc_expiry_month . $this->cc_expiry_year) .
                tep_draw_hidden_field('AMOUNT', number_format($order->info['total'], 2, '.', '')).
                 tep_draw_hidden_field('SHIPAMOUNT', number_format($order->info['shipping_cost'], 2, '.', '')).
                tep_draw_hidden_field('TAX', number_format($order->info['tax'], 2, '.', '')).
                               tep_draw_hidden_field('NAME', $Name) .
                               tep_draw_hidden_field('ADDRESS', $order->customer['street_address']) .
                               tep_draw_hidden_field('CITY', $order->customer['city']) .
                               tep_draw_hidden_field('STATE', $order->customer['state']) .
                               tep_draw_hidden_field('ZIP', $order->customer['postcode']) .
                               tep_draw_hidden_field('COUNTRY', $order->customer['country']['title']) .
                               tep_draw_hidden_field('PHONE', $order->customer['telephone']) .
                               tep_draw_hidden_field('EMAIL', $order->customer['email_address']) .
                               tep_draw_hidden_field('NAMETOSHIP', $order->delivery['firstname'] . ' ' . $order->delivery['lastname']) .
                               tep_draw_hidden_field('ADDRESSTOSHIP', $order->delivery['street_address']) .
                               tep_draw_hidden_field('CITYTOSHIP', $order->delivery['city']) .
                               tep_draw_hidden_field('STATETOSHIP', $order->delivery['state']) .
                               tep_draw_hidden_field('ZIPTOSHIP', $order->delivery['postcode']) .
tep_draw_hidden_field('ECHODATA', 'True') .
tep_draw_hidden_field('SHOWCONFIRM', 'False') .
tep_draw_hidden_field('DISABLERECEIPT', 'False') .
                               tep_draw_hidden_field('USER1',tep_session_name()) .
                               tep_draw_hidden_field('USER2',tep_session_id()) .
                               tep_draw_hidden_field(tep_session_name(),tep_session_id()) .
                               tep_draw_hidden_field('COUNTRYTOSHIP', $order->delivery['country']['title']);
      return $process_button_string;
    }
    function before_process() {
      return true;
   }
    function after_process() {
     return false;
    }
    function output_error() {
      return false;
    }
    function check() {
      if (!isset($this->check)) {
        $check_query = tep_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_STATUS'");
        $this->check = tep_db_num_rows($check_query);
      }
      return $this->check;
    }
    function install() {
      tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable VeriSign', 'MODULE_PAYMENT_VERISIGN_STATUS', 'True', 'Do you want to accept VeriSign payments?', '6', '3', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())");
     tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Login ID', 'MODULE_PAYMENT_VERISIGN_LOGIN', '', 'Your VeriSign Login ID.', '6', '2', now())");
      tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Partner ID', 'MODULE_PAYMENT_VERISIGN_PARTNER', '', 'Your VeriSign Partner ID.', '6', '3', now())");
      tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Transaction Type', 'MODULE_PAYMENT_VERISIGN_TYPE', 'S', 'What is the transaction Type? (S = Sales)', '6', '3', now())");
      tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort order of display.', 'MODULE_PAYMENT_VERISIGN_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())");
    }
    function remove() {
      tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_STATUS'");
      tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_LOGIN'");
      tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_PARTNER'");
      tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_TYPE'");
      tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_VERISIGN_SORT_ORDER'");
    }
    function keys() {
      $keys = array('MODULE_PAYMENT_VERISIGN_STATUS', 'MODULE_PAYMENT_VERISIGN_LOGIN', 'MODULE_PAYMENT_VERISIGN_PARTNER', 'MODULE_PAYMENT_VERISIGN_TYPE', 'MODULE_PAYMENT_VERISIGN_SORT_ORDER');
      return $keys;
    }
  }
?>

Then the verisignreturn.php

Code:

<?php
/*
  $Id: versignreturn.php,v 2.2-vl 2003/03/10 23:52:29 rdo Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce
  This is a revised version for the Verisign Link module.
  Released under the GNU General Public License
*/

//global $HTTP_POST_VARS,$HTTP_GET_VARS;
if($_POST['RESPMSG'] == 'Approved') {

    $_POST[$_POST['USER1']] = $_POST['USER2'];
    $_GET[$_POST['USER1']] = $_POST['USER2'];
    reset ($_POST);
    reset ($_GET);
        }
$postparameters='';
while (list ($key, $val) = each ($_POST)) {
$postparameters .= $key.'='.urlencode($val).'&';
}
include('includes/application_top.php');
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, $postparameters , 'SSL', false, false));
?>

IF I attempt to use the silent post and point it to the verisignreturn.php file the credit card gets processed but then voided because it doesn't get a 200 success error. Which from this post "starting with the Eureka! post" http://forums.oscommerce.com/topic/1415 ... gn-issues/

says is because the last "redirect" line.

So I have spend the last 3 days working to try their solution (which doesn't work) Or anything else I can think of....

Can anyone help? Point me in the right direction? Tell me I'm screwed? etc.

Thank you,
Mike

Top

cheapo

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Sat Sep 04, 2010 9:48 am

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

Well it sort of works.... You can not have the forced option selected or it will void the transaction because the response header will not give a '200' success so paypal/verisign will void the transaction automatically.

Not the best solution but it allows 100% off site CC processing so form A here I come.

Top

cheapo

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Thu Nov 25, 2010 11:43 am

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

I left this thread is bad shape but I did get it to work by following the instructions in the link http://forums.oscommerce.com/topic/1415 ... gn-issues/ .... There is a new problem with paypal payflow link and the silent post that I am having.

I am hoping SOMEONE out there is also using paypal payflow link and is also having this problem because paypay has closed by ticket as "SPAM" and the support person is telling me that my script is the problem.

I am a hack so I don't know how to verify if there is anything being sent to the silent post URL.

BOTH the silent post URL and the return URL are the same file. The only difference is that the return URL work IF, and ONLY IF, someone click a last button after the credit card is processed. If they don't click on the link the card is charged but the order isn't written back to the shopping cart.

I am so pissed I can't see straight. The person at Paypal swore it never worked (I have orders proving it worked in this same config).
Then after him repeating the same stuff for a third time he wrote "That is happening to the post data we are trying to send to you and it is incorrect. You shouldn't be forwarding it to a different place. Your script should be accepting the information we post to it, and then posting it back to confirm that you've received it."

So it almost sounds like there was a change IF I am supposed to post the data back?!?!? But that isn't what I understand from all the files I can find. Paypal just looks for a 200 response. Which I do give otherwise the link that requires a click to return to my site wouldn't work either.

So what I am asking is does anyone use paypal payflow link?
Is it still working for you?

If no, does anyone have an idea how I can check if the silent post is sending anything? I.E. Direct the silent post info to a file?

Any help is appreciated since tomorrow is black Friday :-(

Top

cheapo

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Fri Nov 26, 2010 11:38 pm

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

Hmmmmm....
Well I was able to get a verification that PAYPAL is sending a silent post back but for some reason what was working with the silent post isn't now.
I guess I didn't know what made it work and now what makes it so it doesn't.

I was able to add this and verify information is being passed back by adding this to the top of checkoutprocess.php:

Code:

if($_POST['RESPMSG'] == 'Approved') {
$pflresult='verisignreturnedinfo.txt';
$postparameters='';
  while (list ($key, $val) = each ($_POST)) {
    $postparameters .= $key.'='.urlencode($val) . '&';
  }
  $fp = fopen($pflresult, 'a');
  flock($fp, LOCK_EX);    
  fwrite($fp, '-' . $postparameters . "\n" );
  flock($fp, LOCK_UN);
  fclose($fp);

And it worked when the silent post is sent data from PAYPAL. The verisignreturnedinfo.txt file gets the data written to it.
This tells me that the response message aka RESPMSG does come back as Approved.
That then triggers the file to be written.

So could someone please at least help me understand why at one time just adding the following to checkout_process.php caused it to work?

Code:

    $_POST[$_POST['USER1']] = $_POST['USER2'];
    $_GET[$_POST['USER1']] = $_POST['USER2'];
    reset ($_POST);
    reset ($_GET);

What it seems like to me is that oscsid was passed back through the "user2" variable then used to record the order. By looking in the verisignreturnedinfo.txt file I do see the oscsid is still passed back but I can't understand why it no longer works.....

I guess I must have pissed of some people here since I haven't received any help since I was frustrated with the direction CRE was going but would someone please help?

Mike

Top

cheapo

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Sun Nov 28, 2010 3:58 pm

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

I am going in circles but here is a bit more info:

On the silent post the data does get sent back and when I added:

Code:

fwrite($fp, 'customerID ' . $_SESSION['customer_id'] . "\n" );

The silent post doesn't have the session customer_ID.

The regular post does.

So I am guessing for some odd reason the session is kept when the customer clicks but doesn't when sent through the silent post.

In fact if the

Code:

    $_POST[$_POST['USER1']] = $_POST['USER2'];
    $_GET[$_POST['USER1']] = $_POST['USER2'];
    reset($_POST);
    reset($_GET);

is placed above the include('includes/application_top.php'); line like previously instructed the entire process doesn't log the order it just gets redirected the login.php file seeming to kills the session info....

After 4 days I need a break...... And help.

Top

taische

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Tue Aug 30, 2011 7:29 pm

CRE Newbie

Joined: Tue Aug 30, 2011 7:25 pm
Posts: 1

Excellent detective work- thank you for sharing your process. Were you ever able to get the silent return URL to return the session customer_ID?

Top

cheapo

Post subject: Re: PCI / Verisign (paypal) and silent return URL

Posted: Wed Aug 31, 2011 4:48 pm

CRE Talented

Joined: Thu Dec 25, 2008 5:09 pm
Posts: 460
Location: CO

Funny thing is that I have not... I made this option the lowest option in the payment choices and the use has dropped drastically to the point that it is used about once in a couple of months now.

I would love to have a fix but I gave up and have not had enough transaction on this payment method to make me even check to see if it works now or not.

Mike

Top

Page 1 of 1

[ 7 posts ]

Board index » Loaded Commerce Support » Payment Processing & Gateways

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

FAQ

It is currently Wed Feb 08, 2012 7:19 am

Main Menu

Login

Top Listing

1. Cart2Cart - Shopping...
Category: Shopping Cart Database Conversion Scripts

2. Points & Rewards PLUS!...
Category: Add-Ons

3. Configuration Server...
Category: Fixes

4. Credit Card with CCV
Category: Payment Modules

5. CC7333_ATS
Category: Templates

Members Online

Follow Us on Twitter

An error occurred

Oops, an error seems to have occurred. We're sorry for any inconvenience this might have caused. If the error persists, feel free to tell us about it.

CRE Loaded Community Chat hosted by CRE Loaded.

Join now

Chat about what's on your mind. More about public chats.