Re: WorldPay Module version 2.0 - Support thread
i finally got a email back from Worldpay today, and they said most of the XSS and whitelist changes should be in place by september 30th (i wouldnt hold your breathe though)
And he will email me next week with a exact list of changes that have and will be made
........but im sure i will have to email them first to get that!
I Shall put the info whenever i get it :)
Re: WorldPay Module version 2.0 - Support thread
Ooba and Bigenuf, you have been very good in the absence of Philip but frankly this is all really starting to wear me down.
I did the Worldpay override folder thing so that the receipt page displays ok and it works OK in Internet Explorer as long as you tell it to display secure and non secure content BUT in Firefox, it will not display the stylesheet information.
It does not work at all anyway if you remove the base href tag in html_header.php
Until I can get past these problems, there is no point in going any further.
I have emailed Philip but I fear he will not wish to help or it will be for a fee which I cannot afford.
I am wondering whether to cut all the aggravation and just use Paypal.
I have read all these new posts from people with all their problems and with the uncertainty of whether Worldpay have finished their ridiculous filtering or not, I can't see an end to it for a long time.
Those of us who do not know much about PHP or sessions blah blah blah, are just left groping about in the dark. I now have 1 day to design a completely new website before I can no longer use my old working one that displays prices :frusty:
Re: WorldPay Module version 2.0 - Support thread
you need to keep the base href tag in html_header now. Worldpay stopped filtering the base href tag now lol.
Your say it doesnt work in firefox.... what does it look like? so not styled at all? is that because you removed the base href tag?
is it all bunched up? if it works in ie i would expect it to work in firefox.......have you got a screenshot of what it looks like in both?
Have you done view source in both browsers and tried to compare them to see if anything is different.
Re: WorldPay Module version 2.0 - Support thread
Also pete, did you say that you are no longer able to display prices?
Cant you just turn prices off or turn the shop into a 'showcase' so you dnt see the prices........saves re-designing a new site.
I think changing it into a showcase site would be pretty quick and painless
And you may aswel use paypal aswel....quick and easy to set up and at least it is one payment option for your customers to use while you are sorting out your issues with worldpay
Re: WorldPay Module version 2.0 - Support thread
With a standard module, with all of the options installed correctly and the callback set up correctly, does anyone have one list of outstanding issues ?
As far as I can see, Worldpay did what I told them to and put the base href tag in, so the issue remaining appears to be that javascript CSS menus aren't wroking (that's almost certainly never going to work because they were banning the script tag), and that mixed content is being banned, e.g. SSL from worldpay mean not pulling in non-ssl items from your website if you don't have a certificate, whihc would be stylesheets and images.
There also appears to be some problem with the footer and div's being stripped if they are empty ?
Philip.
Re: WorldPay Module version 2.0 - Support thread
Hi all,
I've been lurking here for quite a while now.
I'm not too good with coding and scraped through by trial and error so I'm not going to be a great help but I have a couple of points:
My store's been running over 2 years and I didn't upgrade to Philip's newer WorldPay module - it is still using the old url's to their servers rather than the rbs versions. Strangely the shop still seems to be functioning fine although I do have the whitelisting set to off. Customers come back and continue navigating correctly. And no feedback with complaints. I've no idea why I've escaped but maybe someone can see a clue or direction to work towards?
I know I'll need to change very soon but I'm waiting until the very last until all the stupid changes are finalised.
Petelutonuk - I've got "The book". I had a quick look through and it might have a bit of help for your unusual situation.
In Admin>Configuration>Customer details, there are two separate options (about lines 12 and 13 on my setup)
Customer shop status
Customer approval status
I believe changing these options should work for you
In particular "Customer approval status" has a choice "may browse but cannot see prices until authorised"
Best of luck hope it does the trick.
Cheers
Dave Clarke (no - definitely no relation to Philip)
Re: WorldPay Module version 2.0 - Support thread
Quote:
Originally Posted by
Some Bloke
Hi all,
I've been lurking here for quite a while now.
I'm not too good with coding and scraped through by trial and error so I'm not going to be a great help but I have a couple of points:
My store's been running over 2 years and I didn't upgrade to Philip's newer WorldPay module - it is still using the old url's to their servers rather than the rbs versions. Strangely the shop still seems to be functioning fine although I do have the whitelisting set to off. Customers come back and continue navigating correctly. And no feedback with complaints. I've no idea why I've escaped but maybe someone can see a clue or direction to work towards?
I know I'll need to change very soon but I'm waiting until the very last until all the stupid changes are finalised.
You'd better not publish the location of your shop. The reason why version 2 of the module was created is because it's possible to fool your shop into believing that items have been paid for and approved by worldpay with the first version of the module. It's also possible to discount items by knocking of xx% amount where worldpay would then also send you items have been paid emails, and unless you check every amount it's very easy to execute fraud.
Philip.
Re: WorldPay Module version 2.0 - Support thread
Quote:
Originally Posted by
philip_clarke
You'd better not publish the location of your shop. The reason why version 2 of the module was created is because it's possible to fool your shop into believing that items have been paid for and approved by worldpay with the first version of the module. It's also possible to discount items by knocking of xx% amount where worldpay would then also send you items have been paid emails, and unless you check every amount it's very easy to execute fraud.
Philip.
Thanks for that Philip, I didn't realise it was quite that bad. In my situation (I sell very few items and price adjustments would stand out very clearly) I feel less worried about the second scenario but the first one sounds pretty scarey.
Would worldpay's payment confirmation email be tricked as well (I always check that the shop's and Worldpay's email payments agree)
i.e. would it be ok to wait a week or two for the complete solution or should I treat it as an emergency.
Nice to see you back.
Dave
Re: WorldPay Module version 2.0 - Support thread
The chances of someone doing this to your shop are small, not because it's not possible, but because the user base is not that large and the criminal community never paid that much attention. The worldpay email can be faked very easily to say that payment's been made and the details that a criminal would need would all be on your shop. If you don't want to upgrade then I suggest that with each order you log onto worldpay to confirm each order and that the order has taken place.
Philip.
Re: WorldPay Module version 2.0 - Support thread
Quote:
Originally Posted by
philip_clarke
The chances of someone doing this to your shop are small, not because it's not possible, but because the user base is not that large and the criminal community never paid that much attention. The worldpay email can be faked very easily to say that payment's been made and the details that a criminal would need would all be on your shop. If you don't want to upgrade then I suggest that with each order you log onto worldpay to confirm each order and that the order has taken place.
Philip.
Hi Philip,
Thanks for the clarification.
Do you think there is any link between my apparent lack of problems (with visual rendering etc.) due to still using their old servers or is it just co-incidence. I'm a bit worried about making changes that might need several tweaks - I'd rather do the whole thing in one go and get it over with.
Cheers
Dave