My Boss! lol :yes:Quote:
Originally Posted by niccol
No seriously it's cost. With the added benefit of PCI certification in 10 minutes rather than days. Sage (at the time) didn't compete.
Printable View
My Boss! lol :yes:Quote:
Originally Posted by niccol
No seriously it's cost. With the added benefit of PCI certification in 10 minutes rather than days. Sage (at the time) didn't compete.
Unusable data to me.Quote:
Originally Posted by niccol
Possibly maybe.... Have you ever sat and had a read of the PCI DSS SAQ level 4 plus guidance notes? Unless it's your subject it can really make you feel incompetent. :lamo:Quote:
Originally Posted by niccol
I'm going to backup my tables by exporting the data and then dropping table data older than 12mths, for me it then makes it manageable, GDPR compliant (I think) whilst keeping PCI compliance data available and complying to the full length of the law (UK). So yes If someone did add a trim function please consider an export function too.
Good luck!
Could a lot of that data be "debug" data
Is there a debug setting, and is it turned on?
This module emails debug data with an option in Admin for mail distribution list. I remember I used it previously but not great reporting. Also worldpay email callback dumps with response data only on failure. Debug always emails... Everything.Quote:
Originally Posted by gilby
The data table names are request, session, post, & server. Remembering this is an off site payment module I think this is the raw data encrypted!
Looked a bit deeper..... its the data for the admin > customers > worldpay payments
example:
Which of course is part of your AVS and other cross checks with worldpay.... or so my understanding of this goes.Code:Original Billing Address:
17 Any Road
Suburb
Town
WorldPay CC Address:
17 Any Road
Another Town
Warning: Address Mismatch
The module stores the complete state at the time of processing. So, all the post variables, all the session variables, all the server variables, and all the request variables. I think this is just someone in the past thinking one of two things. Either that some of this stuff may be useful for compliance. Or that they don't really know so they are going to store it anyway.
The code block looks like this (so would be easy enough to change to disable the storage of this data).
As I say, I do not want to get into the nitty-gritty of this, and yes I have read my way through the PCI guidance notes. I don't think that this is a compliance issue but I am not an expert.Code:$str['POST'] = base64_encode(serialize($_POST));
$str['SESSION'] = base64_encode(serialize($_SESSION));
$str['SERVER'] = base64_encode(serialize($_SERVER));
$str['REQUEST'] = base64_encode(serialize($_REQUEST));
if($_REQUEST['transStatus'] == 'C'){
$_POST['transId'] = 'Cancelled';
$_REQUEST['transId'] = 'Cancelled';
}
$db->Execute("INSERT INTO `".TABLE_WORLDPAY_PAYMENTS."` (cartId, worldpay_transaction_id, POST, SESSION, SERVER, REQUEST) VALUES ('".zen_db_input($_POST['cartId'])."', '".zen_db_input($_POST['transId'])."', '". $str['POST'] ."', '". $str['SESSION'] ."', '". $str['SERVER'] ."', '". $str['REQUEST'] ."')");
My solution would always be to use another gateway. This is because the underlying methods of Worldpay are just horrible. I understand that Worldpay is slightly cheaper but as a programmer and not a business owner I don't think the savings are worth it. Different perspectives.
I agree, not the nicest experience for the customer either.Quote:
Originally Posted by niccol
Hi all. The plugin works great for me other than one issue. After people choose to pay via WorldPay, they are taken to the WorldPay site. All the processing is done there, and the customer returns to the Zen Cart order confirmation page. Everything seems fine,tbut the issue is that none of the Worldpay orders are logged under 'Transactions' in our Google Analytics account. All orders placed on our site using Paypal are logged on Analytics but not the Worldpay ones. This has been an ongoing issue for us. Today I copied all of the *clean* files again from the plugin to our server. The only changes I have made (changes made by the developer) is to change the following code in includes/modules/payment/worldpay.php.
to:Code:function selection() {
if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
case 'Radio Buttons' :
return array('id' => $this->code,
'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
break;
case 'Select Box':
$this->cc_drop = array();
array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
return array('id' => $this->code,
'module' => $this->title.'</label> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
break;
default:
return array('id' => $this->code,
'module' => $this->title);
}
}else{
return array('id' => $this->code,
'module' => $this->title);
}
}
Other than that it a clean installation.Code:function selection() {
if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
case 'Radio Buttons' :
return array('id' => $this->code,
'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
break;
case 'Select Box':
$this->cc_drop = array();
array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
return array('id' => $this->code,
'module' => $this->title.'</label><p align="center"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
break;
default:
return array('id' => $this->code,
'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label> ');
}
}else{
return array('id' => $this->code,
'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label>' );
}
}
Could the changes above be somehow stopping Google Analytics from logging any Worldpay orders made on our site cadwyngifts.com ? I hope the above is clear. I would greatly appreciate any feedback.
It will be because of the weird 'order confirmation' page that Worldpay uses.Quote:
Originally Posted by bonheddwr
By which I mean that the page after the customer enters their details ssuccessfully is generataed by the worldpay server rather than your server. The GA code will be on the page that your server generates so may never get actioned in the Worldpay way of doing things.
So, I think that the good news is that it has not got to do with the changes that your developer has made. The bad news is that it is going to be challenging to rectify.
:-)
Thanks Nicco for the information! I have heard many people complain about WorldPay's weird setup! But the strange thing is, other people seem to use the WorldPay and GA plugins, and the orders are logged in their analytics. Could it be something to do with the options I have chosen on the Worldpay site itself therefore?Quote:
Originally Posted by niccol