Printable View
I too am having a callback problem. Have entered all the right settings into Worldpay but after payment details are entered I just get directed to the WorldPay thank you page and not back to my site. Any help gratefully appreciated.:smile:
Could it be anything to do with the Payment response Password field needing something in it on the worldpay admin???? I am stabbing in the dark!
Ignore my last post...I have fixed the problem! Worldpay were extremely helpful.
Hi,
Is it possible to use the same worldpay account on 2 different websites, how would worldpay know which site to callback to ? Would it be different if one of the sites was not zen cart? I am setting up a new zen cart store but already use worldpay on a different type of site, at the moment in worldpay there is no call back url entered but the shopping site works fine. If i was to add a callback in there fr the new zen cart site would it mess the other site up ?
Thanks
Hello all again
I have a problem with Worldpay merchant id's and im a little unsure what's going on
we have two shops one for retail one for trade customers
I recently updated the trade shop to Zen Cart from our own design by copying the entire database from the retail store to a new install of Zen Cart and installing a few mods and changing a few settings, this is working great.
We also have two Worldpay merchant accounts one for retail and one for trade.
Since moving to Zen Cart all orders have been going to the wrong merchant id.
I re-installed the Worldpay module and set up the Worldpay Installation ID but payments are still going to the wrong merchant id
can anyone help? :frusty:
Zen Cart 1.3.8
Database Patch Level: 1.3.8
v1.3.8 [2008-03-11 14:24:37] (Fresh Installation)
Thanks!
Rich.
I am having a problem with world pay on the checkout confirmation page, when worldpay is chosen as a payment method, the finalize button does not show up on the checkout confirmation page. It will show everything uptill the finalize button - so basically you can't checkout with world pay.
Also the right side bar and footer doesn't load, its basically the page stops loading at this point :
Anyone know why this happens, checkout with PayPal is fine. This problem happened after i moved servers and upgraded to 1.3.8 from 1.3.7.Code:<form name="checkout_confirmation" action="https://select.worldpay.com/wcc/purchase" method="post" id="checkout_confirmation" onsubmit="submitonce();">
We are currently using WorldPay as out payment gateway on our Zen Cart and all has been going well until now.
Yesterday someone purchased an order on our website and we received the email email back from WorldPay saying how much the order was for etc, but we never received an email from Zen Cart (as we normally do) detailing exactly what the order was.
Can anyone please help?
This is what error message we get when people use WorldPay.
Home :: WorldPay
Warning: Cannot modify header information - headers already sent by (output started at /home/london/public_html/shop/includes/templates/template_default/common/html_header.php:22) in /home/london/public_html/shop/includes/functions/functions_general.php on line 44
Here is the offending line 44 in functions_general.php
header('Location: ' . $url);
Can anyone possibly help me with this?Quote:
Originally Posted by apovey
Quote:
Originally Posted by duncanad
Hello, i have this problem and this did not solve it, do you have another suggestion?
Normally 'headers already sent' means there is an extra line in the file.Quote:
Originally Posted by apovey
Open the mentioned files, scroll to the bottom of them and see if there is an exra return after the final ?>.
Delete the extra spaces.
I have the same problem as sharper, on final checkout page there is no "pay" button.
Any pointers?
I have the same problem as sharper130 & bigbadboy...
I have this working on other sites for months - but a new install has not worked from the start.
If I select Cheque as a payment i get a confirmation button
If I select worldpay as payment the page loads up to.....
<form name="checkout_confirmation" action="https://select.worldpay.com/wcc/purchase" method="post" id="checkout_confirmation" onsubmit="submitonce();">
and then stops.
Any ideas????
Marc
I have the same issue. No final submit order button???
Please help. I am live but now see the Callback function not working. WorldPay completes the transaction and returns the user to a blank template of my store with no info. The url is shown as
https://select.worldpay.com/wcc/card
Also the order does not get updated into Zen Cart.
I have double-check and triple-checked my installation and have clearly missed something. Other data points to know:
- Payment reponse URL set to http://<wpdisplay item="MC_callback"> with the enable response box ticked.
- enable Shopper response is ticked
- ZenCart shows the module set to live
What have I done wrong?
Hi I am also having an issue with the callback from worldpay.
Worldpay takes the payment and sends the payment notification and transfers to the zen cart site. When this happens I get the following error:
Warning: Cannot modify header information - headers already sent by (output started at /home/*****/public_html/includes/templates/ZC03C00094/common/html_header.php:22) in /home/*****/public_html/includes/functions/functions_general.php on line 44
I have posted in this thread but still have the issue despite following the advise given: http://www.zen-cart.com/forum/showthread.php?t=79162
I have tried the above template and the classic template and get the same error.
Any help would be much appreciated
Cheers
Brian
Alan
Can you help please! I've tried all the options in this thread and still none the wiser. installing SSL on the hosting is not an option currently.
I have a live site ppekit co uk. all has been working fine since feb until the WP update and a new junior Id was given to my client payments into a separate merchant account.
Prior to this it all seemed to be working fine with an alternative Junior ID. New ID was activated may 15th.
The problem it seemed was intermittant orders not appearing on the backend. The first time it happened it was attributed by worldpay to being a session or time out error. Today we had three payments accepted and no orders on the backend.
After extensive testing in test mode the intermittent problem might be attributed to this.
If the client is using IE7 and goes through with a sucessfull worldpay transaction. a pop up diaglue appers with (you guessed it) secure and insecure items with the csshover.htc error. sometimes a no click can result in no order being added to the backend but this doent not appear to be consistent.
firefox is fine.
Any heko would be greatly appreciated, my client is very concearned as he has to contact the customer directly and it appears unproffessional.
many thanks
Sarah
How do I check what items are non secure on my checkout pages, everything was working fine until I installed this mod :(
I tried the debug plugin but that doesn't help..
http://www.allgoodideas.co.uk
Any help appreciated
Kind Regards
AfterHouR
Problem sorted :)
For some reason with the sidebox Reviews enabled it kicked out the error...
Anyone else having the same problems with unsecure items being displayed check these first..
I hope that helps.
Kind Regards
AfterHouR
http://www.allgoodideas.co.uk
Oh, sorry just remembered..
I had another error too
entering the following script to display the worldpay logos gave me a w3c validation error..
<script language="JavaScript" src="https://www.worldpay.com/cgenerator/cgenerator.php?instId=XXXXX"></script>
if you change the above to
<script type="text/javascript" src="https://select.worldpay.com/wcc/logo?instId=XXXXX"></script>
It then passes w3c validation
(replace xxxxx with your worldpay id)
Regards
AfterHouR
http://www.allgoodideas.co.uk
Quote:
Originally Posted by AfterHouR
Sorry problem not sorted, I still have unsecure items on the page and cannot figure out where :frusty:
Hi I posted this problem a few days ago concerning the worldpay module. I am still no further forward in fixing the issue. Any help would be greatly appreciated.
Worldpay takes the payment and sends the payment notification and transfers to the zen cart site. When this happens I get the following error:
Warning: Cannot modify header information - headers already sent by (output started at /home/*****/public_html/includes/templates/ZC03C00094/common/html_header.php:22) in /home/*****/public_html/includes/functions/functions_general.php on line 44
I have posted in this thread but still have the issue despite following the advise given: http://www.zen-cart.com/forum/showthread.php?t=79162
I have tried the above template and the classic template and get the same error.
Any help would be much appreciated
Cheers
Brian
I've had a few sites running Zen Cart v1.3.7 and the World Pay module succesfully for some time.
My hosting company upgraded to PHP v5 at the weekend and it seems this has broken the World Pay module. Other payment modules are still working fine, but when a customer selects the World Pay option the page doesn't fully load so there's no button to press to continue with the order.
It sounds similar to what some other people are reporting (are they also running on PHP v5?), although I haven't investigated this fully yet. I will report back when I find out what the problem / solution is. But I thought I'd post here just in case someone else has already run into problems with the World Pay module when upgrading to PHP 5 and figured out the solution!
Are there any known incompatibilities between the World Pay module and PHP v5?
Is anyone using the World Pay module succesfully with PHP 5 and Zen Cart v1.3.7?
have you looked at this thread also ?
http://www.zen-cart.com/forum/showthread.php?p=384852
hello, i am new to this forum, and i am looking for a a merchant account. I guess i am cosidered high risk. I own a land based pharmacy, and i also have it online. Does anyone have any information that would be useful?
This Css error has not been resolved but I have been contacted by world pay who have finally owned up to having some transaction errors on their server last week that can be attributed to this sort of error.Quote:
Originally Posted by swalka
Alan - if you are around can you advise on the CSS issue please. thanks in advance.
This is a reply to those who have reported issues with this module running on PHP 5.
Firstly - I don't as yet Have PHP 5 running on my server so I have not been able to do any testing on PHP 5
Secondly the existing WorldPay module is based on ZenCart 1.2x code so it is really past it's sell by date and this may be the core of the PHP issues.
I have completely re-written the module based on v 1.3x code and this works well on my test site. I suspect this may well work OK on PHP 5 but I don't know. There is still a little tidying up of templates to so but I am willing to release my current fileset on the basis that anyone installing it should do so on a test installation only and that they provide feedback via this forum. I am particularly interested to know if this solves the PHP 5 issues.
If you have the previous version of this module installed this must be uninstalled and the fileset completely removed from the server. The new version has an almost completely new fileset.
You can download my new version - at your own risk - from my website at http://www.workingit.co.uk/ZenCart/W..._v1.0_beta.zip
I await feedback with bated breath.
Regards,
Alan
Happy to install this one on a site thats ready to go live but waiting for a new jnr ID if thats any helP?Quote:
Originally Posted by duncanad
Swalka,
Let me know how things go when you get your new ID.
You could of course use an existing ID, if you have one, provided you set your new site up to operate in test mode only. This will not affect the operation of any live account using the same ID.
Regards,
Alan
Hi,
We had worldpay running on the old server without the porblem.
Recently we have transfered it to the new one with the new ip address, but after two weeks the worldpay callback still redirects to the old server.
What i mean - if I remove index.php on the old server callback fails.
That is the only mod that is causing that issue
We had to leave the website running on the both servers with the session id's beeing stored in the database to be able to still get sales, but we don't want to be with the both companies forever.
This only happens for this one website as 3 new ones on the same server work, when i change the settings in configure.php to go by the ip address callback works as well so i thing that worldpay may have cached the dns records, and somehow these settings are still being kept by worldpay.
Please advise if there is any chance for us to send the ip to worldpay instead of the url and how to change the callback link to be the ip address??
plus how zen_href_link is constructed??
Please advise
ozgdesign,
I think - but you might want to check - that WorldPay do not allow the use of ip addresses for callback.
My post here
http://www.zen-cart.com/forum/showpo...&postcount=285 describes how the module constructs the callback url.
I suggest checking that when moving your domain from the old server to the new one that you have correctly updated the name servers and/or IPSTAG details and that the includes/configure.php and admin/includes.php files on the new server have been updated to reflect the new server details.
As you suggest this sound like a DNS problem. I doubt that WorldPay cache DNS details - but your ISP might.
Alan
Has anyone downloaded my new fileset and tested this on a server running PHP 5? If so could you please report back success or failure.
I have tested the new version on ZenCart 1.3.8a on a server running PHP 4.3 and it works well. However ZenCart is now designed for use on PHP 5 so it important to know that the new version of the module will work on PHP 5.
Thanks,
Alan
We have your module running on 3 sites that are on the servers with php 5.1.6, I don't know where the new file set is but we have downloaded one from the zen cart download section and changed HTTP_POST_VARS to what you have sugested.
It works fine except that one website.
Hi Alan
I have tried the new version on php 5, I have been advised by worldpay that the test function for zen cart is not working, so I tried a live payment
I got this error message when being passed over to worldpay
[FONT=Verdana]Sorry, there was an error in processing this transaction:[/FONT][FONT=Verdana]PCSAT.liveOnTest[/FONT][FONT=Verdana]Server information[/FONT] [FONT=Verdana]24/Jun/2008 11:07:53[/FONT] [FONT=Verdana]Server ID mg1imscs5pa[/FONT] [FONT=Verdana](WPReq-52194)[/FONT]
My installation all works fine but I just wondered if anyone knows a way to get the transaction ID recorded somewhere within the order details in Zen Cart, would make pairing up orders with worldpay payments a lot easier. Thanks :smile:
Hi All
Yes I had the same problem below:
Secure Payment Page
Sorry, there was an error in processing this transaction:
The information sent from the merchant's site is invalid or incomplete. Please send the following information to the merchant:
The transaction cannot be processed due to one or more of the following:
* the installation ID field is blank or contains invalid characters
* a different submission protocol is required. For instance, a more secure submission may be required
* the installation number is invalid
Server information 28/Jun/2008 08:33:31 Server ID mg1imscs5pa (WPReq-50388)
I removed the old version files, the install ID is fine. Bit lost.....
Any ideas !
Thanks in advance
Chris
I have upgraded to the beta version of the new worldpay module - and this has fixed the php5 error error.
Now getting redirect 302 errors on the wp_callback
Will let you know if I find a solution - if anyone has any help i would love it.
the callback url is
http://www.fun##############################uk/index....ge=wp_callback
this seems to work
but worldpay says it is redirecting with error code 302 (redirect)
Error reported: Callback to http://www.fun##############################uk/index....e=wp_callback: NOT OK, recevied HTTP status: 302
Server Reference: mg1imspsp5:callbackFailureEmail-147686:MerchReq-172
So i am using the new beta version for php5
I am running PHP 5.2.6
My callback url (hidden input on step 3 of 3) says
<input name="MC_callback" type="hidden">
(NOTE: it has no value)
I am now trying to work out why and how to fix it.....
Marc
I am sorry to keep posting - but I want to ensure there is an audit trail in case anyone else has the same problem.....
I hard coded the call back url into the script.....
and now it gives me a callback error of....
Error reported: Callback to http://www.fun##############################uk/index....e=wp_callback: NOT OK, recevied HTTP status: 302
Server Reference: mg1imscs5pa:callbackFailureEmail-22302:MerchReq-638
However if you go to http://www.fun##############################uk/index....ge=wp_callback you get status 200 not 302!!! Worldpay say this is a script problem - but I cannot see why it would be as the page:
http://www.fun##############################uk/index....ge=wp_callback
works fine... with no redirection.
Marc
Sorry guys - me again.
So if i set the callback to go to http:// - i get status 302
If I set it to https:// (which has been set up) i get status 500 (error)
when i try to go to the https://callback page - i get a blank screen and the following error in the logs.....
[Wed Jul 02 00:58:26 2008] [error] [client 81.99.190.153] PHP Warning: require(includes/modules/pages/wp_callback/header_php.php) [<a href='function.require'>function.require</a>]: failed to open stream: Operation not permitted in /var/www/vhosts/fun##############################uk/httpdocs/index.php on line 36
[Wed Jul 02 00:58:26 2008] [error] [client 81.99.190.153] PHP Warning: require(includes/modules/pages/wp_callback/header_php.php) [<a href='function.require'>function.require</a>]: failed to open stream: Operation not permitted in /var/www/vhosts/fun##############################uk/httpdocs/index.php on line 36
[Wed Jul 02 00:58:26 2008] [error] [client 81.99.190.153] PHP Fatal error: require() [<a href='function.require'>function.require</a>]: Failed opening required 'includes/modules/pages/wp_callback/header_php.php' (include_path='.:/usr/share/pear') in /var/www/vhosts/fun##############################uk/httpdocs/index.php on line 36
The fun continues......
It seems that worldpay is getting redirected to:
Location: http://www.fun##############################uk/index....a4tdl3mpif7254
where does time_out come from :(
Marc
Ok this seems to be session related.....Quote:
Originally Posted by marcps
if the callback does not find the session it goes to TIME-OUT
if (!$_SESSION['customer_id']) {
zen_redirect(zen_href_link(FILENAME_TIME_OUT));
}
I have other payment modules - for Optimal Payments etc - which work ok on this server.
Is there anyone who fancies quoting me to fix this - need to get it sorted urgently.
Marc
If you contact the developer direct, and offer some money so he can free up some time for this, it might help you in your hurry. If you can't afford it, stay calm and wait for it to be finished like the rest. ;)Quote:
Originally Posted by marcps
I have installed the worldpay module and all seems fine except that zen cart does not tell me what my customers have ordered. I just get money transferred and no order in my admin console.
Help!!!
Steve B - you may find it is a PHP 5 issue - I still haven't resolved mine either.
Marc
http://www.zen-cart.com/forum/showpo...&postcount=325
New version for php5 testing and zencart 1.3* at earlier post in this thread.
URL above
Misty - I have already tried that....
I am stil not getting results :(
Marc
Suggest you contact mod dev and seek his help, even if you have toQuote:
Originally Posted by marcps
pay small fee....save u lot of time and trouble.
:smile:
I have now tested the beta on PHP5, and can confirm this bug ... :)Quote:
Originally Posted by marcps
Hello all any update on this callback bug?
The callback is not working. I am using zen cart version 1.37 with php 4.4 .
Re: Callback problem between Zen Cart and WorldPay (Workaround follows)
After extensive testing, a terrific friend has confirmed the issue IS DEFINITELY the ZC session not existing for the WP call back... (the final thankyou page is actually called by the WP web server itself and sent to the user/browser. Thus, the request comes from a machine that has no active session).
The following is a workaround to the problem that my friend has worked out for me. It’s not perfect (i.e. not 100% elegant) but does the job. If Alan and others who have their hands in the code would like extra (lengthy) observations/diagnostics that drove this workaround just let me know and I’ll forward my friends notes. Hopefully a more elegant solution will be incorporated into a future release.
WORKAROUND:
Create an "interim hack page" that echoes the callback info before it gets dropped. In the description below the hack page is called ‘wpcallbackhack.php’.
Step 1. Make one mod in the system... in the file includes\modules\payment\worldpay.php --
Line:
Now reads:Code:zen_draw_hidden_field('MC_callback', $worldpay_callback[1]);
Code:zen_draw_hidden_field('MC_callback', 'www.domain.com/store/wpcallbackhack.php?main_page=wpcallback' );
Step 2,. Place the hack page in the referenced directory. Suggest the the page includes an appropriate text message explaining what is happening so users don't get alarmed. (comfortably addresses concerns about credit card info being passed.) Go to http://www.justkiddintheatre.com/sto...llbackhack.php to see mine.
WP now calls the hack page... which then rebuilds the hidden form fields that WP would have posted in the call back... but we need to make the user click submit, so the request comes from the user's browser - which has an active session. Thus it works.
I will leave my WP in test mode for a few days if you want to see how it works in a real situation. www.justkiddintheatre.com/store
Hope this helps others out there.
Andrie
PS: Using ZenCart 1.3.8 with PHP 4.4.8
Andrie,
Your suggested changes to the WorldPay module takes things back several years to how this module originally worked when I first came across it. At that time no one wanted to use it because customers would not read the screen and mostly either closed their browser, or moved off elsewhere, without clicking the 'Click here to continue' button.
Also I doubt whether it provides a solution at all - consider two customers who make a purchase around the same time. How does the script you suggest hold both customers details for retreivel later? How does it distinguish between customers? These issues are exactly what sessions are all about.
I have documented the 'Loss of session' issue several times previously in this thread. Callback failure is almost invariably caused by the Zencart host server not maintaining the session. The session information is contained within the WP callback but some hosts for some reason are not able to re-establish the session. When the session is lost the core Zencart script redirects to the login page so that the customer can login and re-establish the session in that way. Worldpay, for security reasons, does not allow the callback to be re-directed. When WorldPay detects a re-direct it displays the standard WorldPay response page (which is user editable) rather than the Zencart response page.
If you have callback failure you should first contact your host and ask whether their setup maintains sessions - tell them why you are asking the question. If they cannot help - change host. All other solutions are likely to be in-elegant and require at least some element of manual intervention.
I have NEVER had a callback issue with my server. I host Zencart installations for both my own clients and on behalf of others - all using the WorldPay module 'out of the box'.
Regards,
Alan
I am totally stumped.Code:
Hello *****,
We have been through a test and looking at the logs for your site it appears that worldpay are not attempting the callback. We would suggest speaking to both the shopping cart developers and worldpay for advise on this.
Best Regards,
Support
Update to all interested in the broken callback issue.
I was personally satisfied with the workaround I previously posted for my purposes but my friend has since produced a more elegant solution that I'm extremely pleased with (and works beautifully on my site). I'm forwarding below his note to me that describes what he did. Again, I will leave my worldpay part in test mode for a day or so for others to look at if they like.
=======Notes from Steve==========
1) I am sort of understanding the ISP PHP session issue thing a bit... while the ZC settings are to store sessions in the db... this does not store the ENTIRE session in the db, ZC still stores some values in memory. PHP has the capability to allow "transient" sessions... if your browser passes in a valid session id, you can have your program "connect" you back to your current in-memory session.... In my mind, quite a serious security issue -- but none-the-less, the functionality is there. It may be the case the some ISPs disable the functionality in PHP through the runtime config.
2) That said, there is no reason why a session can't be reconstituted on the fly... if you know what the session vars&vals were before, just re instantiate them... Fortunately, there is a method in PHP to allow this to occur fairly easily. So this is what i did - knowing that transient sessions were not possible on your server.... the real effective changes meant only adding one line to worldpay.php and one line to tpl_wpcallback_default.php. I changed just one more line in tpl_wpcallback_default.php to clean up a "Continue" button issue.
In worldpay.php, I inserted the line "zen_draw_hidden_field('MC_zcsession', session_encode()) ." in the code block that write the final confirm form before sending you off to world pay.
From this:
To this:Code:$process_button_string .=
zen_draw_hidden_field('testMode', MODULE_PAYMENT_WORLDPAY_TEST_MODE) .
zen_draw_hidden_field('name', $order->customer['firstname'] . ' ' . $order->customer['lastname']) .
zen_draw_hidden_field('address', $address) .
zen_draw_hidden_field('postcode', $order->customer['postcode']) .
zen_draw_hidden_field('country', $order->customer['country']['iso_code_2']) .
zen_draw_hidden_field('tel', $order->customer['telephone']) .
zen_draw_hidden_field('myvar', 'Y') .
zen_draw_hidden_field('fax', $order->customer['fax']) .
zen_draw_hidden_field('email', $order->customer['email_address']) .
zen_draw_hidden_field('lang', $_SESSION['languages_code']) .
zen_draw_hidden_field('MC_callback', $worldpay_callback[1]);
This converts the current session vars&vals to a string, and sends them over to WP in a custom field which WP will send back in it connection back to ZC.Code:$process_button_string .=
zen_draw_hidden_field('testMode', MODULE_PAYMENT_WORLDPAY_TEST_MODE) .
zen_draw_hidden_field('name', $order->customer['firstname'] . ' ' . $order->customer['lastname']) .
zen_draw_hidden_field('address', $address) .
zen_draw_hidden_field('postcode', $order->customer['postcode']) .
zen_draw_hidden_field('country', $order->customer['country']['iso_code_2']) .
zen_draw_hidden_field('tel', $order->customer['telephone']) .
zen_draw_hidden_field('myvar', 'Y') .
zen_draw_hidden_field('fax', $order->customer['fax']) .
zen_draw_hidden_field('email', $order->customer['email_address']) .
zen_draw_hidden_field('lang', $_SESSION['languages_code']) .
zen_draw_hidden_field('MC_zcsession', session_encode()) .
zen_draw_hidden_field('MC_callback', $worldpay_callback[1]);
Then in tpl_wpcallback_default.php, I had to grab that session string, and reconstitute the session manually before additional processing by the server. My code is added before any other code in the file, right after the comment:
// get values from WorldPay response - see http://support.worldpay.com/kb/custo...ageeditor.html
Inserted code:
Now, there is a slight side effect in this fix, and that is upon WPs call back to ZC, you end up getting logged out. I suspect that this is because I am attempting to reconstitute the session AFTER the native ZC session init code runs. Since the session init code runs before my code, it results in ZC thinking that the user is not logged in... This results in odd behaviour if the user clicks "My Account" link or the "Continue" button from the confirmation page....they see "Ooops, session timed out, please log in"....Code:if(isset($_POST['MC_zcsession'])) {session_decode(str_replace('\"', '"', $_POST['MC_zcsession']));}
I resolved two issues with the Continue button on the final confirmation page... first, I converted it to a simple link, instead of a form submit -- this got rid of the "Warning:..." message given to the user since in this case they are submitting from a secure page at WP to a non-secure one on your site. The second issue was the re-login issue... to fix that, I just repointed the Continue link to the top of the store site... where you do not need to be logged in. If the user then wants to buy more, or check their account... they would have to log in again, but i would say that this will be far fewer users... and it won't seem so bad since they are now fully out of the purchase stream.
The fix for the continue link changes code from:
To:Code:<?php
echo zen_image_submit(BUTTON_IMAGE_CONTINUE, BUTTON_CONTINUE_ALT);
?>
Code:<?php
echo '<a href="' . zen_href_link('/', '', 'SSL') . '">' . zen_image_button(BUTTON_IMAGE_CONTINUE, BUTTON_CONTINUE_ALT) . '</a>';
?>
So... while this is not 100% PERFECT... it alleviates that nasty interim "Click to Continue" page....and I think is nearly perfect enough to satisfy your needs.
I am using 1.37 version php 4.4. After making the payment when worldpay redirects to my site I get this message:
Warning: Cannot modify header information - headers already sent by (output started at includes/templates/template_default/common/html_header.php:22) in /includes/functions/functions_general.php on line 44.
Although this problem has been addressed many times in this forum but no one could find a solution for it.
I have even uploaded all the templates files in a fresh manner but the same problem comes.
If in tpl_wpcallback_default I replace
if(isset($_POST['transId'])) {$transId = $_POST[transId];}
if(isset($_POST['transStatus'])) {$transStatus = $_POST[transStatus];}
if(isset($_POST['cartId'])) {$cartId = $_POST[cartId];}
if(isset($_POST['name'])) {$name = $_POST[name];}
.........
with $_GET I am taken back to my site with the following info:
Transaction cancelled: No money changed hands. Trasaction ID...etc.
To check if there was a server problem I uploaded a new Zen cart version 1.38a and the module works fine. Please help as starting with a new zen cart is not an option.
Hi
I'm pretty sure I've tried everything in this thread and i can't get callback to work. I can go through to Worldpay and pay fine but then nothing happens in zencart.
I'm using zencart 1.3 php 4.4.8
Can pm website addy.
Here's what I've tried so far:
1) I've reinstalled the module
2) I've tried to https fix suggested
3) I've tried the fix suggested by Andrie
4) I've contacted my ISP (1and1) who disclaim any knowledge of session timeout.
5) I've just installed the beta and that doesn't work either.
Obviously it's going to be something really obvious that I haven't thought of but please can anyone help? I'm only vaguely teckie so keep it relatively simple.
Thanks
Coley
Thanks to Andrie's friend Steve my worldpay module is now up and running.
There were two things we (well he!) fixed. NB: I am using the beta module.
1) In worldpay I have forgotten to set my payment response url to: https rather than http....so the correct link is:
https://<wpdisplay item="MC_callback">
This got it working fine except when I did a live purchase and was directed back to my website after payment the thank you page said 'Thank You! We Appreciate your Business!
This was NOT a live transaction - no money has changed hands.'
Which was not good as it WAS a live transaction.
That was fixed by changing this file: >includes>templates>template default>template>tpl_modules_wp_checkout_success.php
The previous code was:
if ($testMode !== 0) {echo "<h2>" . WP_TEST_HEADING . "</h2>";}
This was changed to:
if ($testMode != "0") {echo "<h2>" . WP_TEST_HEADING . "</h2>";}
Which has sorted it all out.
Many MANY thanks to Stephen.
Quote:
Originally Posted by Andrie
Send the man a large beer!
Thank-you so, so, so, so much. This has fixed my problem, that I've been working through for the last few days solid.
:clap::clap::clap::clap:
THANK-YOU!!
Well, using the beta mod and the callback fixes above, everything works perfectly on php5.2.6 when I run a test transaction, but the moment I switch to live, I get this error immediately I arrive on the Worldpay site:
As Worldpay don't man support at the weekend(!), can anyone offer suggestions as to what the problem may be?Quote:
[FONT=Verdana]Sorry, there was an error in processing this transaction:[/FONT] [FONT=Verdana]PCSAT.liveOnTest[/FONT]
[FONT=Verdana]Server information[/FONT] [FONT=Verdana]10/Aug/2008 18:10:42[/FONT] [FONT=Verdana]Server ID mg1imscs5pa[/FONT] [FONT=Verdana](WPReq-156243)[/FONT]
Just thought - the site is 1.3.7 - could that be an issue?
Hmmm
I'm a newbie to this ZenCart malarkey, but seem to be getting there slowly. Like a number of posters on this thread I have been having major problems getting the WorldPay module working, most probably because, as a newb, I've installed the bleeding edge versions of everything :blink:
Anyway, I'm running ZC 1.3.8a using MySQL 5.0.26 and PHP 5.2.3 and after failing miserably with the WP mod 0.1, I have downloaded and installed the beta (thanks Alan!).
As I'm still running in test mode and am waiting for my ISP to sort out my SSL certificate, I made the necessary changes to worldpay.php to allow http connections. The result was 302 errors when I attempted to make the payment on the WP page. BTW I've configured the WP module to use testmode 100, and am using the username 'AUTHORISED' and the WP test Visa card number 4917610000000000.
Following Andrie's post re passing session state to WP, I made the suggested mods to worldpay.php to pass MC_zcsession to WP. I then updated the wp_callback/header_php.ph file to session_decode the returned variable.
I no longer get the 302 errors and the shopper receives a success email from WorldPay and an order confirmation from ZenCart - yay! However, despite the fact that the order is successfully created in ZC, the shopper remains on the Worldpay Thank You page and does not get returned to ZC.
The website is www.portobelloroad.co.nz/store. Whilst I'm cautiously optimistic that we can go with this situation (we're hoping to go live 1/9), all suggestions as to what I can do to get the shopper back into the shop at the end of the transaction will be greatly appreciated.
Russ
Doh. Turns out the WorldPay 'Enable Shopper Response' checkbox wasn't set...
All is now rosy and testing is continuing. If I have any other issues with the Beta module and ZC 1.3.8, I'll be sure to post!
BTW, big up for Steve (Andries friend) for jumping in and checking things over! Awesome support!
Great work guys - this is v.exciting news; the sooner it can be confirmed if the WP module is working in php5 (ready for download) the better.
(If a copy of the beta was sent to us, we would be more than happy to give it a go [test and live modes] on php5.2.6)
Thanks in advance
You didn't really take your time reading this tread did you? ;)Quote:
Originally Posted by JSWeb
You find the link to beta download here http://www.zen-cart.com/forum/showpo...&postcount=325
Hi duncanad,
Is there any chance you might quote us for tweaking the worldpay module to record the worldpay transaction id , and the security response from worldpay (post code and address matched/ cvv matched). We realy require those changes. We have few websites and a lot of dodgey buyers.
Well, so far so good. All looks good so far for the Beta WP module, ZC 1.3.8 and PHP 5.2.3 (we went live today with it and have received payments OK).
The only change I'd like to make is to ensure that the shopping cart is emptied no matter what route the customer takes after getting the Success page. If the customer carries on around the shop after they have completed an order, their shopping cart doesn't appear to get emptied. Once they leave the site or go to My Account - it's cleared down OK.
All in all, a great job and it works fine for the important stuff!
Russ
I am having a problem with data passed to worldpay.
When a customer creates an account when it gets to the address field 'state' a space is being inserted into the field before a customer types in their state/county, so when this is passed through to worldpay it appears as a spurious character a square box... so the address verification is failing :(
How is this happening and how can I rectify it...
Please help, I have lost several customers now due to this...
Kind Regards
AfterHouR
http://www.allgoodideas.co.uk
[email protected]
Hi all - like a few others in this thread I am having the problem whereby there is no option to finalise the order!
The page stops at :
<form name="checkout_confirmation" action="https://select.worldpay.com/wcc/purchase" method="post" id="checkout_confirmation" onsubmit="submitonce();">
Any ideas please?
I have tried to download and install the payment module for worldpay, i can get worldpay to display in the admin payment module but if i click to install it there are no other files and wont install, what bit am i doing wrong ? can anyone advise,
Keith
Quote:
Originally Posted by drumroll
As a footnote i only get this message when i click to install !
"Fatal error: Cannot instantiate non-existent class: worldpay in /home/sites/At My Site.com/public_html/on_line_sales/admin/modules.php on line 82"
I have solved the problem with the page only half loading by updating to the PHP5 Beta worldpay code.
Now I have another problem! I can checkout and process the card - I have tried this using my own credit card on a live environment. Worldpay process the card just fine (I can see it in my Worldpay transaction list on the worldpay site).
However, Zen Cart doesn't create the order - IE: There are no orders on the system and if I log back in again as a customer the products are still showing in my shopping cart.
Any help please please please :)
Can you give me any advise on how to download this module into my zen cart ?
Regards,
Keith
Just an update : I thought it might be a session issue (as observed earlier in the thread) so I asked the following question to my hosting provider :
Do you maintain sessions? The reason I ask is that I am trying to set up my Zen Cart store to use Worldpay. The Worldpay callback is not working and it would appear to be due to the session being lost.
The answer I have received back is as follows :
Due to the clustered structure of our systems there is no single log file or session for you to use as your site is served by many servers.
Would that indicate what my problem is ?
EDIT: Forgot to mention - WOrldpay is emailling the following error code to me :
Error reported: Callback to
http://myurl.co.uk/shop/index.php?main_page=wp_callback: NOT OK, recevied HTTP
status: 302
Server Reference: mg1imspsp3:callbackFailureEmail-168796:MerchReq-850
(where myurl is my shops url)
Hi all - I have tried all of Andrie's modifications and it STILL doesn't work!!
Worldpay processes the payment correctly. A 302 callback error is generated.
THe interim "hack" page returns me back to my site but the cart is still full and there are no orders on the system!
Can anyone please please please help????
Ryk, you have probably fixed this by now but just in case....Quote:
Originally Posted by Ryk
look for 'https://select-test.worldpay.com/wcc/purchase'
in includes/modules/payment/worldpay.php
and take out the '-test' so it reads 'https://select.worldpay.com/wcc/purchase'
I hope that helps
Kind Regards
AfterHouR
Would the developer of the worldpay module please contact me as soon as possible, I have left telephone messages, emails, and tried every means. There is a security issue with the module. If anyone here would like me to demonstrate it on their server, I would be happy to do so :D
I strongly recommend not using this module even with SSL.
Thank you
Philip Clarke. (former author of modules myself, I had to re-sign up because I cannot get in contact and I am getting very irritated about this).
Hi Phillip - you have me quite worried now - we are not actively using the module as yet but are about to do so. More details would be appreciated.
We couldn't get the module to work initially due to sessions not being stored on our clustered server space but thanks to some fantastic help from Andries friend, Stephen Biro, and his "hack page" solution it seems to be working fine now.
Private message me with your server and I'll show you something. So far I've done proof of concept on two servers including one with SSL, so I'd like more testing ground.
Oh and if you are using a clustered system and you want to restore the sessions, then how did you configure zencart ? I mean you could use database session storage that would be referenced by all the clustered machines, or a common networked filesystem would store the sessions, it should only fall over if each of the cluster was individually storign the sessions in it's own file system. Sorry I haven't read this thread throughly, I used to develop modules for zen-cart was helping out someone and then found this hole in this module. I now have an outstanding orders for lip balm and 100 fine quality xmas cards, without having to pay a penny.
Hi everyone,
be careful with sending sensitive info about your store/server to anyone you don't know. ;)
That doesn't make sense, you had to re-sign up, because you couldn't get in contact... What is your previous username on the forum, so we can check you out..Quote:
Thank you
Philip Clarke. (former author of modules myself, I had to re-sign up because I cannot get in contact and I am getting very irritated about this
So far all you have done is make unfounded allegations..
If something smells fishy, it usually is... and you Sir smell of Tuna!!!
I Agree entirely, which is why I will do this as a proof of concept using my own name, address, telephone number etc... and as I understand it the site is not "live" to the public yet.
Look at the big royal mail module, I wrote the original, I then signed off from zen-cart after a dis-agreement with the developers.
Snowy2007 should now be able to confirm that on his clustered machine using all of the modifications that the bug is still valid. I have just "bought" some items without using worldpay, I have a confirmed order and his admin section will show that I have paid up fully through worldpay even though I never visited. The original guy who asked me to look at the module can also confirm, if you like AfterHours, and you haev a site set up with worldpay, I will gladly order items from it to show you.
Thank you
Philip.
My previous username was bouncingltd btw. and I have been around a lot longer than most, and I was the one that submitted the bug fix for the zencart database when the session stored variables were being truncated because the column was set to the wrong sort of blob. Now don't monkey around with something as serious as this, proof has been provided. I've been running up my phone bill trying to contact the developer Alan Duncan about this.
Thank you
Philip.
Erm.... He's only right!!!!!
He has just ordered 41 pounds worth of products. The order is sat waiting to be processed!
Not only did he not have to transact through worldpay but my worldpay account is set up for my other mals cart store at the moment (as the zen one isn't live yet)!!!!
Of course, we always check orders against the worldpay records anyway before we ship just to be safe but that's not the point!
He has been nowhere near worldpay yet the order is showing up in my cart as having been paid by Worldpay!!!!!!!!!!!!!!!!
Thank you Philip for showing me this.... now the only question I have is : What is the bloody solution???? LOL!
With all the hassle this mod causes, a switch to another payment system would seem to be the answer!Quote:
Originally Posted by snowy2007
I recommend not using worldpay at the moment. Yes I could solve the hole, yes it affects every installation asfaik. We now have SSL, non-SSL, and clustered Servers all with the problem. I have not told anyone how I've done it. The only thing is I don't know much about worldpay, seriously, I just decided to bypass their system entirely, so I would have to learn all about it.
I am physically disabled so I now have to rest very urgently. (I overproduce adrelanin because of chronic pain syndrome and I am shaking like a leaf). snowy2007 your bloody phone number gives me an answer machine all the time, check your email.
I can confirm that I have also spoken to Philip over the telephone now and the guy is genuine.
This flaw is very real. I am happy to give anyone who wants it my phone number if you want to talk to me.
Unfortunately, I will be going out at about 12-1ish and won't be back until about 7ish (GMT) - during that time though there may be sporadic occasions when I will have brief net access so I can keep popping on here.
Simon.
AfterHour should shortly confirm that I have bought £400 odd worth of goods without going through worldpay and that it shows up as having been paid.
I really have to rest.
I can confirm this is a very serious threat that does exist... Philip is on the level and can be trusted in what he says..
I would suggest if you are using this module, that you check every transaction in your worldpay dashboard with a fine toothcomb or you disable this script until a fix is found.
I have checked via admin and nothing looks untoward in the users activity logs, so I could have easily lost over £430 if I ws not aware of this..
Thank you Philip..
I hope you are better soon.
Kind Regards
AfterHouR
I just cannot keep still over this and this is going to hurt later, but I have to thank the people that allowed me to demo this security hole.
Just to confirm, the people that have helped me only gave me their website address. No other information is needed to put orders through. I agree with AfterHour, that every transaction must be confirmed manually by logging onto worldpay, or take the module out completly, and I mean remove every trace of it, because database access is NOT needed to do this. If the developer could get in contact we might have an idea of how many people have shops with this module and how many we have to inform.
Philip.
I was very doubtful of Philip to start with but it was unfounded, he has been more than helpful to his own detriment..
I can confirm all that is needed is your website address, nothing else...
I agree with Philp that this is a critical issue...
Moderators please take action!!! this needs to be highlighted before people are defrauded.....
RegardS
AfterHouR
Couldn't agree more - I'm just glad our zen store is still in beta. Thanks again to Philip to taking the time to test and highlight this hole!!!!
I am back up for a short while at least. It gets complex and a long winded explanation but I am quite damaged just by missing my routine a bit to keep up with you guys.
there is a litle bit about my condition and type of people (some call us sufferers but I hat negative connotations) here:
http://cgi.ebay.co.uk/ws/eBayISAPI.d...m=370083525316
and it's quite a good story.
Snowy2007 & AfterHour have been great but I'm going to give you to a spanking in your personal mailboxes later.
Right, the developer has contacted me, he is not best pleased. This I can understand since I punched a hole not only through his module, but also through his SSL server and one of his clients got caught in the fallout. (Lucky though that they've had a discussion about it, otherwise I'd have 100 very expensive Xmas cards arriving by special delivery). Alan Duncan has a beta version of worldpay, it requires slightly different configuration if it is to be used on a live server within world pay.
There are ethical issues involved in posting things like this. but a) I had no luck contacting Mr Duncan and had good reason to believe that he ws not responding to emails, nor would he believe me unless I proved it on his own server. b) If I found it, and with Xmas coming up, then it's probably best that people are re-checking their transactions and not just trusting the module implicitly.
I have no access to worldpay, I found this because someone asked me to have a look at it. I have the skills to fix it, but I'd need to research worldpay a bit more and it may be that Mr Duncan can do it. I apologise if I am rude, abrasive, defensive, etc... that would be the medication and disability. I was however arrogant beforehand. I once got "moderated" for asking for money to modify a module that I had created, so I'm not really sure if I'll fix this one personally. I will need some help to do this, I have my own server but I do not have as mentioned a worldpay account. I'd love to hold down a job, but I'm a little erratic in the hours I am awake. You could read between the lines, but I'll point out the bleeding obvious, I'm so clever I can hack the module and place orders without credit card details or access to worldpay, there are other clever people out there, and they would be ordering form your websites without paying, and they could also do something else, almost guaranteed to get you guys to send the goods out.
Philip.
Good News, a couple hours ago DrByte disabled the worldpay download until someone can sort this out, I always liked him/her (you can't tell my wife's a Dr).
Well I for one don't know where to go from here, any suggestions ? Wife Swap's on the telly soon. Also Master & Commander on the far side of the world, which I think was a cracking film, I have a suspicion I may just be waiting for someone, maybe the developer to come online and tell me when he's ready to test the system out.
Philip.
well done mr clarke for exposing this flaw , I have a few clients running this mod who I am sure will be more than happy to pay for you or original author to fix this hole. I have always taken on board that any mod provided for free , is provided as is and with no warranty , and when I have needed something special , I have had it written and payed for it knowing that I am getting value for money and some backup if it does not work.
I am of the belief that the worldpay/zen community is quite large as they make it easy to get an account with them. I have no idea how to contact them all ! prehaps the mods can post up a thread and drop an admin -email to all users of Zen regardless.
I maybe on my own here , but philip , I say open up the bidding , and make the module a Pro / pay version ! ( P.S get some rest !!! )
that daisy may collection is a really customisation of zen cart, if it had a world pay module, I would certainly be buying ! Ssssh, I can't pimp for payment, I got moderated the last time, search for Ferrari 456 in the royal mail thread it should be below there somewhere. Anyone got a spare Mercedes ML class going ?
lol , yeah , I am keeping my worldpay sites hidden for the time being ! although if one of my clients doesn't pay up soon , we might need to chat !!! :-)
again personally don't see anything wrong wanting paying , zen cart team have decided to make it open source , some of us have to make a living by providing a service!
sorry cant quite stretch to a merc ! how about a sherbert dibdab ?
Alan Duncan is doing some sterling work, pushing forward the development of a beta to stop the hole, The initial results are very promising. I had an AMG S55 it was a great car but I;m sensitive to vibration and it didn't help, so I was thinking of an ML class older 4x4 with those big bouncy tyres might help. I'm basically stuck in Pinner and a 3 miles radius unless I want to spend a couple of days walking around in circles swearing, ahh ahh my legs (or other bits you really don't want to know about Complex Referred Pain Syndrome).
Now here's an idea (might have been suggested before I haven't been around here for a long time), there's going to be a lot of people that don't know about this security hole, Zencart has that little update/ check version button. How about a module that sits in zen cart and has a register of all additional modules, so that if one is updated, it goes "ping", and if there is a security issue it goes "ping ping". Shouldn't be difficult, zen cart write some module guidelines about versioning, they host the things anyway, quick post to the server every day to compare version numbers of installed modules and bob's your uncle, safety for everyone. (well at least if the people don't ignore the annoying pinging). That module would be "free" since it would be a zencart incorporated thing.
I might get round to learning how world pay works this weekend, Alan may be repairing the module, but I may have a think about some aspects of the design. I have noted someone's comments above about see if the worldpay address details differ. At the moment there is no storage of what worldpay sends back as a confirmed credit card address, so I'm pretty sure that when I "hacked" (I hate that word, I am trying to help) someone's site this morning to demonstrate the concept, I used the address snow-white.
Thanks
Philip.