sterling work Jon and Philip, good to know that we have chaps like you around who can persevere with this sort of stuff and come up trumps :bigups:
Printable View
sterling work Jon and Philip, good to know that we have chaps like you around who can persevere with this sort of stuff and come up trumps :bigups:
Hi,
I'm having the same 302 problem as others. I could really use some help as a php5 upgrade brought down my payment system. It's not a high volume site but still...
WorldPay Java HTTP Request Object is attempting to acces and comes back with the 302, resulting in an error and failure of callback. I'd love some help. I just did a clean install of the module, applying Phil's new worldpay.php.
I tried to have a look in the database for oddities in the session table but didn't really know what to look for.
I'm not using ssl, btw.
Regards,
Niklas
Now have you installed the new callback password ?
In fact PM me and I'll have a look.
I am exceptionally unwell at the moment though, so be quick while I am still up.
Thanks to Philip for helping me out.
Turned out that WorldPay was not submitting the password. I tried entering the password into the test environment (as well as the production evironment) and suddenly everything worked. Very peculiar.
Yes that WP-thing is quite stupid in that way.
You can not change config in test environment, and you can not log in and then go to production to change this.
You have to log in to production first, change config there - and then enter test environment ... :)
Maybe I should clarify, in case someone else runs into a similar problem. the site has been live for a good year now. When I added the password to the production environment, I thought that was enough. It turned out, however, that I needed to add it to test environment as well.
Niklas
That sounds strange, and it's not what WP support told last time I had contact with them. But maybe they has changed it after that, since it was so stupid. :)Quote:
Originally Posted by niklasalbin
Good Evening/ Morning.
We now have a release of "secure" (depends on the person installing really) code, all in one zip file available from
http://########################.co.uk/WorldPay_ZC1.3.x_v1.01.zip
Install Instructions - unzip the file, copy the docs section into your shop. then go to http://YOUR_SHOP/docs/worldpay and they'll be more exact instructions. DO NOT COPY includes over until you have read the documentation.
Changes.
This is what I call an interim version. It is a compilation of the beta version and security fix Alan Duncan created and finished. It is then my improvements, a restructuring of the documentation so that it does not overwrite ZenCart's own documentation and licence and has one new feature plus some hooks for some others. It also features automatic SSL detection so no editing by hand of files should be required.
The new feature is Debug mode, where the server can email out whatever the WorldPay server is sending back to the shop. Never post a debug email to a forum, this is a fully written up feature that I've been using to help other people with their installations (I used to provide them with a substitute file that did much the same thing) and has proved essential to check that WorldPay is
- communicating with the shop and
- that it's sending the right passwords and MD5 (hence why you don't post this to a forum as everyone would know your password)
The reason I call it an interim version, is that in the next version people upgrading will not have to re-write their passwords and MD5 strings.
In the history of this module, with every upgrade the administrator has had to re-enter their details, plus I do not like the way that the passwords are on display to anyone walking past a desk.
There is a new feature at the moment, where if you have any files left over from the previous versions with possible security exploits; then the system will tell you so that you can delete them. During installation the module will try and get rid of them itself, but may not have the correct permissions, so it'll then annoy you to remove them.
Version 2.0 will perform a proper "upgrade" rather than re-install, version 2.0 will also analyse the server to see if there is anything likely to cause problems, and finally version 2.0 will fork into a version available here, and a SBD (Secure By Default) version to be hosted on my website. The code will be similar and also GPL, but whereas ZenCart's philosophy is to let the user choose, so the "normal module" will allow empty passwords or MD5 strings, the SBD module will disable itself until passwords and security features are filled in. From a database point of view, the normal version when upgrading will be the same as previous modules, so if the shop owner is running without passwords, so be it. If the SBD version is installed it will not "activate" until it is secure (thereby taking away choice in the interests of security).
From Version 2.0 a new thread will be started and this one will close. The security exploits and session problems of the past have been solved and it would be better if new users didn't have to search through 44 pages of irrelevant information to get some help or even file a new bug report.
Thank you
Philip.
Already a couple of bug fixes, all credit to Carl, one in the documentation where I forgot some people would be getting error messages because I forgot to set a variable. AND a more important one where the module now correctly generates a DECLINE response at worldpay but filling in the cardholders name as REFUSED.
This version is available from
http://########################.co.uk/WorldPay_ZC1.3.x_v1.02.zip
and probably goes to show the importance of having a warning system when the module is out of date. ASFAIK the REFUSAL mechanism of this version may not work because I haven't tested it !
My concern has been to get Authorised transactions and callbacks working securely, so there may still be bugs in the system if someone's card is declined.
Thank you
Philip.
p.s. It also shows the need for a new thread Carl mentioned pages and pages ago that worldpay had changed it's decline mechanism and I have not read that far back into the thread and I am now responsible for the project !