NMI payment module broken after installing hack-protection suggestion

[GreenGecko]

https://www.zen-cart.com/tutorials/i...hp?article=320
This patch breaks the NMI payment module on 1.3.8a.

I spent hours chasing this down and then confirmed that the patch was the problem.

Just letting others be warned and maybe saving them time.

[DrByte]

This patch breaks the NMI payment module on 1.3.8a.

"breaks" is an EXTREMELY general statement.
Perhaps you can elaborate more.

[GreenGecko]

When I applied this patch, at the finial confirmation of purchase,
NMI would receive all information (confirmed) but the the redirect within the shopping cart would produce a blank page (no source code at all).
However in the browser address bar would be the accepted, rejected return with + sings between each word.

How I traced the down was doing a clean fresh install of 1.3.8a and stated adding in any changes to the clients site one at a time. This patch was the one.

[DrByte]

When I applied this patch, at the finial confirmation of purchase,
NMI would receive all information (confirmed) but the the redirect within the shopping cart would produce a blank page (no source code at all).
However in the browser address bar would be the accepted, rejected return with + sings between each word.

That's the important information. It's always best to include the actual problem you're trying to solve when asking for help, rather than only talking about the solution end.

You have 2 options for fixing your situation:
1. Remove that patch and suffer the consequences described in the intro text posted with the patch.
2. Edit the outdated payment module to have it use the $messageStack for passing messages instead of passing them on the URL:
line 120, change:

Code:

      if ( ($result == false) || ($result < 1) ) {
        $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&gateway_services_cc_cc_owner=' . urlencode($_POST['gateway_services_cc_cc_owner']) . '&gateway_services_cc_cc_expires_month=' . $_POST['gateway_services_cc_cc_expires_month'] . '&gateway_services_cc_cc_expires_year=' . $_POST['gateway_services_cc_cc_expires_year'] . '&gateway_services_cc_cc_csc=' . $_POST['gateway_services_cc_cc_csc'];

        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));
      }

to this:

Code:

      if ( ($result == false) || ($result < 1) ) {
        global $messageStack;
        $messageStack->add_session('checkout_payment', $error . '<!-- ['.$this->code.'] -->', 'error');
        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
      }

and line 228, change this:

Code:

    function before_process() {
      if ($_GET['response'] == '1') return;
      if ($_GET['response'] == '2') {
        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_GATEWAY_SERVICES_CC_TEXT_DECLINED_MESSAGE), 'SSL', true, false));
      }
      // Code 3 is an error - but anything else is an error too (IMHO)
        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_GATEWAY_SERVICES_CC_TEXT_ERROR_MESSAGE), 'SSL', true, false));
    }

to this:

Code:

    function before_process() {
      if ($_GET['response'] == '1') return;
      global $messageStack;
      if ($_GET['response'] == '2') {
        $messageStack->add_session('checkout_payment', MODULE_PAYMENT_GATEWAY_SERVICES_CC_TEXT_DECLINED_MESSAGE, 'error');
        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
      }
      // Code 3 is an error - but anything else is an error too (IMHO)
        $messageStack->add_session('checkout_payment', MODULE_PAYMENT_GATEWAY_SERVICES_CC_TEXT_ERROR_MESSAGE, 'error');
        zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
    }

[GreenGecko]

Thank you DrByte for your fix for the "outdated" NMI module to be compatible with the afore mentioned patch.

I wonder if altering their code would violate any agreements with NMI?

I will apply your fix and then add the patch back in once I talk to NMI and resolve another issue I'm having.

Free shipping coupons and restricting them to only one shipping method.
I found a relevant post and I'm working on a solution.
But I'm getting the opposite results than expected.

Should this be dealt with in that post or this one?

[DrByte]

I wonder if altering their code would violate any agreements with NMI?

Not if you're using the one hosted in our Free Addons area, since everything there is released and licensed under GPL.

... once I talk to NMI and resolve another issue I'm having.

Free shipping coupons and restricting them to only one shipping method.
I found a relevant post and I'm working on a solution.
But I'm getting the opposite results than expected.

Should this be dealt with in that post or this one?

It doesn't sound like that issue is a problem with the NMI module, so should be dealt with separately.

[silvalex]

I have the same problem. The code changes suggested didnt help. Any other ideas?