Originally Posted by
RickyDicky
...but when the customer then goes to pay again and enters correct details their account is charged and instead of returning to the checkout success page they are directed to the session expired/log in timeout page.
Are they *really* only hitting the checkout_process page 2 times? Or is the system (including any background things the paystation module is doing) actually triggering more than 3 hits to the page?
There's a credit-card-slamming protection in checkout which logs the customer out if they've failed payment more than 3 times.
(And ya, hackers love it when I divulge this tasty fact publicly like this so they can find ways to exploit it.)
Try changing the 3 to 10 in this line (around line 38 likely) in /includes/modules/checkout_process.php:
Code:
if ($_SESSION['payment_attempt'] > 3) {
Bookmarks