Results 1 to 10 of 10
  1. #1
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Duplicate transactions authorize.net AIM

    Client running the following environment:
    HTML Code:
    Server OS: Linux 3.12.52-20160119.106.ELK6.x86_64    	Database: MySQL 5.5.42-37.1-log
    HTTP Server: Apache
    PHP Version: 5.2.17 (Zend: 2.2.0)
    The client is reporting occasional duplicate transactions using Authorize.net. I have debug on and can provide the transaction logs which were written 18 seconds apart. Here is a redacted log from the server.
    Code:
    [08/Aug/2016:05:50:29 -0600] "GET /includes/templates/cmt/buttons/english/button_change_address.gif HTTP/1.1" 200 900 "https://www.domain.com/index.php?main_page=checkout_shipping" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:29 -0600] "GET /includes/templates/cmt/buttons/english/button_continue_checkout.gif HTTP/1.1" 200 2197 "https://www.domain.com/index.php?main_page=checkout_shipping" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:38 -0600] "POST /index.php?main_page=checkout_shipping HTTP/1.1" 302 863 "https://www.domain.com/index.php?main_page=checkout_shipping" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:40 -0600] "GET /index.php?main_page=checkout_payment HTTP/1.1" 200 12522 "https://www.domain.com/index.php?main_page=checkout_shipping" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:40 -0600] "GET /includes/templates/cmt/images/icons/cc1.gif HTTP/1.1" 200 1061 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:40 -0600] "GET /includes/templates/cmt/images/icons/cc2.gif HTTP/1.1" 200 1253 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:50:40 -0600] "GET /includes/templates/cmt/images/icons/cc5.gif HTTP/1.1" 200 1509 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:51:55 -0600] "POST /index.php?main_page=checkout_confirmation HTTP/1.1" 302 1297 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:51:56 -0600] "GET /index.php?main_page=checkout_payment HTTP/1.1" 200 12505 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:51:56 -0600] "GET /includes/templates/cmt/images/icons/error.gif HTTP/1.1" 200 916 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:52:23 -0600] "-" 408 193 "-" "-"
     [08/Aug/2016:05:52:23 -0600] "POST /index.php?main_page=checkout_confirmation HTTP/1.1" 200 11767 "https://www.domain.com/index.php?main_page=checkout_payment" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:52:24 -0600] "GET /includes/templates/cmt/buttons/english/small_edit.gif HTTP/1.1" 200 740 "https://www.domain.com/index.php?main_page=checkout_confirmation" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:52:24 -0600] "GET /includes/templates/cmt/buttons/english/button_confirm_order.gif HTTP/1.1" 200 1973 "https://www.domain.com/index.php?main_page=checkout_confirmation" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:52:29 -0600] "POST /index.php?main_page=checkout_process HTTP/1.1" 302 167 "https://www.domain.com/index.php?main_page=checkout_confirmation" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:52:47 -0600] "POST /index.php?main_page=checkout_process HTTP/1.1" 302 1244 "https://www.domain.com/index.php?main_page=checkout_confirmation" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:53:08 -0600] "GET /index.php?main_page=checkout_success&zenid=removed HTTP/1.1" 200 10858 "https://www.domain.com/index.php?main_page=checkout_confirmation" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:53:09 -0600] "GET /includes/templates/cmt/buttons/english/button_logoff.gif HTTP/1.1" 200 1476 "https://www.domain.com/index.php?main_page=checkout_success&zenid=removed " "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:53:09 -0600] "GET /includes/templates/cmt/buttons/english/button_update.gif HTTP/1.1" 200 1476 "https://www.domain.com/index.php?main_page=checkout_success&zenid=removed " "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
     [08/Aug/2016:05:53:43 -0600] "-" 408 193 "-" "-"
    Any thoughts?

  2. #2
    Join Date
    Jan 2004
    Posts
    66,392
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: Duplicate transactions authorize.net AIM

    "POST main_page=checkout_shipping" 302 863 "main_page=checkout_shipping" "GET main_page=checkout_payment" 200 12522 "main_page=checkout_shipping"
    "POST main_page=checkout_confirmation" 302 1297 "main_page=checkout_payment"
    "GET main_page=checkout_payment" 200 12505 "main_page=checkout_payment"
    "POST main_page=checkout_confirmation" 200 11767 "main_page=checkout_payment"
    "POST main_page=checkout_process" 302 167 "main_page=checkout_confirmation"
    "POST main_page=checkout_process" 302 1244 "main_page=checkout_confirmation"
    "GET main_page=checkout_success&zenid=removed" 200 10858 "main_page=checkout_confirmation"
    The two hits to checkout_process are triggered by an action on checkout_confirmation. And the 99% likely cause of that is the customer clicking the Submit button a 2nd time, presumably because it seemed to not be completing.

    The default ZC template disables the checkout_confirmation submit button upon clicking it, but some addon templates/javascript break that and thus allow the user to click submit multiple times thus triggering multiple payments.


    I recommend both of the following:
    a) fix the disable-submit-button-on-click (or rewrite it to work with your custom template)
    b) given that you said this site is using the old v1.5.1 version it might be encountering timeouts with Authorize.net's conversion to new server systems. They'd initially said the rollout wouldn't require changing the URL, but then changed their mind about the rollout schedule, so maybe your old site is having delays processing payments because it's using the old URL. You can change it as shown here: https://github.com/zencart/zencart/pull/997/files
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: Duplicate transactions authorize.net AIM

    Quote Originally Posted by DrByte View Post
    The two hits to checkout_process are triggered by an action on checkout_confirmation. And the 99% likely cause of that is the customer clicking the Submit button a 2nd time, presumably because it seemed to not be completing.

    The default ZC template disables the checkout_confirmation submit button upon clicking it, but some addon templates/javascript break that and thus allow the user to click submit multiple times thus triggering multiple payments.
    This site is using an unmodified checkout_confirmation_default.php from the template_default shipped with 1.5.1. It contains the onsubmit="submitonce();" and that is in the javascript in modules/pages/checkout_confirmation. It looks like the timeout is set to 4 seconds. Is there any downside to setting it to something higher like 20 seconds? I suspect that the reason this is such an intermittent problem is that there are performance issues on this hosting account.


    Quote Originally Posted by DrByte View Post
    I recommend both of the following:
    a) fix the disable-submit-button-on-click (or rewrite it to work with your custom template)
    b) given that you said this site is using the old v1.5.1 version it might be encountering timeouts with Authorize.net's conversion to new server systems. They'd initially said the rollout wouldn't require changing the URL, but then changed their mind about the rollout schedule, so maybe your old site is having delays processing payments because it's using the old URL. You can change it as shown here: https://github.com/zencart/zencart/pull/997/files
    The url was already changed but I did notice a big difference in the line numbers. I'm assuming what you pointed me to was the source for 1.5.5 and that accounts for the difference. Anything about that I should worry about?

  4. #4
    Join Date
    Jul 2012
    Posts
    16,770
    Plugin Contributions
    17

    Default Re: Duplicate transactions authorize.net AIM

    I'm not chiming in on the worry or not part at this point, but the fact that the latest ZC version reportedly works in an environment such as this, any such worry could be resolved by upgrading the site with the added suggestion to then upgrade the php version after the software/database upgrade.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  5. #5
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,758
    Plugin Contributions
    89

    Default Re: Duplicate transactions authorize.net AIM

    I came across a couple of issues with a.net/AIM's handling in ZC 1.5.5a on my way to "One-Page Checkout". One, for instance, is that there's an incorrect jQuery selector in the checkout_payment page, so the form could be submitted twice since the submit-button's not disabled on-click.

    Remember, too, that the "accepts card data on-site" handling for a.net/AIM was introduced in Zen Cart 1.5.4. A "properly working" a.net/AIM transaction never "sees" the checkout_confirmation page; the confirmation is handled by the in-page (on checkout_payment) AJAX confirmation.

  6. #6
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: Duplicate transactions authorize.net AIM

    Quote Originally Posted by mc12345678 View Post
    I'm not chiming in on the worry or not part at this point, but the fact that the latest ZC version reportedly works in an environment such as this, any such worry could be resolved by upgrading the site with the added suggestion to then upgrade the php version after the software/database upgrade.
    Yup I know it's back level but it's not my website. I just fix it when it breaks. If this is a problem with a lousy hosting account upgrading to 1.5.5a might not solve the problem and an upgrade to php 7 might not be possible.

  7. #7
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: Duplicate transactions authorize.net AIM

    Quote Originally Posted by lat9 View Post
    I came across a couple of issues with a.net/AIM's handling in ZC 1.5.5a on my way to "One-Page Checkout". One, for instance, is that there's an incorrect jQuery selector in the checkout_payment page, so the form could be submitted twice since the submit-button's not disabled on-click.

    Remember, too, that the "accepts card data on-site" handling for a.net/AIM was introduced in Zen Cart 1.5.4. A "properly working" a.net/AIM transaction never "sees" the checkout_confirmation page; the confirmation is handled by the in-page (on checkout_payment) AJAX confirmation.
    Thanks I'll keep that in mind on newer builds. Since 1.5.1 keys on btn_submit that shouldn't be an issue here. I changed the timing to 20 seconds and it seems to be working fine on the site so far. I'll update after it's run for a while with the results.

  8. #8
    Join Date
    Jul 2012
    Posts
    16,770
    Plugin Contributions
    17

    Default Re: Duplicate transactions authorize.net AIM

    Quote Originally Posted by badarac View Post
    Yup I know it's back level but it's not my website. I just fix it when it breaks. If this is a problem with a lousy hosting account upgrading to 1.5.5a might not solve the problem and an upgrade to php 7 might not be possible.
    Understood. Was thinking even 5.5 or 5.6 for php version. Better than 5.2. :)
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  9. #9
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: Duplicate transactions authorize.net AIM

    Quote Originally Posted by mc12345678 View Post
    Understood. Was thinking even 5.5 or 5.6 for php version. Better than 5.2. :)
    Agreed. I'm surprised the hosting company hasn't pushed them to go to a higher level but...

  10. #10
    Join Date
    Jan 2004
    Posts
    66,392
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: Duplicate transactions authorize.net AIM

    It's usually better to upgrade "now" while it's not being "forced upon them" due to a sudden unannounced PHP change, etc.


    Glad you found a workaround to your immediate presenting problem.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. v154 Sudden duplicate authorize.net transactions? (Single order, double CC charges)
    By Patrick Vincent in forum General Questions
    Replies: 15
    Last Post: 17 Jun 2016, 03:23 PM
  2. Authorize.Net AIM (Duplicate Transaction Issue) v1.3.8
    By spry in forum Addon Payment Modules
    Replies: 3
    Last Post: 24 Oct 2011, 07:50 PM
  3. Duplicate orders with Authorize.net AIM
    By wk4hm in forum Built-in Shipping and Payment Modules
    Replies: 4
    Last Post: 23 Dec 2010, 10:37 PM
  4. Duplicate Orders Authorize.net AIM
    By jmcdog in forum Built-in Shipping and Payment Modules
    Replies: 8
    Last Post: 10 Aug 2007, 02:40 PM
  5. Authorize.net AIM Module does not process transactions
    By quixotica in forum Built-in Shipping and Payment Modules
    Replies: 12
    Last Post: 24 Dec 2006, 08:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR