We have run into s strange issue with PayPal PayFlow Pro (US).
We have run a very successful store for over a decade on Zen Cart. We were recently alerted to the fact that we were getting an Approved response from PayPal on some orders that actually were flagged as duplicates by them in their system, so we were never paid. Luckily there were only a dozen or so in the last 10 years.
The orders that were declined had the same PayPal txn_id as the previous approved order. The orders had a timestamp within the same second (2021-03-22 06:22:19 vs 2021-03-22 06:22:21 for instance). They had completely different INVNUM and AMT fields (the fields PayPal says it compares to identify duplicates).
We sent the transaction logs to PayPal and their engineers came back with this: "ZenCart is producing the same REQUEST_ID sent in both payment requests... This will effectively invoke the exact same response.
Under these circumstances, this is not a PayPal bug and we would advise that your developer contact ZenCart with the information provided. Effectively, each REQUEST_ID (that they and/or your developer generate, not PayPal), need to be unique ".
Aside from the fact that the internal response and the message we got via API (Declined as Duplicate vs Approved) seems to be a bug to me, I looked and there does seem to be an issue of setting a unique REQUEST_ID in Zen Cart.
The is REQUEST_ID set in paypal_curl.php by invoking time().
if ($this->_mode == 'payflow') {
$values['REQUEST_ID'] = time();
}
Could that be modified to
if ($this->_mode == 'payflow') {
$values['REQUEST_ID'] = time()."-".mt_rand(100, 999);
}
to add a random 3 digits to make this more unique?
Any thoughts would be appreciated.
Bookmarks