National Australia Bank Internet Merchant Options

[i2ts]

Thanks - and yes, we got a new SSL cert as part of the move.

Sounds like the Geotrust SSL cert could be the way to go.

The site where NAB Transact is working is https://www.cablesafe.com.au/onlines...ain_page=login and it use QuickSSL® Premium certificate.

A disclaimer note, All the information provided in my last post is based on empirical evidence. I don't have any acknowledgement/confirmation from NAB Transact. So if it's still not working after GeoTrust cert please don't blame me.

[delia]

This is the profile of the person I used to fix my NAB Module to work with PHP5.3
https://www.odesk.com/users/~01c7d38f4706d745c0

Hopefully that link brings up his profile. I can't remember exactly what I paid but I think it was around $70?? I paid $10.50 per hour.

babyvegas, in the spirit of open source, it would really be nice if you supplied us with the changed mod. I would be glad to package it up and put it up in the plugins section if it truly is the fix that everyone is starting to need. It sounds like the higher version of php is part of this problem. It certainly isn't the brand of secure certificate. PM me if you are interested in helping out others. I think that it's possible you may even get reimbursed for what you paid to get it done.

[i2ts]

It's time to post to full low-down on what's causing the orders not to be created in zen cart when NAB Transact module is being used.

I will state this upfront. This issue has nothing to do with the NAB Transact module, rather I think it's due to a bug/issue at NAB Transact end.

Bit of background

• NAB Transact payment gateway allows the shopping cart to nominate a URL which will be called when the payment is successful.
• This URL is referred to as reply_link_url. The NAB Transact module instructs NAB Transact to call yourwebsite/index.php?main_page=checkout_process.... once the payment is complete (I.e. this is the reply_link_url)
• When the customer successfully completes the payment NAB Transact gateway calls this URL and pass the payment results
• This is a server-to-server call and doesn't rely on browser redirect
• When this URL called zen cart creates the order. If the URL is not called or zen cart didn't recognise the URL being called the order won't be created
• Originally zen cart didn't care if this URL is protected by SSL cert or not. So I wrote the module to use http://yourwebsite/index.php?main_page=checkout_process... as reply_link_url

The problem

• I don't know which version but at a certain version a change was made in zen cart to ignore the calls the http://yourwebsite/index.php?main_page=checkout_process. It had to be https://yourwebsite/index.php?main_page=checkout_process
• The specific piece of code which does this is line 53 of the /includes/init_includes/init_sessions.php (in zen cart version 1.50)
• PHP Code:

  } elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {[*] 

  ('($request_type == 'SSL')' is the offender)
• This is when the original problem of orders not being created started. Because the module was asking NAB Transact to call http://yourwebsite/index.php?main_page=checkout_process but zen cart was ignoring the call because it's http and not secure https
• So I suggested (with some other forum users contribution as well) http://www.zen-cart.com/showthread.p...98#post1174898 so the module will instruct NAB Transact to call https://yourwebsite/index.php?main_page=checkout_process
• This fixed the problem for some websites but not all others. When the websites are using certain brand of SSL certificate the cart was successfully creating the orders but sites using certain brand of SSL certs were not creating the orders.
• Browsing the web server logs revealed a the sites where the orders are not being created are not receiving the call back from NAB Transact. This is may be due to an issue at NAB transact end, where NAB Transact may not be supporting SSL certs issued by all Certificate Authorities.

The summary

• zen cart ignores the call back to NON SSL URL since that would run the risk of fraud
• NAB Transact has issues calling the URL protected by certain SSL certs
• This is a catch 22 situation

The solution(s)
Ideally, NAB Transact must fix the problem at their end and support all SSL certificates. I won't hold my breath of NAB Transact fixing this any time soon.

or

I have seen NAB Transact work with GeoTrust certificate in couple of sites. So buy and install a GeoTrust certificate.

or

Modify line 53 of the /includes/init_includes/init_sessions.php to support no SSL calls.
Change the line to

PHP Code:

} elseif (/* ($request_type == 'SSL') &&*/ isset($_GET[zen_session_name()]) ) { 


But I will STRONGLY recommend against this. You are making the changes to the cart itself (not NAB Transact module). As such if you update/upgrade the cart the change will be lost.

Please note, if you are going with the 3rd solution (i.e Modify line 53 of the /includes/init_includes/init_sessions.php) you also have to make sure NAB Transact module tells NAB Transact to call non-SSL callback URL.

This is done by changing

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string,  'SSL' ); 


to

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string, 'NONSSL'); 


Again, I strongly recommend against this.

[i2ts]

Please note, if you are going with the 3rd solution (i.e Modify line 53 of the /includes/init_includes/init_sessions.php) you also have to make sure NAB Transact module tells NAB Transact to call non-SSL callback URL.

This is done by changing

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string,  'SSL' ); 


to

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string, 'NONSSL'); 


[ginar]

I am still having this issue and have tried all the fixes. Things work smoothly then they go *** up.

I installed a RapidSSL Certificate (Geotrust) in September 2013. It appears to be a hit or miss issue with nab and the last order that shows in admin with payment through nab is 3 October 2013, all other orders have gone through paypal and the order is being generated in admin. Nothing has been done to the website, no other mods added, and today I got a payment notification email from nab but the order was not generated in admin.

I went ordering and same thing happened to me... went through to nab, but the order was not generated. I went and checked the files:
nab_transact_hpp.php:
$gateway_vars = Array();

$gateway_vars['vendor_name'] = MODULE_PAYMENT_NAB_TRANSACT_HPP_CLIENT_ID;
$gateway_vars['print_zero_qty'] = 'false';
$gateway_vars['receipt_address'] = $order->customer['email_address'];
$gateway_vars['payment_reference'] = $_SESSION['nt_hpp_payment_reference'];
$gateway_vars['return_link_url'] = zen_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL', true);
$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string, 'SSL' );

and

init_sessions.php
if (isset($_POST[zen_session_name()])) {
zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
zen_session_id($_GET[zen_session_name()]);

I tried } elseif ( ($request_type == 'SSL') &&*/ isset($_GET[zen_session_name()]) ) { but the */ took the website offline.

I don't know what else to do.
In configure.php
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');

Is there anything else I can try to stop this happening. It has happened before and the files were tweaked with the mentioned changes at that time to get it working again.

[i2ts]

The line in init_sessions.php must be

PHP Code:

elseif ( /*($request_type == 'SSL') &&*/ isset($_GET[zen_session_name()]) ) { 


You have missed the opening /*

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string, 'SSL'); 


must be changed to

PHP Code:

$gateway_vars['reply_link_url'] = zen_href_link(FILENAME_CHECKOUT_PROCESS, $query_string, 'NONSSL'); 


If you make these changes correctly you don't have to do anything to configure.php

PM me if you need help with these changes

[aussiesapphire]

Hello,

I currently run the NAB Transact mod on our website and have had to make those changes to get it working correctly. However, in the last week, NAB have advised a change to the system so wondering if this mod will still work after the change.

From the NAB Transact website:

At 3pm on Thursday 5 March, we're upgrading NAB Transact to only support TLS (Transport Layer Security) 1.0 (or higher) across all API (Application programming interface) connections and websites. This includes all web-based interfaces such as Direct Post and Pay by Web, and internet browsers connected to a NAB Transact login.

SSL (Secure Sockets Layer) 3.0 will no longer be used.

This upgrade will enhance security on NAB Transact.

Not a coder so really have no clue whether this upgrade will break credit card payments on my site. Would appreciate some advice on this.

cheers
Leah

[i2ts]

As the payment module uses the payment page hosted by NAB Transact itself this security update shouldn't affect the module.

Only possible issue you might face is customers who are using older version of the browsers (E.g. Internet Explorer 6) will not be able to get to the payment page.

Either way, I will strongly recommend all websites using the NAB Transact module to go through your shopping cart as a customer would after NAB Transact completes this update (I.e. after 3pm on Thursday 5 March) and see if you could get to the NAB Transact payment page without any issues.

[aussiesapphire]

As the payment module uses the payment page hosted by NAB Transact itself this security update shouldn't affect the module.

Only possible issue you might face is customers who are using older version of the browsers (E.g. Internet Explorer 6) will not be able to get to the payment page.

Either way, I will strongly recommend all websites using the NAB Transact module to go through your shopping cart as a customer would after NAB Transact completes this update (I.e. after 3pm on Thursday 5 March) and see if you could get to the NAB Transact payment page without any issues.

Thanks i2ts.

I was hoping that was the case but will definitely do a test order after the upgrade.

Had not thought of older browsers but it is another reason to encourage some customers to upgrade. Our demographic has a reasonably large proportion of older people who are not highly tech savvy so there may be some using older systems out there.

thanks.
Leah

[delia]

I think the answer is no. I looked at the code and what I have does not specify any ssl version. I believe I'm right that the module doesn't require an SSl cert on your own website? That is where the problem would be. Of course check afterwards but I don't think you have anything to worry about.