WorldPay Module version 2.0 - Support thread

[Bigenuf]

I think this discussion just closed.

[petelutonuk]

Oh dear, Oh dear. This kind of result proves my question about whether Zencart or any open source software is a good idea. If people get seriously fed up and are relied on, we are all sunk. Personally I was already having a very hard time before the Worldpay issue and on top of that the company I sell products for is now banning the display of prices on websites, I now have 4 whole days to design a working website. Perhaps I should say good bye as well. Why is it this all happens during the worst recession in history... I also think that if any wrapping of knuckles is to be done, it should be done privately and not in a forum. I wish everyone the best of luck.

[oxxyfx]

Well, that is sad. I surely hope this is not the end of it and Philip does not quit on us. I for one, not a programmer, cannot re-code this on my own without proper instructions, also I do not make enough money on my store to be able to pay somebody to re-code this module - but I would hate to go back only to paypal... Unfortunatly for some of us there aren't that manyoptions for merchant accounts - the only one which allowed me to deal in 3 different currencies was WP - even if it is more expensive than other available solutions which offer less functionality. But if there is no other solution I will have to drop WP and try to find someone else after 6 months of having WP account.

[Ooba_Scott]

It isnt too bad fixing it up to make it work for the time being with the thankyou page and cancellation page, the real problems would begin when worldpay release new updates and security holes that need fixing.


Also when ZC 2 is out, the whole module will need to be re-written anyway as no modules will work correctly

[petelutonuk]

Also when ZC 2 is out, the whole module will need to be re-written anyway as no modules will work correctly

From what I have been told, ZC 2 will not be compatible with V 1.3.8a anyway (correct me if I am wrong).
Speaking to Philip it does not seem worth keeping the Worldpay module going in it present form even if they allow the base href tag as he exposed other holes in their system that if they fix them, the worldpay module will not work at all. Strange how other merchants don't seem to be having these issues yet they all have to be compliant with the new PCI rules.

[Ooba_Scott]

Yeh i think you are correct in the fact that ZC2 will not be compatible with 1.38a as the changes are fairly major......but it does mean every module will need to be re-written to be compatible with v2 (althougth some modules will be made redundant, as i belive some will become standard)


Im not to bothered if WP keeps or remove the base href tag now, as i have fixed up my site to work without it, and the thankyou/cancellation page now looks fine (well as fine as its going to get)
I have made the css stylesheets absolute URL's, and i have turned off the left/right columns and footer so it doesnt try to display images that can not be found.

Yeh i understand what you mean about it is isnt worth keeping the mod if they fix the holes and the mod isnt fixable....that would suck.

Be a hard conversation to have with my clients who already have Wolrdpay accounts :S

[petelutonuk]

I know nothing about these other security holes mentioned but I can't help wondering if when they fix them they will affect all payments from any website and if that happens there would be so many people affected. As I still have 10 months of my annual Worldpay fee to use up I will use this module while I can. If they filter so much that it doesn't work before then, I will demand a portion of my money back. CAN ANYONE TELL ME if it is possible just to send the cart information to Worldpay, like you would with a simple HTML site, so that I can use Worldpays standard "Yes"html payment receipt page?

[Bigenuf]

You can remove the callback <wpdisplay item="MC_callback"> in the worldpay production management area or uncheck the callback i forget which but the problem then as i can remember is that worldpay will not send back the cart info so you will not have a record of the payment unless you go into your worldpay account and even then you won't know exactly what they ordered or what shipping address they might have specified or the mode of shipping they also will not receive a receipt from your cart or an email or even a record of it in their account they can refer back to. They will receive an email from worldpay saying they paid a specified amount to you.
If i'm wrong please someone correct me.

[petelutonuk]

My current HTML site still uses MC_callback. The customer gets a "Thank you" email using a script from the sendmail on my server confirming what they have ordered and I get a detailed email of product codes and prices, delivery address etc. Because of the whitelisting I have set the default Worldpay "Thank you" page to resultY.html (or resultC.html) receipt page. If I could just do this for my Zencart site I would be happy enough.

[Bigenuf]

If that works for you great. But the only drawback i can see is that you open your shop up to a vulnerability that Philip found where people could send fake orders through your store and it looked like they had paid at worldpay. That was when version 2.0 of this module was born. So i will be just using a template override to compensate for the look of the pages and the security will stay in place as Philip designed it.