WorldPay Module version 3.0 - Support thread

[SpaceMonkey]

Out of interest what are the factors that make you both choose Worldpay rather than, for instance, Sagepay?

My Boss! lol

No seriously it's cost. With the added benefit of PCI certification in 10 minutes rather than days. Sage (at the time) didn't compete.

[SpaceMonkey]

(1) I am not sure why those columns are mediumblob anyway. This seems like a really poor choice. (So, if someone rewrites they could consider this)

Unusable data to me.

(2) Anyway, I don't think (but may be wrong) that all that data that is stored in blob format is ever used. I think it is just record keeping, of the state when the payment was processed, which is a good thing in some circumstances and may be a compliance issue .... maybe possibly.

Possibly maybe.... Have you ever sat and had a read of the PCI DSS SAQ level 4 plus guidance notes? Unless it's your subject it can really make you feel incompetent.

I'm going to backup my tables by exporting the data and then dropping table data older than 12mths, for me it then makes it manageable, GDPR compliant (I think) whilst keeping PCI compliance data available and complying to the full length of the law (UK). So yes If someone did add a trim function please consider an export function too.

Good luck!

[gilby]

Could a lot of that data be "debug" data
Is there a debug setting, and is it turned on?

[SpaceMonkey]

Could a lot of that data be "debug" data
Is there a debug setting, and is it turned on?

This module emails debug data with an option in Admin for mail distribution list. I remember I used it previously but not great reporting. Also worldpay email callback dumps with response data only on failure. Debug always emails... Everything.

The data table names are request, session, post, & server. Remembering this is an off site payment module I think this is the raw data encrypted!

[SpaceMonkey]

Looked a bit deeper..... its the data for the admin > customers > worldpay payments

example:

Code:

Original Billing Address: 
17 Any Road
Suburb
Town
 
WorldPay CC Address: 
17 Any Road
Another Town
Warning: Address Mismatch

Which of course is part of your AVS and other cross checks with worldpay.... or so my understanding of this goes.

[niccol]

The module stores the complete state at the time of processing. So, all the post variables, all the session variables, all the server variables, and all the request variables. I think this is just someone in the past thinking one of two things. Either that some of this stuff may be useful for compliance. Or that they don't really know so they are going to store it anyway.

The code block looks like this (so would be easy enough to change to disable the storage of this data).

Code:

		$str['POST'] = base64_encode(serialize($_POST));
		$str['SESSION'] = base64_encode(serialize($_SESSION));
		$str['SERVER'] = base64_encode(serialize($_SERVER));
		$str['REQUEST'] = base64_encode(serialize($_REQUEST));
		
		if($_REQUEST['transStatus'] == 'C'){
				$_POST['transId'] = 'Cancelled';
				$_REQUEST['transId'] = 'Cancelled';
		}

		$db->Execute("INSERT INTO `".TABLE_WORLDPAY_PAYMENTS."` (cartId, worldpay_transaction_id, POST, SESSION, SERVER, REQUEST) VALUES ('".zen_db_input($_POST['cartId'])."', '".zen_db_input($_POST['transId'])."', '". $str['POST'] ."', '". $str['SESSION'] ."', '". $str['SERVER'] ."', '". $str['REQUEST'] ."')");

As I say, I do not want to get into the nitty-gritty of this, and yes I have read my way through the PCI guidance notes. I don't think that this is a compliance issue but I am not an expert.

My solution would always be to use another gateway. This is because the underlying methods of Worldpay are just horrible. I understand that Worldpay is slightly cheaper but as a programmer and not a business owner I don't think the savings are worth it. Different perspectives.

[SpaceMonkey]

The module stores the complete state at the time of processing. So, all the post variables, all the session variables, all the server variables, and all the request variables. I think this is just someone in the past thinking one of two things. Either that some of this stuff may be useful for compliance. Or that they don't really know so they are going to store it anyway.

The code block looks like this (so would be easy enough to change to disable the storage of this data).

Code:

		$str['POST'] = base64_encode(serialize($_POST));
		$str['SESSION'] = base64_encode(serialize($_SESSION));
		$str['SERVER'] = base64_encode(serialize($_SERVER));
		$str['REQUEST'] = base64_encode(serialize($_REQUEST));
		
		if($_REQUEST['transStatus'] == 'C'){
				$_POST['transId'] = 'Cancelled';
				$_REQUEST['transId'] = 'Cancelled';
		}

		$db->Execute("INSERT INTO `".TABLE_WORLDPAY_PAYMENTS."` (cartId, worldpay_transaction_id, POST, SESSION, SERVER, REQUEST) VALUES ('".zen_db_input($_POST['cartId'])."', '".zen_db_input($_POST['transId'])."', '". $str['POST'] ."', '". $str['SESSION'] ."', '". $str['SERVER'] ."', '". $str['REQUEST'] ."')");

As I say, I do not want to get into the nitty-gritty of this, and yes I have read my way through the PCI guidance notes. I don't think that this is a compliance issue but I am not an expert.

My solution would always be to use another gateway. This is because the underlying methods of Worldpay are just horrible. I understand that Worldpay is slightly cheaper but as a programmer and not a business owner I don't think the savings are worth it. Different perspectives.

I agree, not the nicest experience for the customer either.

[bonheddwr]

Hi all. The plugin works great for me other than one issue. After people choose to pay via WorldPay, they are taken to the WorldPay site. All the processing is done there, and the customer returns to the Zen Cart order confirmation page. Everything seems fine,tbut the issue is that none of the Worldpay orders are logged under 'Transactions' in our Google Analytics account. All orders placed on our site using Paypal are logged on Analytics but not the Worldpay ones. This has been an ongoing issue for us. Today I copied all of the *clean* files again from the plugin to our server. The only changes I have made (changes made by the developer) is to change the following code in includes/modules/payment/worldpay.php.

Code:

      function selection() {

        if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
            switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
            case 'Radio Buttons' :
            return array('id' => $this->code,
                        'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
            break;
            case 'Select Box':
            $this->cc_drop = array();
            array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
            return array('id' => $this->code,
                        'module' => $this->title.'</label> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
            break;
            default:
            return array('id' => $this->code,
                        'module' => $this->title);
            }
        }else{
        return array('id' => $this->code,
                'module' => $this->title);
        }

      }

to:

Code:

      function selection() {

        if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
            switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
            case 'Radio Buttons' :
            return array('id' => $this->code,
                        'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
            break;
            case 'Select Box':
            $this->cc_drop = array();
            array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
            return array('id' => $this->code,
                        'module' => $this->title.'</label><p align="center"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
            break;
            default:
            return array('id' => $this->code,
                        'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label> ');
            }
        }else{
        return array('id' => $this->code,
                'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label>' );
        }

      }

Other than that it a clean installation.

Could the changes above be somehow stopping Google Analytics from logging any Worldpay orders made on our site cadwyngifts.com ? I hope the above is clear. I would greatly appreciate any feedback.

[niccol]

Hi all. The plugin works great for me other than one issue. After people choose to pay via WorldPay, they are taken to the WorldPay site. All the processing is done there, and the customer returns to the Zen Cart order confirmation page. Everything seems fine,tbut the issue is that none of the Worldpay orders are logged under 'Transactions' in our Google Analytics account. All orders placed on our site using Paypal are logged on Analytics but not the Worldpay ones. This has been an ongoing issue for us. Today I copied all of the *clean* files again from the plugin to our server. The only changes I have made (changes made by the developer) is to change the following code in includes/modules/payment/worldpay.php.

Code:

      function selection() {

        if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
            switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
            case 'Radio Buttons' :
            return array('id' => $this->code,
                        'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
            break;
            case 'Select Box':
            $this->cc_drop = array();
            array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
            return array('id' => $this->code,
                        'module' => $this->title.'</label> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
            break;
            default:
            return array('id' => $this->code,
                        'module' => $this->title);
            }
        }else{
        return array('id' => $this->code,
                'module' => $this->title);
        }

      }

to:

Code:

      function selection() {

        if(sizeof(explode(',', trim(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST)))>0 && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC_LIST !='--none--' && MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC != 'False'){
            switch(MODULE_PAYMENT_WORLDPAY_ACCEPTED_CC){
            case 'Radio Buttons' :
            return array('id' => $this->code,
                        'module' => $this->title.$this->_draw_radio_menu($this->_cc_map(), $_SESSION['paymentType'] ));
            break;
            case 'Select Box':
            $this->cc_drop = array();
            array_walk($this->_cc_map(), array('worldpay', 'cc_split'));
            return array('id' => $this->code,
                        'module' => $this->title.'</label><p align="center"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p> '.zen_draw_pull_down_menu("paymentType", $this->cc_drop, $_SESSION['paymentType'] ).'<label>' );
            break;
            default:
            return array('id' => $this->code,
                        'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label> ');
            }
        }else{
        return array('id' => $this->code,
                'module' => $this->title.'<p style="margin: 0px;"><img src=https://www.cadwyngifts.com/images/cardiau-credyd-cadwyn.png border=0 alt="Card payments supported by Worldpay"></p></label>' );
        }

      }

Other than that it a clean installation.

Could the changes above be somehow stopping Google Analytics from logging any Worldpay orders made on our site cadwyngifts.com ? I hope the above is clear. I would greatly appreciate any feedback.

It will be because of the weird 'order confirmation' page that Worldpay uses.

By which I mean that the page after the customer enters their details ssuccessfully is generataed by the worldpay server rather than your server. The GA code will be on the page that your server generates so may never get actioned in the Worldpay way of doing things.

So, I think that the good news is that it has not got to do with the changes that your developer has made. The bad news is that it is going to be challenging to rectify.

:-)

[bonheddwr]

It will be because of the weird 'order confirmation' page that Worldpay uses.

By which I mean that the page after the customer enters their details ssuccessfully is generataed by the worldpay server rather than your server. The GA code will be on the page that your server generates so may never get actioned in the Worldpay way of doing things.

So, I think that the good news is that it has not got to do with the changes that your developer has made. The bad news is that it is going to be challenging to rectify.

:-)

Thanks Nicco for the information! I have heard many people complain about WorldPay's weird setup! But the strange thing is, other people seem to use the WorldPay and GA plugins, and the orders are logged in their analytics. Could it be something to do with the options I have chosen on the Worldpay site itself therefore?