Jump to content

Sagepay not working after server migragtion, v5


gazmalman

Recommended Posts

I've just moved to a new hosting company, my store and database have all transferred fine. However when a payment is made through sagepay the orders are staying pending despite the payment being made? I have moved host before and not had this problem, sure its something simple but cant for the life of me see what it is? Thanks in advance:)

Link to comment
Share on other sites

Your new hosting provider may not have the necessary encryption package enabled for PHP. To check, in admin, PHP Info, scroll to the place where the table "mcrypt" would appear. If that table is there, make sure it has RIJNDAEL_128 as one of the methods in the package.

 

Link to comment
Share on other sites

Do you have access to the web server logs?

We can see if SagePay is making a request to your domain at:

index.php?_g=rm&type=gateway&cmd=process&module=SagePay&cart_order_id=123456-123456-1234

This request should arrive within seconds of the customer making payment. This request is what notifies CubeCart of the transaction results (in POST, not in the GET querystring).

If your hosting plan has a control panel, in that panel may be a means of downloading the request log for your site. Depending on the hosting, you may also find archived logs.

Link to comment
Share on other sites

The POSTed values will be with the request, but they are not missing. Web logs rarely, if ever, log POST, only the URL (which includes the GET querystring).

There was an issue I ran into with a similar situation. If I recall, the hosting provider had some sort of security filter on the server that did not like something about the encrypted value (or maybe did not like the name "encrypt" for the keyname).

I will try to find that conversation.

In the meantime, contact your hosting provider and ask if there is a security device applied to your account that would affect in any way the querystring.

Link to comment
Share on other sites

I found the conversation.

That conversation relates to a security build of PHP called "suhosin". Suhosin either:

* has a limit on the size of GET values that are given to PHP (the crypt value is 769 bytes), or
* does not like the keyname of "crypt", or
* does not like values that start with '@'.

For that other situation, we cheated that limitation, whatever it was, by reloading the GET array from the $_SERVER['QUERY_STRING'] value.

We can try this, but let's see what your hosting provider has to say.

Link to comment
Share on other sites

"There are no items in the php error log."

There would be no log entries regarding this if Suhosin is removing the key/value from the querystring.

gazmalman said the server access logs show the page request from SagePay, so I think a DNS issue is not contributing.

This is the solution for the event I worked on:

In the file index.php, add these lines above the existing line:

// Override suhosin $_GET limitation
$_GET = array();
$params = explode('&', $_SERVER['QUERY_STRING']);
foreach ($params as $pair) {
 list($key, $value) = explode('=', $pair);
 $_GET[urldecode($key)] = urldecode($value);
 $_REQUEST[urldecode($key)] = urldecode($value);
}

Existing line:
require dirname(__FILE__).DIRECTORY_SEPARATOR.'ini.inc.php';

This might also work in ini-custom.inc.php.

Link to comment
Share on other sites

Just got this from the hosting co, could anyone shed some light on where the locations are?

Hello,

I can see in the logs that the php openbase restriction is causing the errors. Please have a look at the log entries

[16-Jun-2015 19:09:48 UTC] PHP Warning:  file_exists() [<a href='http://docs.php.net/manual/en/function.file-exists.php'>function.file-exists.php</a>]: open_basedir restriction in effect. File(/usr/lib/php/smarty_internal_resource_string.class.php) is not within the allowed path(s): (/home/malmanfl:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/malmanfl/public_html/store/cart4/classes/autoloader.class.php on line 102
[16-Jun-2015 19:09:48 UTC] PHP Warning:  file_exists() [<a href='http://docs.php.net/manual/en/function.file-exists.php'>function.file-exists.php</a>]: open_basedir restriction in effect. File(/usr/lib/php/Smarty_Internal_Resource_String.php) is not within the allowed path(s): (/home/malmanfl:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/malmanfl/public_html/store/cart4/classes/autoloader.class.php on line 105

The errors are caused when php  is trying to access the locations which are outside your document root. You can allow and the add  such location from your cpanel to fix the issue. 
I am unable to identify it from the website codes. Please contact your website developer and let us know the locations, so that we can allow the locations. 

You can also add it from your cPanel 

 cPanel > Softwares and services > Select Php Version 

On the right end you can see  "Switch To PHP Settings" , there you can define the "open_basedir"  location which a user is allowed to access. 

Link to comment
Share on other sites

It's as if Smarty is trying to load resources outside of your "home" folder (/home/malmanfl). I haven't seen this before. I'm not convinced it's the issue as a "Warning" in an error log isn't strictly an error. It's more of a "best practice suggestion". Your include paths are;

/home/malmanfl
/usr/lib/php
/usr/php4/lib/php
/usr/local/lib/php
/usr/local/php4/lib/php
/tmp

This actually all seems very normal. The whole point of include paths (these are set by your hosting and not CubeCart) are default locations to look for file includes. Maybe as your host says "/usr/lib/php" needs to be removed from the include path list in WHM/cPanel. I'm not a server administrator so can't say for sure.

Edited by Al Brookbanks
Link to comment
Share on other sites

Please remind us of the exact version of CubeCart you are running.

Lines 102 and 105 are not valid code in the autoloader class file for CC605.

Since this is mentioning Smarty, it seems that once Smarty has loaded it's main class file, and then wants to load it's sub-classes, the sequence is eventually hitting the part in Autoloader that starts scanning the PHP.INI 'include_path' value.

Which is strange on two points: Smarty not knowing its own library structure, and a hosting server environment that sets the include path but fails to include that include path in the openbase restriction list of paths.

Link to comment
Share on other sites

"all the buttons in admin have gone"

That has recently been discussed. It seems that Internet Explorer in Compatibility Mode has issues with the "Font Awesome" system that CC6 uses.

Can you confirm you are using Internet Explorer?

Have we confirmed that the hosting provider is blocking the response or is not blocking the response from SagePay?

Link to comment
Share on other sites

Chrome, I'd rather pull my teeth out with a pair of rusty pliers than use IE:o

Its hard to say if the response is being blocked? All I know is when a purchase is made via sagepay the customer IS sent back to my store but status is not set to processing and there is a message to the customer stating that the order is pending till confirmation of payment is made.  

Link to comment
Share on other sites

Chrome, I'd rather pull my teeth out with a pair of rusty pliers than use IE:o

Me too. My family lives in a Microsoft free household. 

I added a bunch of new emoticons today. Sorry I couldn't resist this one.... :booty:

Our support ticket is still open. Maybe we can do some test purchases with a Simulator SagePay account and debug the data returned?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...