gazmalman Posted June 14, 2015 Share Posted June 14, 2015 I've just moved to a new hosting company, my store and database have all transferred fine. However when a payment is made through sagepay the orders are staying pending despite the payment being made? I have moved host before and not had this problem, sure its something simple but cant for the life of me see what it is? Thanks in advance Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 14, 2015 Share Posted June 14, 2015 Your new hosting provider may not have the necessary encryption package enabled for PHP. To check, in admin, PHP Info, scroll to the place where the table "mcrypt" would appear. If that table is there, make sure it has RIJNDAEL_128 as one of the methods in the package. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 14, 2015 Author Share Posted June 14, 2015 rijndael-128 is in place as a cipher Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 14, 2015 Share Posted June 14, 2015 Ok.I assume your domain name is the same after moving servers.Has it been that long since the move? I am wondering if the DNS propagation has not reached the SagePay region. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 14, 2015 Author Share Posted June 14, 2015 Yeah domain name is the same, dns was changed well over a week ago so would have thought the propagation is all done and dusted?Head scratcher? Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted June 14, 2015 Share Posted June 14, 2015 Is there anything in your SagePay account that could be using the old IP address as a setting? Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 14, 2015 Share Posted June 14, 2015 Do you have access to the web server logs?We can see if SagePay is making a request to your domain at:index.php?_g=rm&type=gateway&cmd=process&module=SagePay&cart_order_id=123456-123456-1234This request should arrive within seconds of the customer making payment. This request is what notifies CubeCart of the transaction results (in POST, not in the GET querystring).If your hosting plan has a control panel, in that panel may be a means of downloading the request log for your site. Depending on the hosting, you may also find archived logs. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 15, 2015 Author Share Posted June 15, 2015 That's missing, there are GET there with the encryption but no POSTs from sagepay so I guess that's the issue. Could it be blocked by the hosting co.? Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2015 Share Posted June 15, 2015 The POSTed values will be with the request, but they are not missing. Web logs rarely, if ever, log POST, only the URL (which includes the GET querystring).There was an issue I ran into with a similar situation. If I recall, the hosting provider had some sort of security filter on the server that did not like something about the encrypted value (or maybe did not like the name "encrypt" for the keyname).I will try to find that conversation.In the meantime, contact your hosting provider and ask if there is a security device applied to your account that would affect in any way the querystring. Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2015 Share Posted June 15, 2015 I found the conversation.That conversation relates to a security build of PHP called "suhosin". Suhosin either:* has a limit on the size of GET values that are given to PHP (the crypt value is 769 bytes), or* does not like the keyname of "crypt", or* does not like values that start with '@'.For that other situation, we cheated that limitation, whatever it was, by reloading the GET array from the $_SERVER['QUERY_STRING'] value.We can try this, but let's see what your hosting provider has to say. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 15, 2015 Share Posted June 15, 2015 We have a support ticket open for this internally. There are no items in the php error log. I wonder if SagePay are resolving to the new web hosting IP address. Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2015 Share Posted June 15, 2015 "There are no items in the php error log."There would be no log entries regarding this if Suhosin is removing the key/value from the querystring.gazmalman said the server access logs show the page request from SagePay, so I think a DNS issue is not contributing.This is the solution for the event I worked on:In the file index.php, add these lines above the existing line: // Override suhosin $_GET limitation $_GET = array(); $params = explode('&', $_SERVER['QUERY_STRING']); foreach ($params as $pair) { list($key, $value) = explode('=', $pair); $_GET[urldecode($key)] = urldecode($value); $_REQUEST[urldecode($key)] = urldecode($value); } Existing line: require dirname(__FILE__).DIRECTORY_SEPARATOR.'ini.inc.php'; This might also work in ini-custom.inc.php. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 15, 2015 Author Share Posted June 15, 2015 Its not DNS or IP, checkout works, goes through but then comes up with a 503 overload error when sagepay sends the customer back to my site. Hosting co. are looking into it at the minute. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 15, 2015 Share Posted June 15, 2015 Ah I don't think you mentioned that to now. Certainly sound like a server issue. I doubt anything needs changing in CC but let's see what the host says. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 15, 2015 Author Share Posted June 15, 2015 Only found out when we did a test purchase at request of the hosting company, yeah Its got to be with the server, as soon as we have it fixed I'll let you know what it was. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 17, 2015 Author Share Posted June 17, 2015 Just got this from the hosting co, could anyone shed some light on where the locations are?Hello,I can see in the logs that the php openbase restriction is causing the errors. Please have a look at the log entries[16-Jun-2015 19:09:48 UTC] PHP Warning: file_exists() [<a href='http://docs.php.net/manual/en/function.file-exists.php'>function.file-exists.php</a>]: open_basedir restriction in effect. File(/usr/lib/php/smarty_internal_resource_string.class.php) is not within the allowed path(s): (/home/malmanfl:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/malmanfl/public_html/store/cart4/classes/autoloader.class.php on line 102[16-Jun-2015 19:09:48 UTC] PHP Warning: file_exists() [<a href='http://docs.php.net/manual/en/function.file-exists.php'>function.file-exists.php</a>]: open_basedir restriction in effect. File(/usr/lib/php/Smarty_Internal_Resource_String.php) is not within the allowed path(s): (/home/malmanfl:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /home/malmanfl/public_html/store/cart4/classes/autoloader.class.php on line 105The errors are caused when php is trying to access the locations which are outside your document root. You can allow and the add such location from your cpanel to fix the issue. I am unable to identify it from the website codes. Please contact your website developer and let us know the locations, so that we can allow the locations. You can also add it from your cPanel cPanel > Softwares and services > Select Php Version On the right end you can see "Switch To PHP Settings" , there you can define the "open_basedir" location which a user is allowed to access. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 17, 2015 Share Posted June 17, 2015 (edited) It's as if Smarty is trying to load resources outside of your "home" folder (/home/malmanfl). I haven't seen this before. I'm not convinced it's the issue as a "Warning" in an error log isn't strictly an error. It's more of a "best practice suggestion". Your include paths are;/home/malmanfl/usr/lib/php/usr/php4/lib/php/usr/local/lib/php/usr/local/php4/lib/php/tmpThis actually all seems very normal. The whole point of include paths (these are set by your hosting and not CubeCart) are default locations to look for file includes. Maybe as your host says "/usr/lib/php" needs to be removed from the include path list in WHM/cPanel. I'm not a server administrator so can't say for sure. Edited June 17, 2015 by Al Brookbanks Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 17, 2015 Author Share Posted June 17, 2015 OK so we've just done another test, customer now getting directed back to the site after card payment but there is a box saying the payment is pending till confirmation is recived. Still pending in admin. Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 17, 2015 Share Posted June 17, 2015 Please remind us of the exact version of CubeCart you are running.Lines 102 and 105 are not valid code in the autoloader class file for CC605.Since this is mentioning Smarty, it seems that once Smarty has loaded it's main class file, and then wants to load it's sub-classes, the sequence is eventually hitting the part in Autoloader that starts scanning the PHP.INI 'include_path' value.Which is strange on two points: Smarty not knowing its own library structure, and a hosting server environment that sets the include path but fails to include that include path in the openbase restriction list of paths. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 17, 2015 Author Share Posted June 17, 2015 I'm on 5.2.13 at the moment, I'm reluctant to go to 6 at the minute because I'm using a third party skin and could do without the trouble of upgrading. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 17, 2015 Share Posted June 17, 2015 v5 skins are 100% compatible with v6. I'd guess over 50% of v6 users have a v5 skin right now until we have some good stock ones. Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 19, 2015 Author Share Posted June 19, 2015 Ive done the upgrade to 6, not fixed the sagepay problem and all the buttons in admin have gone, guessing the gif files have been blocked by the host? I'm wondering could this be something that is causing issues with sagepay? Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 19, 2015 Share Posted June 19, 2015 "all the buttons in admin have gone"That has recently been discussed. It seems that Internet Explorer in Compatibility Mode has issues with the "Font Awesome" system that CC6 uses.Can you confirm you are using Internet Explorer?Have we confirmed that the hosting provider is blocking the response or is not blocking the response from SagePay? Quote Link to comment Share on other sites More sharing options...
gazmalman Posted June 19, 2015 Author Share Posted June 19, 2015 Chrome, I'd rather pull my teeth out with a pair of rusty pliers than use IEIts hard to say if the response is being blocked? All I know is when a purchase is made via sagepay the customer IS sent back to my store but status is not set to processing and there is a message to the customer stating that the order is pending till confirmation of payment is made. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 19, 2015 Share Posted June 19, 2015 Chrome, I'd rather pull my teeth out with a pair of rusty pliers than use IEMe too. My family lives in a Microsoft free household. I added a bunch of new emoticons today. Sorry I couldn't resist this one.... Our support ticket is still open. Maybe we can do some test purchases with a Simulator SagePay account and debug the data returned? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.