Jump to content

CubeCart 4 - PayPal_Pro module rewriting customer e-mail


Recommended Posts

Hi, a client of mine is running a CubeCart 4 website, using PayPal Pro as the checkout module. We have found out that if I go through the cart and enter [email protected] as my e-mail account, then pay using my paypal account which is registered on [email protected] account, both the customer e-mail and the order summary e-mail is changed to [email protected].

Is this a feature? Can anyone please point me to a line/method I should change so the e-mail remains unchanged?

Loads of customers are complaining about not receiving the order confirmation, as it gets delivered to their paypal e-mail, which they might not even be using daily.

I went through the paypal module, order class and gateway include file but cant find the exact place where this happens.

Link to comment
Share on other sites

The files for PayPal Pro are in /modules/altCheckout/PayPal_Pro/wpp_XX/ and the file that updates the customer and order summary tables is GetExpressCheckoutDetails.php.

Discalimer: I know very little about CC4 (I know a lot about CC3, 5, and 6). I know nothing about PayPal, but I can follow the code (the parts that I examine) in the module.

The obstacle to overcome, as I see it (and I am making some unsubstantiated guesses with this), is that you may have set the PayPal Pro module (or your PayPal Merchant account) to not require a confirmed email address. (Or, this aspect may be referring to a physical mailing address - I can't really tell.)

Anyway, in the above file, line 13, the code is getting the CubeCart Customer's record so that CubeCart's records gets updated from the data PayPal has on the customer. The query in this statement is using an email address to find the customer's record. The question is, where is the email address coming from? I think it is from PayPal arriving via the hash_call() function in CallerService.php.

Line 37 is where the update takes place. BUT... the email address is not part of this update.

I have no idea what the consequences of making this statement into a PHP comment (place // in front).

So, assuming CubeCart's customer record is fetched based on the email address PayPal sends back, CubeCart will not find it. Therefore, (line 41) CubeCart inserts a new customer record.

Essentially we would not want to update the existing customer record (which CubeCart won't anyway if the email address is wrong), and not not insert a new record if the customer does, in fact, exist but PayPal sent back a different email address.

Therefore, I think the solution would be to find a way to send to CubeCart the customer's email address as CubeCart knows it to be, and have PayPal send that back - ignoring the customer's email address as PayPal knows it to be.

But I fear I won't be able to follow the module's code well enough to figure out how to do that.

Link to comment
Share on other sites

I had exactly the same with PayPal Express.


Customer places an order using his company details, delivery address etc.

Paid with Express which then updates the cart with his personal details.

We ended up shipping a £700 order to his home and not his business.


I raised the question on here, and the answer was "This is how the express module is configured".  I guess basically like it or lump it.

We switched back to the standard module.

Link to comment
Share on other sites

I guess it all boils down to these lines in gateway.inc.php

$cart_order_id = sanitizeVar($_SESSION['cart_order_id']);
$skipEmail = true;
$order->orderStatus(6,$_SESSION['cart_order_id'], $force = false, $skipEmail);

Gotta take a payment for an order, better delete it and recreate with totally different billing information, even thought nobody asked me to do it. Makes sense.

Hats off to the developer who wrote this, I have never seen a worse piece of logic and code in my entire life.

Question is, do I bother fixing this by not deleting the order and stop the insert from being run twice, or would that break even more things in this amazingly written piece of software?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...