twistedsymphony Posted May 10, 2017 Share Posted May 10, 2017 (edited) I've been running CubeCart v6 since Feburary and it's been working great until one of the recent updates (currently on 6.1.7). it's a complete bone stock installation with only 2 modules the official "PayPal Standard Payment Gateway" and the official "USPS Shipping Module" Problem #1: The first problem I noticed is that emails were no longer going out and I discovered that "SMTP with TLS" would fail to connect to my mail server. No settings had been changed, and i confirmed the settings were correct by plugging them into an email client (even called my Host and they confirmed that the problem was on the software side). It wasn't throwing any errors, it simply wasn't sending out emails. switching to normal "SMTP" allowed emails to start sending out again, but I'd still rather use TLS for the added security. Problem #2: I'd noticed some slight discrepancies in my inventory popping up but I couldn't figure out when it was happening until today. It seems that cube cart isn't removing items from inventory until I manually push the status from "Processing" to "Complete". Also it's not sending out order confirmation emails until that time either. the "Reduce stock levels" setting is set to "When payment has been made (Processing)" but despite the fact that I have orders in that status it doesn't reduce the stock or even send the customer (or me) an email that an order has been placed; not until I manually push the order status to Complete. at which time the inventory gets updated, I receive a notification (useless now as it's already been filled) and the customer gets the confirmation and the complete emails at the same time (also useless as the confirmation email is now late/redundant) This caused me some enormous problems today where I got in 1 of a hot item so I set my inventory to 1 but the site accepted payment on 3 separate orders for the item without reducing inventory. When I noticed i had to set the stock back to 0. I only even knew the orders had been placed by the paypal notifications I'd received since the site didn't send me any notification emails. Any help will be appreciated. as I have no idea how to fix this. Edited May 10, 2017 by twistedsymphony Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 10, 2017 Share Posted May 10, 2017 Welcome to the forums @twistedsymphony! Do you have Store Settings>Stock set to Reduce stock levels on Processing? Is Store Settings>Misc>Features set to Order Status send on Processing? Have you run the email TEST after saving all correct settings for Store Settings>Advanced>Email? 1 Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 10, 2017 Author Share Posted May 10, 2017 (edited) 8 minutes ago, Dirty Butter said: Do you have Store Settings>Stock set to Reduce stock levels on Processing Yes, I stated this in my first post. 8 minutes ago, Dirty Butter said: Is Store Settings>Misc>Features set to Order Status send on Processing? I just checked, it is indeed set to "Processing" 8 minutes ago, Dirty Butter said: Have you run the email TEST after saving all correct settings for Store Settings>Advanced>Email? Yes, I did. that's how I was able to determine that it producing a "failed to connect" error with TLS since there was no other errors being reported anywhere. This is also how I was able to determine that normal SMTP was working correctly. Edited May 10, 2017 by twistedsymphony Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 10, 2017 Share Posted May 10, 2017 I would suggest that you ask @havenswift-hosting for help, as I was hoping it was some simple setting that had been messed up on upgrading. If you don't already have the error log, please do that and see if there are any messages when you do a test order that might be helpful. https://forums.cubecart.com/topic/51550-how-to-create-the-error-log/ 1 Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 10, 2017 Author Share Posted May 10, 2017 I followed the instructions on that link. then I cleared my browser history and went through the process of creating a new account and placing an order, complete with payment. When I clicked the link on paypal to "return to merchant", my storefront had a nice big banner across the top that said: Quote The following errors were detected: Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used. I had no idea that was happening. that's not exactly confidence building for my customers. I received no email from cube cart. Checking the orders the order I placed is in the "Pending" status, it lists that it used the paypal gateway but it doesn't have the paypal transaction listed. there were no errors logged. so it seems that somehow the paypal transaction isn't making its way back to cube cart so the status isn't being pushed forward. Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 I was wrong about no errors being logged. the dashboard shows no errors but an error_log file was created in the htdocs folder with the following: Quote [10-May-2017 23:17:39 UTC] PHP Warning: Invalid Security Token in /htdocs/classes/sanitize.class.php on line 143 [10-May-2017 23:22:48 UTC] PHP Warning: Invalid Security Token in /htdocs/classes/sanitize.class.php on line 143 [10-May-2017 23:22:49 UTC] PHP Warning: Invalid Security Token in /htdocs/classes/sanitize.class.php on line 143 [10-May-2017 20:14:23 America/New_York] PHP Warning: array_merge() [<a href='http://docs.php.net/manual/en/function.array-merge.php'>function.array-merge.php</a>]: Argument #1 is not an array in /htdocs/classes/order.class.php on line 241 Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 11, 2017 Share Posted May 11, 2017 There is a gateway bug that you need to fix. I'll be right back with the link to the fix. 1 Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 Thank you for that. I'll make that change and report back! Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 ok so I changed the file, and cleared all caches except images as suggested. I then placed an order using a different PC that had never visited the site. the good news is that the order went into "processing" and cube cart received the paypal transaction info, the emails were sent the bad news is that as a customer was still presented with the "potential cross-site scripting" error message, also I noticed that my cart didn't get cleared; it still had the items in it (I noticed this during my last test as well but assumed it was related to the gateway problem). checking the error log I'm still getting the array_merge error in "order.class.php" and "sanitize.class.php" is still throwing the Invalid Security Token error but now it's on line 149 instead of 143. I'm also seeing some new errors that occurred sometime since the last test and before updating the file. Quote [10-May-2017 20:20:35 America/New_York] PHP Warning: Division by zero in /htdocs/classes/cart.class.php on line 1184 [10-May-2017 20:21:26 America/New_York] PHP Warning: array_keys() expects parameter 1 to be array, boolean given in /htdocs/admin_XXXXXX/sources/dashboard.index.inc.php on line 311 Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 11, 2017 Share Posted May 11, 2017 I've seen the second warning. I don't think that one is meaningful, but the first one sounds important. I don't know how to help with this. You can pay a month's support and get Cubecart support to fix this or wait for somebody with the skills to fix it here in the forum. 1 Quote Link to comment Share on other sites More sharing options...
keat Posted May 11, 2017 Share Posted May 11, 2017 I've checked my cart.class.php and line 1184 refers to something around taxes. Not knowing enough about php to faithfully state where the problem might be, but it's worth a quick look at your tax setup (maybe ??) 1 Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 I operate out of a states that doesn't collect sales taxes so that's possibly why it's dividing by zero Thanks! My only remaining concern is the "potential cross-site scripting" warning that is comming up when user's complete an order and return to the store from Paypal. What's causing this to occur and how do I stop it? Quote Link to comment Share on other sites More sharing options...
keat Posted May 11, 2017 Share Posted May 11, 2017 What version of the PayPal module do you have. V1.0.5 is the latest version. Have you considered deleting and reinstalling the module ? Also, is your store https ?? and maybe PayPal is sending back to non Https.. Just a though. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 11, 2017 Share Posted May 11, 2017 1 hour ago, twistedsymphony said: I operate out of a states that doesn't collect sales taxes so that's possibly why it's dividing by zero Thanks! There's a Tax Exempt choice in the stock CC install. Do you use that? Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 3 hours ago, keat said: What version of the PayPal module do you have. V1.0.5 is the latest version. Have you considered deleting and reinstalling the module ? I just checked and it is V1.0.5 my store is fairly new so this is the only version of the module I've ever run. I haven't tried deleting and re-installing it, I'll try that later tonight if you think it will help? 3 hours ago, keat said: Also, is your store https ?? and maybe PayPal is sending back to non Https.. My store is indeed https, is there a way to ensure paypal sends back as https as well? 2 hours ago, Dirty Butter said: There's a Tax Exempt choice in the stock CC install. Do you use that? I can't seem to find any specific "tax exempt" option, where is this located? Currently I simply have all of the tax rules disabled in the tax panel. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 11, 2017 Share Posted May 11, 2017 I installed a new test store from scratch the other day. I had a Standard Tax and Tax Exempt choice without any numbers in either one (already named in the Tax section). Since you don't have it, try creating a No Tax choice with 0% and see if it stops that divide by zero warning. Quote Link to comment Share on other sites More sharing options...
twistedsymphony Posted May 11, 2017 Author Share Posted May 11, 2017 7 hours ago, Dirty Butter said: I installed a new test store from scratch the other day. I had a Standard Tax and Tax Exempt choice without any numbers in either one (already named in the Tax section). Since you don't have it, try creating a No Tax choice with 0% and see if it stops that divide by zero warning. That warning only occurred once, over the course of a half-dozen orders placed so I'm not sure what exactly is triggering it. I don't want to start mucking around with the tax settings unless I can find the exact steps that cause the error to occur. That doesn't concern me nearly as much as the bright red " Security Alert: Possible Cross-Site Request Forgery (CSRF) " that my customers are seeing whenever they place an order. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted May 12, 2017 Share Posted May 12, 2017 I totally understand you need to get the csrf message to stop. I misunderstood and thought the error message happened at that time. I'm sorry but I don't know enough to help you with this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.