Jump to content

[Resolved using Live PP, not Sandbox} Major flaw with Paypal Standard plugin


Guest

Recommended Posts

Hello again,

Just noticed another quite major flaw with the Paypal standard plugin. If a customer clicks on the secure checkout from the checkout page cubecart directs them to Paypal as it should. However the admin panel orders page is automatically updated to show that a payment is pending even though the customer hasnt even logged into Paypal or paid. This potentially means admins are logging into the admin panel without checking if a payment has actually been made on paypals end and changing the order to complete and then delivering the products! Should the IPN be updating the admin back end this quick? Thought it was a problem with the plugin at first, but after reinstalling the problem still occurred. I only spotted it trying to created a hook so pending emails are send out to customers. Please advice

Thanks

Link to comment
Share on other sites

49 minutes ago, Dirty Butter said:

I've always used Processing as the email trigger, so that's not a problem for me. 

The email isnt the problem! The point is that regardless of any emails, somebody could click the secure checkout button then click the cancel and return to site and the payment pending order has already been created at this point in the admin section!!!

Link to comment
Share on other sites

Allow us to clarify what CubeCart means by Pending, Processing, and Completed.

Pending is an order that has not yet been paid for. The admin must realize that, even if notified of the order (optional for Pending) or sees the order on the Dashboard, and even if stock levels have been reduced (optional for Pending), the order must not be shipped. The payment processor did not set the order to Pending (assumed to be PayPal's IPN) - CubeCart did that when having saved the order in the database's CubeCart_order_summary table.

When the payment processor informs CubeCart that the transaction was successful (such as via PayPal's IPN), then CubeCart changes the order's status to Processing. The admin now must package the order for shipping. The admin may be notified (if not already done so in Pending), and stock levels will be reduced (if not already done so in Pending).

Once the order is shipped, the admin must manually change the status of the order to Completed.

For an admin to ship an order when the order is at Pending is an error in understanding what Pending means.

Link to comment
Share on other sites

As Brian has said, this is not a flaw and is a misunderstanding by you in what the order statuses mean !  Pending simply means that an order has been placed in the store but NOT paid yet. On successful payment most gateways will automatically change the order status to Processing (a few have to be manually changed by an admin such as the Print Order and Manual Card - for obvious reasons!) and that is the trigger for the store admin to send out the order (although good advice for any and all E-Commerce products has always been to double check directly with the gateway that a payment has been received). Nice you have shipped the order, you updated shipping details (date etc etc) and change status to Completed

Link to comment
Share on other sites

Thankyou for clarifying that however what happens if the gateway isnt automatically changing the order status to pending. You still have the same problem of having to manually check via paypal to see the response code. This is like my case. The status never changes from pending however checking the Paypal IPN history reports status as 200. I might just have o resort to a different gateway then PayPal!

Thanks

Link to comment
Share on other sites

32 minutes ago, hathead1990 said:

Thankyou for clarifying that however what happens if the gateway isnt automatically changing the order status to pending.

You still have the same problem of having to manually check via paypal to see the response code. This is like my case. The status never changes from pending however checking the Paypal IPN history reports status as 200.

I might just have o resort to a different gateway then PayPal!

I assume you mean "if the gateway isn't automatically changing the order status to Processing" (not Pending) ?

If that is the case and you are running 6.1.7 then you need the fix shown in this issue https://github.com/cubecart/v6/issues/1601 which leads to this commit https://github.com/cubecart/v6/commit/fdac99ad1b868064694d42dd4ac5d52f4acd0aea Just ensure you remove the var_dump line.  This issue isn't a PayPal issue and affects most gateways

If you are 100% certain that you have that patch then something on your end is blocking the IPN process and you will need to speak to your hosting company

Ian

Link to comment
Share on other sites

5 hours ago, havenswift-hosting said:

I assume you mean "if the gateway isn't automatically changing the order status to Processing" (not Pending) ?

If that is the case and you are running 6.1.7 then you need the fix shown in this issue https://github.com/cubecart/v6/issues/1601 which leads to this commit https://github.com/cubecart/v6/commit/fdac99ad1b868064694d42dd4ac5d52f4acd0aea Just ensure you remove the var_dump line.  This issue isn't a PayPal issue and affects most gateways

If you are 100% certain that you have that patch then something on your end is blocking the IPN process and you will need to speak to your hosting company

Ian

That commit sorted the error I was getting with a csrf when customers came back to my site from Paypal once they have made a payment however hasn't sorted the issue with payments not changing to processing. I will contact the hosting company and see if they can shed any light onit.

Thanks

Link to comment
Share on other sites

Right so I fixed the issue by rattling my brain for hours. It turns out Paypal doesn't like you using a sandbox account email address if there is live equivalent!!! Paypal sandbox allows you to setup any test email on signing up. I have my live email [email protected] for example and a sandbox account with the same email. After changing my test email to a different one and setting this in the papal extension under the admin panel my orders are now processing accordingly. and the system is working as it should. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...