Jump to content

Process function not called (although passed in URL) upon return of payment gateway


Guillaume
 Share

Recommended Posts

Hi,

I have a shop which URL is gu.temperature-alerte.com and have developped a payment gateway called Ameo. I've set:

  • the IPN URL (for asynchronous calls) to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=call&module=Ameo - that works brilliantly and I can see the call function is called
  • the return URL (for synchronous calls) to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo - that does not work and immediately redirects me to gu.temperature-alerte.com/index.php without calling the process function (see the PHP console from Firefox in the picture enclosed below)
  • aJUXl_qvpaTUsoyYAz1Epjs2TniAWpRTmxuA-vQcNDdkEVe5ezphY_0vE5WOku0HASt8XwhV5FwNAODyCHlmEHZKEv4ShuCLzuFY-Eoa5Z7SPKnR8EIV-wBjliIjO2v-TNbv08zuLCYaQ52fs_CITyUhxc.thumb.png.bbe01b5d46c0fe83bee998c5b9c2471e.png
  • only for testing purposes, I had tried to set up the IPN URL to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo (I appreciate it's not what I'm supposed to do - I just wanted to see if anything was wrong in the URL or in my function) - and the process function was called

Does anyone see anything obvious which I would be doing wrong here? Thanks in advance!

Guillaume

Link to comment
Share on other sites

I see that the first GET is taking a whole second (which is a long time actually) before telling the browser to go back to index.php. That suggests some work is getting done.

The process() method usually sends the browser to index.php?_a=complete:

## Redirect to _a=complete, and drop out unneeded variables
httpredir(currentPage(array('_g', 'type', 'cmd', 'module'), array('_a' => 'complete')));

If your process() method logs anything to the Transactions database, see if there is anything for that order_id (I don't see enough of the query string to determine if the order_id was passed in).

Link to comment
Share on other sites

I actually already had the following in my process() method:

Quote
## Redirect to _a=complete, and drop out unneeded variables
httpredir('index.php?_a=complete');

But it sticked to redirect to index.php solely. I tried changing it to what you suggested, but it keeps redirecting to index.php.

The order id is passed below in the get, but there is nothing logged as a transaction, precisely because I've got instructions in the process() method to log it (which is how I found out that the process() method is not called - while it is called when I ask the payment provider to send asynchronous call to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo

Quote
http://gu.temperature-alerte.com/index.php?_g=rm&type=gateway&cmd=process&module=Ameo&vads_amount=1000&vads_auth_mode=FULL&vads_auth_number=3fe964&vads_auth_result=00&vads_capture_delay=0&vads_card_brand=CB&vads_card_number=497010XXXXXX0014&vads_payment_certificate=bee33a1475af1dd9703ff5f087411ea588eeb9b7&vads_ctx_mode=TEST&vads_currency=978&vads_effective_amount=1000&vads_effective_currency=978&vads_site_id=49302287&vads_trans_date=20220412211351&vads_trans_id=211351&vads_trans_uuid=a271348f32f54448bbc22d03f71e80f4&vads_initial_issuer_transaction_identifier=3118226881613694&vads_validation_mode=0&vads_version=V2&vads_warranty_result=YES&vads_payment_src=EC&vads_order_id=220412-231351-5616&vads_cust_email=[email protected]&vads_cust_id=1&vads_cust_title=M&vads_cust_name=Guillaume+%26+Zira Richard&vads_cust_first_name=Guillaume+%26+Zira&vads_cust_last_name=Richard&vads_cust_address=10+Rue+De+La+Liberation&vads_cust_zip=69380&vads_cust_city=POMMIERS&vads_cust_country=FR&vads_contrib=cubeCart-single+v1.0.0+-+php+v7.4.28&vads_cust_legal_name=Guillaume+Societe&vads_ship_to_name=Guillaume Richard&vads_ship_to_street=10+rue+de+la+Liberation&vads_ship_to_city=Pommiers&vads_ship_to_zip=Guillaume&vads_ship_to_country=FR&vads_ship_to_delivery_company_name=Free+Shipping&vads_ship_to_first_name=Guillaume&vads_ship_to_last_name=Richard&vads_ship_to_legal_name=Guillaume+Societe&vads_tid=001&vads_sequence_number=1&vads_acquirer_network=CB&vads_contract_used=8731447&vads_trans_status=AUTHORISED&vads_expiry_month=6&vads_expiry_year=2023&vads_bank_label=Banque de démo et de l'innovation&vads_bank_product=F&vads_pays_ip=FR&vads_presentation_date=20220412211352&vads_effective_creation_date=20220412211352&vads_occurrence_type=UNITAIRE&vads_operation_type=DEBIT&vads_result=00&vads_extra_result=&vads_card_country=FR&vads_language=fr&vads_brand_management={"userChoice":false,"brandList":"CB|VISA","brand":"CB"}&vads_action_mode=INTERACTIVE&vads_payment_config=SINGLE&vads_page_action=PAYMENT&vads_ext_info_guest=NO&vads_threeds_enrolled=Y&vads_threeds_auth_type=CHALLENGE&vads_threeds_eci=05&vads_threeds_xid=MEc1aFUxaW93d2VzbHJySlU4TTA=&vads_threeds_cavvAlgorithm=2&vads_threeds_status=Y&vads_threeds_sign_valid=1&vads_threeds_error_code=&vads_threeds_exit_status=10&vads_threeds_cavv=Q**************************=&signature=ZmBDDFR0c+iQhYmS5uFU7JRahFGpaq8ijd0tOa9WxtA=

I'm really lost here, but I was under the impression that, the simple fact that I pass the parameters (_g=rm&type=gateway&cmd=process&module=Ameo) in the get method called synchronously in return from the payment provider was enough for the process() method to be called.

Link to comment
Share on other sites

I still think the process() method is being called, but there may be problems with the querystring.

Also, your httpredir() should work. There are plenty of the same statement used elsewhere throughout the CubeCart code.

For vads_cust_name, there is a space that must be encoded as a plus sign. Check the statement that concatenates the first name and last name such that the final concatenated result is urlencoded.

For vads_ship_to_name, there is a space that must be encoded as a plus sign.

For vads_bank_label, same.

For vads_threeds_xid, vads_threeds_cavv, and signature, these are base64 encoded strings. Base64 encoded strings have disallowed characters (+/=) that must be dealt with. See the comments at:

https://www.php.net/manual/en/function.base64-encode.php

 

Link to comment
Share on other sites

Understood the issue. Afraid I can't fully fix it:

  • This is the query which comes back from the payment provider - I've retried encoding all spaces as plus, to start with, but I'm only computing some of the fields in the query my soft is building. For example I compute vads_cust_first_name and vads_cust_last_name but the payment provider then builds up a vads_cust_name which is a concatenation of these two... separated by a space...
  • Let alone fields they build entirely on their own, e.g. vads_bank_label
  • I will bring that to them and see if they can do something about it

Until I get an answer from them, I have tried an alternative: they offer to have the return query as GET (as I tried above) or POST. So I tried POST. This time:

Quote

vads_amount=2000&vads_auth_mode=FULL&vads_auth_number=3fe419&vads_auth_result=00&vads_capture_delay=0&vads_card_brand=CB&vads_card_number=497010XXXXXX0014&vads_payment_certificate=d34cdab2bf4d0676b8375e6d20589029f7e0107a&vads_ctx_mode=TEST&vads_currency=978&vads_effective_amount=2000&vads_effective_currency=978&vads_site_id=49302287&vads_trans_date=20220413070053&vads_trans_id=070053&vads_trans_uuid=c1525463c5154a2d9f2efe7420c4c888&vads_initial_issuer_transaction_identifier=4471859434237093&vads_validation_mode=0&vads_version=V2&vads_warranty_result=YES&vads_payment_src=EC&vads_order_id=220413-090053-9160&vads_cust_email=gxb.richard%40gmail.com&vads_cust_id=1&vads_cust_title=M&vads_cust_name=Guillaume%2B%2526%2BZira+Richard&vads_cust_first_name=Guillaume%2B%2526%2BZira&vads_cust_last_name=Richard&vads_cust_address=200%2BRue%2BDe%2BLa%2BLiberation&vads_cust_zip=69480&vads_cust_city=MORANCE&vads_cust_country=FR&vads_contrib=cubeCart-single%2Bv1.0.0%2B-%2Bphp%2Bv7.4.28&vads_cust_legal_name=Guillaume%2BSociete&vads_ship_to_name=Guillaume+Richard&vads_ship_to_street=200%2Brue%2Bde%2Bla%2BLiberation&vads_ship_to_city=Morance&vads_ship_to_zip=Guillaume&vads_ship_to_country=FR&vads_ship_to_delivery_company_name=Free%2BShipping&vads_ship_to_first_name=Guillaume&vads_ship_to_last_name=Richard&vads_ship_to_legal_name=Guillaume%2BSociete&vads_tid=001&vads_sequence_number=1&vads_acquirer_network=CB&vads_contract_used=8731447&vads_trans_status=AUTHORISED&vads_expiry_month=6&vads_expiry_year=2023&vads_bank_label=Banque+de+d%C3%A9mo+et+de+l%27innovation&vads_bank_product=F&vads_pays_ip=FR&vads_presentation_date=20220413070054&vads_effective_creation_date=20220413070054&vads_occurrence_type=UNITAIRE&vads_operation_type=DEBIT&vads_result=00&vads_extra_result=&vads_card_country=FR&vads_language=fr&vads_brand_management=%7B%22userChoice%22%3Afalse%2C%22brandList%22%3A%22CB%7CVISA%22%2C%22brand%22%3A%22CB%22%7D&vads_action_mode=INTERACTIVE&vads_payment_config=SINGLE&vads_page_action=PAYMENT&vads_ext_info_guest=NO&vads_threeds_enrolled=Y&vads_threeds_auth_type=CHALLENGE&vads_threeds_eci=05&vads_threeds_xid=TE9zS2FRZXpsQ1NlTzJNdGp0cDg%3D&vads_threeds_cavvAlgorithm=2&vads_threeds_status=Y&vads_threeds_sign_valid=1&vads_threeds_error_code=&vads_threeds_exit_status=10&vads_threeds_cavv=Q**************************%3D&signature=YPAxGmujdYP3CfF0Bvgjl%2Ff%2BRuwdrcuCj5xWU3nRWAo%3D

 

Link to comment
Share on other sites

About the GET mode (cf my message on 12 April):

  • the payment providers told me their request is ok - but I've still asked them to check
  • their logs aren't really clear - would there be any way in Cubecart I can find out whether the process() method was called?

I'm sure there is nothing wrong with the process() method as it's called if I set it up in the IPN.

Link to comment
Share on other sites

I think this is good. I hope there is more to the list than what is shown in the Request 'Form Data'.

If, in your function process(), there is code that logs data to $order->logTransaction(), that will show up in admin's Transaction Logs.

But, we can add some new code that will log messages in the admin's System Error Log.

In the gateway.class.php file, find:

public function process() {

Change to:

public function process() { trigger_error("Arrived at Gateway->process().", E_USER_WARNING);

 

Link to comment
Share on other sites

Thanks for the tip. One of the issues I came across is that, if I pass any ampersand (&) in the query, the signature calculation fails. I have tried twicky it with url encoding and this sort of things, it still fails. I think this one is a problem of Systempay, and led me to replace ampersand (&) by "%26". I am hoping that is not the source of the issue, but if it is, I think it's worth mentioning.

Now I've tried what you suggested and actually glanced the error logs:

  • When the response is GET (I can choose whether I want the payment provider to call me back with GET or POST - I just need either of those to work):
    • The PHP console shows this (similar to what I already posted, with spaces in the answer...) - note that I get the ampersands back image.thumb.png.dcc01f54554a4106e500e516edd9824f.png
    • My Cubecart error log is however showing that no callback method exists (and doesn't have the ampersands but as it looks for a callback method I it interpreted the "%26" as an ampersand)image.thumb.png.894a6772047c2fb977ac027a0cdf61c0.png

 

  • When the response is POST:
    • The PHP console looks clean - although in the Request Headers I have a "Sec-Fetch-Site: Cross-Site" and a warning that "Cookie “CC_CCDBEB6BDA” will be soon treated as cross-site cookie against “https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo” because the scheme does not match."image.png.f6625c41f1313856eb5a615ca4145c7a.png
    • Now Cubecart's error logs worries me in here, with the invalid security token, and _GET and _POST variables being undefined. Note sure exactly what _POST does, but _GET is used quite a lot and I don't think I can reach very far without it:
Today, 22:54 [<strong>Warning</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/classes/sanitize.class.php:155 - Invalid Security Token
https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo


 
Today, 22:54 [<strong>Notice</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/includes/functions.inc.php:208 - Undefined variable: _GET
https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo



 
 
   
Today, 22:54 [<strong>Notice</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/classes/debug.class.php:277 - Undefined variable: _POST
https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo

 

image.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...