Guillaume Posted April 12, 2022 Share Posted April 12, 2022 Hi, I have a shop which URL is gu.temperature-alerte.com and have developped a payment gateway called Ameo. I've set: the IPN URL (for asynchronous calls) to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=call&module=Ameo - that works brilliantly and I can see the call function is called the return URL (for synchronous calls) to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo - that does not work and immediately redirects me to gu.temperature-alerte.com/index.php without calling the process function (see the PHP console from Firefox in the picture enclosed below) only for testing purposes, I had tried to set up the IPN URL to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo (I appreciate it's not what I'm supposed to do - I just wanted to see if anything was wrong in the URL or in my function) - and the process function was called Does anyone see anything obvious which I would be doing wrong here? Thanks in advance! Guillaume Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 12, 2022 Share Posted April 12, 2022 I see that the first GET is taking a whole second (which is a long time actually) before telling the browser to go back to index.php. That suggests some work is getting done. The process() method usually sends the browser to index.php?_a=complete: ## Redirect to _a=complete, and drop out unneeded variables httpredir(currentPage(array('_g', 'type', 'cmd', 'module'), array('_a' => 'complete'))); If your process() method logs anything to the Transactions database, see if there is anything for that order_id (I don't see enough of the query string to determine if the order_id was passed in). Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 12, 2022 Author Share Posted April 12, 2022 I actually already had the following in my process() method: Quote ## Redirect to _a=complete, and drop out unneeded variables httpredir('index.php?_a=complete'); But it sticked to redirect to index.php solely. I tried changing it to what you suggested, but it keeps redirecting to index.php. The order id is passed below in the get, but there is nothing logged as a transaction, precisely because I've got instructions in the process() method to log it (which is how I found out that the process() method is not called - while it is called when I ask the payment provider to send asynchronous call to gu.temperature-alerte.com/index.php?_g=rm&typegateway&cmd=process&module=Ameo Quote http://gu.temperature-alerte.com/index.php?_g=rm&type=gateway&cmd=process&module=Ameo&vads_amount=1000&vads_auth_mode=FULL&vads_auth_number=3fe964&vads_auth_result=00&vads_capture_delay=0&vads_card_brand=CB&vads_card_number=497010XXXXXX0014&vads_payment_certificate=bee33a1475af1dd9703ff5f087411ea588eeb9b7&vads_ctx_mode=TEST&vads_currency=978&vads_effective_amount=1000&vads_effective_currency=978&vads_site_id=49302287&vads_trans_date=20220412211351&vads_trans_id=211351&vads_trans_uuid=a271348f32f54448bbc22d03f71e80f4&vads_initial_issuer_transaction_identifier=3118226881613694&vads_validation_mode=0&vads_version=V2&vads_warranty_result=YES&vads_payment_src=EC&vads_order_id=220412-231351-5616&vads_cust_email=[email protected]&vads_cust_id=1&vads_cust_title=M&vads_cust_name=Guillaume+%26+Zira Richard&vads_cust_first_name=Guillaume+%26+Zira&vads_cust_last_name=Richard&vads_cust_address=10+Rue+De+La+Liberation&vads_cust_zip=69380&vads_cust_city=POMMIERS&vads_cust_country=FR&vads_contrib=cubeCart-single+v1.0.0+-+php+v7.4.28&vads_cust_legal_name=Guillaume+Societe&vads_ship_to_name=Guillaume Richard&vads_ship_to_street=10+rue+de+la+Liberation&vads_ship_to_city=Pommiers&vads_ship_to_zip=Guillaume&vads_ship_to_country=FR&vads_ship_to_delivery_company_name=Free+Shipping&vads_ship_to_first_name=Guillaume&vads_ship_to_last_name=Richard&vads_ship_to_legal_name=Guillaume+Societe&vads_tid=001&vads_sequence_number=1&vads_acquirer_network=CB&vads_contract_used=8731447&vads_trans_status=AUTHORISED&vads_expiry_month=6&vads_expiry_year=2023&vads_bank_label=Banque de démo et de l'innovation&vads_bank_product=F&vads_pays_ip=FR&vads_presentation_date=20220412211352&vads_effective_creation_date=20220412211352&vads_occurrence_type=UNITAIRE&vads_operation_type=DEBIT&vads_result=00&vads_extra_result=&vads_card_country=FR&vads_language=fr&vads_brand_management={"userChoice":false,"brandList":"CB|VISA","brand":"CB"}&vads_action_mode=INTERACTIVE&vads_payment_config=SINGLE&vads_page_action=PAYMENT&vads_ext_info_guest=NO&vads_threeds_enrolled=Y&vads_threeds_auth_type=CHALLENGE&vads_threeds_eci=05&vads_threeds_xid=MEc1aFUxaW93d2VzbHJySlU4TTA=&vads_threeds_cavvAlgorithm=2&vads_threeds_status=Y&vads_threeds_sign_valid=1&vads_threeds_error_code=&vads_threeds_exit_status=10&vads_threeds_cavv=Q**************************=&signature=ZmBDDFR0c+iQhYmS5uFU7JRahFGpaq8ijd0tOa9WxtA= I'm really lost here, but I was under the impression that, the simple fact that I pass the parameters (_g=rm&type=gateway&cmd=process&module=Ameo) in the get method called synchronously in return from the payment provider was enough for the process() method to be called. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 12, 2022 Share Posted April 12, 2022 I still think the process() method is being called, but there may be problems with the querystring. Also, your httpredir() should work. There are plenty of the same statement used elsewhere throughout the CubeCart code. For vads_cust_name, there is a space that must be encoded as a plus sign. Check the statement that concatenates the first name and last name such that the final concatenated result is urlencoded. For vads_ship_to_name, there is a space that must be encoded as a plus sign. For vads_bank_label, same. For vads_threeds_xid, vads_threeds_cavv, and signature, these are base64 encoded strings. Base64 encoded strings have disallowed characters (+/=) that must be dealt with. See the comments at: https://www.php.net/manual/en/function.base64-encode.php Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 13, 2022 Author Share Posted April 13, 2022 Understood the issue. Afraid I can't fully fix it: This is the query which comes back from the payment provider - I've retried encoding all spaces as plus, to start with, but I'm only computing some of the fields in the query my soft is building. For example I compute vads_cust_first_name and vads_cust_last_name but the payment provider then builds up a vads_cust_name which is a concatenation of these two... separated by a space... Let alone fields they build entirely on their own, e.g. vads_bank_label I will bring that to them and see if they can do something about it Until I get an answer from them, I have tried an alternative: they offer to have the return query as GET (as I tried above) or POST. So I tried POST. This time: I actually land to http://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo (ampersands being replaced by %26) Console logs show: I don't have any space in the request (see below), but there might be other problems, e.g. I still get no log from the process() method and I get a cross-site forgery alert when landing back on the shop Quote vads_amount=2000&vads_auth_mode=FULL&vads_auth_number=3fe419&vads_auth_result=00&vads_capture_delay=0&vads_card_brand=CB&vads_card_number=497010XXXXXX0014&vads_payment_certificate=d34cdab2bf4d0676b8375e6d20589029f7e0107a&vads_ctx_mode=TEST&vads_currency=978&vads_effective_amount=2000&vads_effective_currency=978&vads_site_id=49302287&vads_trans_date=20220413070053&vads_trans_id=070053&vads_trans_uuid=c1525463c5154a2d9f2efe7420c4c888&vads_initial_issuer_transaction_identifier=4471859434237093&vads_validation_mode=0&vads_version=V2&vads_warranty_result=YES&vads_payment_src=EC&vads_order_id=220413-090053-9160&vads_cust_email=gxb.richard%40gmail.com&vads_cust_id=1&vads_cust_title=M&vads_cust_name=Guillaume%2B%2526%2BZira+Richard&vads_cust_first_name=Guillaume%2B%2526%2BZira&vads_cust_last_name=Richard&vads_cust_address=200%2BRue%2BDe%2BLa%2BLiberation&vads_cust_zip=69480&vads_cust_city=MORANCE&vads_cust_country=FR&vads_contrib=cubeCart-single%2Bv1.0.0%2B-%2Bphp%2Bv7.4.28&vads_cust_legal_name=Guillaume%2BSociete&vads_ship_to_name=Guillaume+Richard&vads_ship_to_street=200%2Brue%2Bde%2Bla%2BLiberation&vads_ship_to_city=Morance&vads_ship_to_zip=Guillaume&vads_ship_to_country=FR&vads_ship_to_delivery_company_name=Free%2BShipping&vads_ship_to_first_name=Guillaume&vads_ship_to_last_name=Richard&vads_ship_to_legal_name=Guillaume%2BSociete&vads_tid=001&vads_sequence_number=1&vads_acquirer_network=CB&vads_contract_used=8731447&vads_trans_status=AUTHORISED&vads_expiry_month=6&vads_expiry_year=2023&vads_bank_label=Banque+de+d%C3%A9mo+et+de+l%27innovation&vads_bank_product=F&vads_pays_ip=FR&vads_presentation_date=20220413070054&vads_effective_creation_date=20220413070054&vads_occurrence_type=UNITAIRE&vads_operation_type=DEBIT&vads_result=00&vads_extra_result=&vads_card_country=FR&vads_language=fr&vads_brand_management=%7B%22userChoice%22%3Afalse%2C%22brandList%22%3A%22CB%7CVISA%22%2C%22brand%22%3A%22CB%22%7D&vads_action_mode=INTERACTIVE&vads_payment_config=SINGLE&vads_page_action=PAYMENT&vads_ext_info_guest=NO&vads_threeds_enrolled=Y&vads_threeds_auth_type=CHALLENGE&vads_threeds_eci=05&vads_threeds_xid=TE9zS2FRZXpsQ1NlTzJNdGp0cDg%3D&vads_threeds_cavvAlgorithm=2&vads_threeds_status=Y&vads_threeds_sign_valid=1&vads_threeds_error_code=&vads_threeds_exit_status=10&vads_threeds_cavv=Q**************************%3D&signature=YPAxGmujdYP3CfF0Bvgjl%2Ff%2BRuwdrcuCj5xWU3nRWAo%3D Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 13, 2022 Share Posted April 13, 2022 POST is easier to deal with, including having spaces in the values. But, somehow, the above doesn't look like a POST payload. Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 17, 2022 Author Share Posted April 17, 2022 Not sure what doesn't look like a POST payload in it. Isn't Cubecart soft supposed to call the process() method when receiving this? Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 17, 2022 Author Share Posted April 17, 2022 About the GET mode (cf my message on 12 April): the payment providers told me their request is ok - but I've still asked them to check their logs aren't really clear - would there be any way in Cubecart I can find out whether the process() method was called? I'm sure there is nothing wrong with the process() method as it's called if I set it up in the IPN. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 17, 2022 Share Posted April 17, 2022 I think this is good. I hope there is more to the list than what is shown in the Request 'Form Data'. If, in your function process(), there is code that logs data to $order->logTransaction(), that will show up in admin's Transaction Logs. But, we can add some new code that will log messages in the admin's System Error Log. In the gateway.class.php file, find: public function process() { Change to: public function process() { trigger_error("Arrived at Gateway->process().", E_USER_WARNING); Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 17, 2022 Author Share Posted April 17, 2022 Thanks for the tip. One of the issues I came across is that, if I pass any ampersand (&) in the query, the signature calculation fails. I have tried twicky it with url encoding and this sort of things, it still fails. I think this one is a problem of Systempay, and led me to replace ampersand (&) by "%26". I am hoping that is not the source of the issue, but if it is, I think it's worth mentioning. Now I've tried what you suggested and actually glanced the error logs: When the response is GET (I can choose whether I want the payment provider to call me back with GET or POST - I just need either of those to work): The PHP console shows this (similar to what I already posted, with spaces in the answer...) - note that I get the ampersands back My Cubecart error log is however showing that no callback method exists (and doesn't have the ampersands but as it looks for a callback method I it interpreted the "%26" as an ampersand) When the response is POST: The PHP console looks clean - although in the Request Headers I have a "Sec-Fetch-Site: Cross-Site" and a warning that "Cookie “CC_CCDBEB6BDA” will be soon treated as cross-site cookie against “https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo” because the scheme does not match." Now Cubecart's error logs worries me in here, with the invalid security token, and _GET and _POST variables being undefined. Note sure exactly what _POST does, but _GET is used quite a lot and I don't think I can reach very far without it: Today, 22:54 [<strong>Warning</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/classes/sanitize.class.php:155 - Invalid Security Token https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo Today, 22:54 [<strong>Notice</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/includes/functions.inc.php:208 - Undefined variable: _GET https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo Today, 22:54 [<strong>Notice</strong>] /home/clients/e6a04653bac4bcb415e27acd100e47e3/sites/gu.temperature-alerte.com/classes/debug.class.php:277 - Undefined variable: _POST https://gu.temperature-alerte.com/index.php?_g=rm%26type=gateway%26cmd=process%26module=Ameo Quote Link to comment Share on other sites More sharing options...
Guillaume Posted April 18, 2022 Author Share Posted April 18, 2022 I forgot to mention - in both cases, no trace of the log that the process() method is called Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.