Hi,

I have 2 payment options: PayPal and SagePay

Today I mysteriously have a problem with unauthorised SagePay transactions on all 3 of my sites.
(This has happened today and may be connected to a server update but I'm not sure how)

Strangely, when an order is placed using SagePay / credit card it goes through ok but seems to return to a thanks page that has the PayPal logo + "Your PayPal order details have been received"
No store order email is sent but the SagePay one is. The order appears in admin but is unauthorised.

2 of the sites are on 6.7.3 and the other on 6.8.3

Thanks,

Steve

Hi Steve

Correct me if I'm wrong but Sagepay allow customers to pay via their Paypal account, don't they? That would be why you get the PayPal connection.

Andy

Please feel free to review / rate our software

They do Andy, but I ran a test transaction on all sites and specifically chose Debit Card as I was having unauthorised orders that were actually confirmed.

I've currently disabled SagePay while I try to sort this.

Steve

I don't have a test account here but is there a way to turn off the Paypal option via the Sagepay admin?

Andy

Please feel free to review / rate our software

I think that may be a bit of a red herring really.

I've just changed the payment provider to SagePay only done a test transaction using Visa Debit and it returned me to the a thanks page.
Interestingly the thanks page has no "Thank You for your order" even though that is set up in admin.

The order was unauthorised in admin.

Steve

Hi Steve, when you browse directly to the thanks.php without placing a order do you see the following message?

Sorry, there seemed to be an error !

If you need any help with your purchase, then please be sure to contact us.


Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

Hi Sinbad,

No, just a page with no wording at all.

Try here: bornpeaceful DOT com/thanks.php

Steve

None of my sites show the "Thank You For Your Order" text if you browse directly via thanks.php

But the text is setup in Receipt Headers...

Steve

Hi Steve, can you try recreating the thanks page.

1. Open search.php
2. Save it as thanks.php
3. In the new thanks page look for
<?php include "vsadmin/inc/incsearch.php" ?>
change that to
<?php include "vsadmin/inc/incthanks.php" ?>
4. save thanks.php again and upload to the server.

**You may want to change the page title from search to thank you.

Now when you browse to the thanks page without placing a order you should see the text.


Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

That hasn't worked unfortunately.

It's almost like incthanks.php is being blocked as the same thing is happening on 3 sites.
The only thing that's changed is that the server had an updated to EasyApache4 and apache 2.4 last night

Not sure if this helps but if I add debugmode in includes I get this for the thanks.php:

POST parameters
GET parameters

Steve

Hi Steve, can you take a look at the raw logs for today or yesterday do a search for thanks.php to see if there are any errors in the logs and let us know what they are.

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

I've checked the logs Sinbad and can't see errors for thanks.php

Just got the host to check too and they can't see anything unusual

Hi Steve, I've escalated this to the developer to follow up with you.

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

Thanks Sinbad,

Small update on this, it looks like there is a PayPal message on incthanks.php if only PayPal is available as a payment provider (although it’s not the “Sorry” message) but as soon as SagePay is included as an option there is no message. I suspect the problem can probably be sorted if we can establish why the thanks.php page isn’t working as it should on 3 separate sites on the same server.

Just to confirm, it was working fine until the apache updates mentioned previously which strongly points to a server issue. Having said that, I would really appreciate any assistance to point my hosting company in the right direction if the issue is that end.

Steve

Hi Steve

quote:

---

it looks like there is a PayPal message on incthanks.php if only PayPal is available as a payment provider

---

Yes, it may well be that if we can get to the bottom of this we can find out what is going wrong, so can you send the FTP login details to my email (vince AT ecommercetemplates DOT com) along with details of how to reproduce.
If in the meantime you could also do the following...
Add the parameter $debugmode=TRUE; to your includes.php file
Try a test transaction and on the thanks page you should see the POST and GET values, copy and paste those in the email to me
Then take the $debugmode parameter out again or you customers may see debug messages.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Just in case anyone else experiences the pain I have endured with my hosting company over the last week, here’s the solution to the problem:

Action: Upgrade to EasyApache4 and Apache v2.4

Result: Payment Provider suddenly returning transactions as Unauthorised

Cause: suhosin module installed as part of upgrade and this truncates/limits information returned from Payment Provider so you return to a blank thanks.php page (thanks to Vince who spotted this immediately}

Solution: I added this to my php.ini file:

suhosin.cookie.max_array_depth = 150
suhosin.cookie.max_array_index_length = 192
suhosin.cookie.max_name_length = 192
suhosin.cookie.max_totalname_length = 768
suhosin.cookie.max_value_length = 30000
suhosin.cookie.max_vars = 4000
suhosin.executor.max_depth = 2250
suhosin.get.max_array_depth = 150
suhosin.get.max_array_index_length = 192
suhosin.get.max_name_length = 192
suhosin.get.max_totalname_length = 768
suhosin.get.max_value_length = 1536
suhosin.get.max_vars = 4000
suhosin.post.max_array_depth = 150
suhosin.post.max_array_index_length = 192
suhosin.post.max_name_length = 192
suhosin.post.max_totalname_length = 768
suhosin.post.max_vars = 4000
suhosin.request.max_array_depth = 150
suhosin.request.max_array_index_length = 192
suhosin.request.max_totalname_length = 768
suhosin.request.max_varname_length = 192
suhosin.request.max_vars = 4000
suhosin.session.max_id_length = 384
suhosin.upload.max_newlines = 300
suhosin.upload.max_uploads = 75

One thing I have learned is the importance of a phpinfo() file which lists all the settings for your php setup (though don’t leave it on your server as it reveals a great deal of info).

I am now officially 10 years older and need a lie down.
Many many thanks to Vince, Andy and Sinbad for helping me sort a problem that was actually a hosting issue. ECT going beyond the call of duty as usual.

Steve

Hi Steve, glad you were able to sort it out and share the solution.

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates