However, as davgothic pointed out, this decreases security, as now the auto-verification response is moot.
So a much simpler solution is to simply add an "else" and have it default to "Pending" state when the order comes back unverified.
Orders that come back as verified will goto the final state (typically processing or complete).
Orders that come back unverified will goto the store default state (typically pending)
Solution for lost orders:
(v1.3.2)
1. EDIT: catalog/controller/payment/pp_standard.php
2. FIND (2 places):
Code: Select all
if (strcmp($response, 'VERIFIED') == 0) {
$this->model_checkout_order->confirm($order_id, $this->config->get('pp_standard_order_status_id'));
}
Code: Select all
if (strcmp($response, 'VERIFIED') == 0) {
$this->model_checkout_order->confirm($order_id, $this->config->get('pp_standard_order_status_id'));
} else {
$this->model_checkout_order->confirm($order_id, $this->config->get('config_order_status_id'));
mail($this->config->get('config_email'), 'ATTN: Unverified Paypal Order', "Order ID: $order_id needs manual review");
}
(v1.3.4)
1. EDIT: catalog/controller/payment/pp_standard.php
2. FIND (2 places):
Code: Select all
if (strcmp($response, 'VERIFIED') == 0 || $this->request->post['payment_status'] == 'Completed')) {
$this->model_checkout_order->confirm($order_id, $this->config->get('pp_standard_order_status_id'));
}
Code: Select all
if (strcmp($response, 'VERIFIED') == 0) {
$this->model_checkout_order->confirm($order_id, $this->config->get('pp_standard_order_status_id'));
} else {
$this->model_checkout_order->confirm($order_id, $this->config->get('config_order_status_id'));
mail($this->config->get('config_email'), 'ATTN: Unverified Paypal Order', "Order ID: $order_id needs manual review");
}
Now unverified orders will go into a pending state instead of being lost. You should also receive an ALERT email about the unverified order so that you can verify it manually by checking your paypal account for the actual transaction.
But I think the problem with the auto-verification still needs to be addressed. Perhaps there is some encoding/decoding used that isn't expected