Q,
I just found a big problem.
Our website using paypal standard payment.
But recently I noticed that some customers bought the product,but the payment was sent to another paypal email.
I had ask some customer to send me the screenshot of paypal paying history.
It is NOT our paypal email,which means the email had been changed to another...
Would you please have a time and see.
we are using opencart version 1.5.1.1
If you need our admin user name and pass for more information,please pm me.
thank you very much for your help.
bingo
Last edited by i2Paq on Wed Mar 21, 2012 1:42 am, edited 1 time in total.
Reason: PM send to Q + title adjusted
Reason: PM send to Q + title adjusted
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
I had check the paypal standard setting.
It is correct.
here is one screenshot the customer sent to me,see attachment.
our paypal email is amazingyep@gmail.com
but the customer sent the payment to amzingyep@gmail.com
I don't know what is the problem.
It is correct.
here is one screenshot the customer sent to me,see attachment.
our paypal email is amazingyep@gmail.com
but the customer sent the payment to amzingyep@gmail.com
I don't know what is the problem.
Attachments
photo.jpg (57.59 KiB) Viewed 1863 times
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
the precious screenshot did not show the email.
see this one.
see this one.
Attachments
screenshot.JPG (70 KiB) Viewed 1860 times
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
Q,Any idea what is the problem?Qphoria wrote:So where was it changed? In the admin area under paypal standard?
Any help will be so much appreciated.
bingo
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
Looks like daniel removed the paypal validation I added to the 1.4.9.x version of the paypal standard extension. This should likely be added back.
For now do this:
1. EDIT: catalog/controller/payment/pp_standard.php
2. FIND:
3. REPLACE WITH:
For now do this:
1. EDIT: catalog/controller/payment/pp_standard.php
2. FIND:
Code: Select all
$order_status_id = $this->config->get('pp_standard_completed_status_id'); Code: Select all
if (strtolower($this->request->post['receiver_email']) == strtolower($this->config->get('pp_standard_email'))) {
$order_status_id = $this->config->get('pp_standard_completed_status_id');
} else {
$this->log->write("PP_STANDARD :: RECEIVER EMAIL MISMATCH! " . strtolower($this->request->post['receiver_email']));
} 
Q,Thank you.Qphoria wrote:Looks like daniel removed the paypal validation I added to the 1.4.9.x version of the paypal standard extension. This should likely be added back.
For now do this:
1. EDIT: catalog/controller/payment/pp_standard.php
2. FIND:3. REPLACE WITH:Code: Select all
$order_status_id = $this->config->get('pp_standard_completed_status_id');Code: Select all
if (strtolower($this->request->post['receiver_email']) == strtolower($this->config->get('pp_standard_email'))) { $order_status_id = $this->config->get('pp_standard_completed_status_id'); }
During the time,I track the ip information placing order and viewing website.
I found that this guy had managed to hacked the backend of our website.
I had changed admin folder to another name after install.
I just wondering if there is a bug we don't know that hacker can manage to login the backend?
bingo
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
Okay,Q,Qphoria wrote:There is no known way to hack the backend. But the fix above will prevent them from paying themselves while making the order look like it was paid on your account
thanks again.
If I find something,I will let you know.
bingo
One Page Checkout Professional - More flexible and powerful one page checkout solution.
One Page Checkout Standard - Best one page checkout solution,separate module,no core files replace.
Product Import Export - Bulk insert update download product excel format.
Order Manager - help you manage orders more effectively.
Who is online
Users browsing this forum: No registered users and 15 guests
