Post by tallica22 » Wed Mar 23, 2016 8:44 pm

Hello got an email today informing me of paypal changes. Is open cart 1.5 with stock paypal express checkout right to go without any changes? and the 2 that require changes look server side issues, how do i fix them?


Change............................................... Change required?...............Deadline...............Complexity

1. TLS 1.2 and HTTP/1.1 Upgrade ..................Yes ............................17 June 2016 .........High

2. SSL Certificate Upgrade to SHA-256 .............Yes ............................17 June 2016 ......... High

3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low

4. IP Address Update for PayPal Secure FTP ..........No .............................14 April 2016.......... Medium
Servers

5. Merchant API Certificate Credential Upgrade ......No ...............Act between 31 January 2016
....................................................................................... and 1 January 2018 ............Medium

6. Discontinue Use of GET Method for Classic ........ No .......................30 September 2016 .........Low
NVP/SOAP APIs


thanks

Newbie

Posts

Joined
Wed Apr 09, 2014 7:45 pm

Post by Mealz » Fri Apr 22, 2016 5:34 pm

I'm interested in knowing this too...

New member

Posts

Joined
Fri Jul 26, 2013 4:58 pm

Post by viewcom » Tue Apr 26, 2016 1:52 am

Me too.... i'm also get this Paypal email.
Using the OC1.5.5.1

Newbie

Posts

Joined
Tue Aug 27, 2013 11:33 pm

Post by CaptainHaddock » Tue Jun 14, 2016 11:08 am

Me too. I don't understand if these changes are going to affect my store.

Opencart 1.5.5.1
VQMOD
Extensions installed:
Journal Theme
SEO Pack Pro
All Products From Subcategory in Parent Category
All Products From Subcategories in Parent Category Filters
Remove Return Links

Bug fixes applied:
Fix for Tag Filters not working (see OpenCart 1.5.5 Bug Thread)


New member

Posts

Joined
Tue Jul 02, 2013 7:01 am


Post by EvolveWebHosting » Tue Jun 14, 2016 11:38 am

Most of these changes require your host to comply. I would suggest sending it to them to begin with and you'll meet most, if not all requirements.

Image
https://www.evolvewebhost.com
$10.49 .com Registration and $9.99 .com Transfers in now
Guaranteed top level opencart performance and support. Risk free 30 day money back guarantee & free transfers.
Image


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Burt65 » Tue Jun 14, 2016 9:19 pm

tallica22 wrote:Hello got an email today informing me of paypal changes. Is open cart 1.5 with stock paypal express checkout right to go without any changes? and the 2 that require changes look server side issues, how do i fix them?


Change............................................... Change required?...............Deadline...............Complexity

1. TLS 1.2 and HTTP/1.1 Upgrade ..................Yes ............................17 June 2016 .........High

2. SSL Certificate Upgrade to SHA-256 .............Yes ............................17 June 2016 ......... High

3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low

4. IP Address Update for PayPal Secure FTP ..........No .............................14 April 2016.......... Medium
Servers

5. Merchant API Certificate Credential Upgrade ......No ...............Act between 31 January 2016
....................................................................................... and 1 January 2018 ............Medium

6. Discontinue Use of GET Method for Classic ........ No .......................30 September 2016 .........Low
NVP/SOAP APIs


thanks
1 and 2 only affect Opencart merchant that do take payments on their own server and therefore required TSL and SSL (when the customer leave their credit card details to you or you do take bank payments directly into your store). If you are using PayPal express or any other payments where the customer is redirected to the financial institution site, these changes do not affect you at all.

Over 95% of all computer problems can be traced back to the interface between the keyboard and the chair...


User avatar
Active Member

Posts

Joined
Mon Nov 18, 2013 3:23 pm
Location - Oz

Post by mrcraz » Thu Sep 08, 2016 7:58 pm

It's good that date change. :)

I have question.
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low

Is this method affect to paypal payment standard?

Also Paypal needs TLS 1.2 and HTTP 1.1 as default. --"

How are your guys plan?

Newbie

Posts

Joined
Fri Jul 22, 2011 5:57 pm

Post by Natashawilliams » Fri Sep 09, 2016 2:33 pm

Today I also got this mail happy to have me here I got the solution

Transactional SMS Gateway
Bulk SMS gateway
SMS Gateway API



Posts

Joined
Tue Mar 01, 2016 2:44 pm


Post by fido-x » Fri Sep 09, 2016 3:08 pm

mrcraz wrote:Is this method affect to paypal payment standard?
No. There is no impact if you are using PayPal Standard, as they handle all the payment processing on their end.

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by RideTheWave » Wed May 24, 2017 10:34 pm

This PayPal page says you can test if your site will be compatible with the new changes (which take effect June 30, 2017): https://www.paypal-knowledge.com/infoce ... id=FAQ1914 Specifically it says the following:

Code: Select all

PayPal has created a new endpoint - https://tlstest.paypal.com - to help you verify that your systems can support the latest security standards. This endpoint supports all of the security standards to which the PayPal endpoints are moving. 

•On success: A successful connection to https://tlstest.paypal.com will return an HTTP 200 response with the following text in the body: “PayPal_Connection_OK” 

•On failure: One of the following errors will occur depending on what your system does not support: 

◦HTTPS - tlstest.paypal.com will return an HTTP 400 response with the following text in the body: “ERROR! Connection is not HTTPS. Please use https://tlstest.paypal.com” 
◦HTTP/1.1 - tlstest.paypal.com will return an HTTP 400 response with the following text in the body:
“ERROR! Connection is using HTTP/1.0 protocol. Please use HTTP/1.1” 
◦TLS 1.2 (SHA-256) - An SSL connection error will be thrown by your code. 
I'm not 100% sure but this is how I think you set up the test on your OpenCart site (I'm using version 2.3.0.2 but there's probably a similar file in earlier versions). In catalog/controller/extension/payment/pp_pro.php look for the code:

Code: Select all

$curl = curl_init('https://api-3t.sandbox.paypal.com/nvp');
which should be around line 148. Change that to:

Code: Select all

$curl = curl_init('https://tlstest.paypal.com');
and then go through a test purchase on the front end and see if you get a success or failure. Like I said, I'm not 100% sure if that's how it's done but it sounds right. Can anyone confirm if this is the right procedure for testing? And if you've run a successful test, can you let us know? Because I'm certain I have the most updated SSL certificate and have TLS 1.2 and HTTP/1.1 but for some reason the test doesn't work - it doesn't give a success or failure message. After entering credit card details, the "Please Wait" message just disappears and nothing happens. With the original sandbox url, I do get a successful test purchase, but not with this new testing url. Has this happened to anyone else?

New member

Posts

Joined
Fri May 19, 2017 8:29 am

Post by RideTheWave » Thu May 25, 2017 12:40 am

There's actually another requirement for the PayPal Pro change in addition to the SSL certificate, the TLS 1.2 and HTTP/1.1. From the page: https://www.paypal-knowledge.com/infoce ... cale=en_US it says in a nutshell:
PayPal currently accepts both GET and POST HTTP methods on our classic NVP/SOAP APIs, used for Express Checkout, Website Payments Pro, MassPay and Button Manager. Starting on June 30, 2017, PayPal will only allow the use of the POST request method for these APIs ... Update your code to always use the POST HTTP request method when making classic NVP/SOAP API requests.
It's possible that's the reason why the test isn't working for me (because again I'm sure I have the right SSL certificate and TLS1.2 & HTTP/1.1). Can anyone tell if the catalog/controller/extension/payment/pp_pro.php file is using GET requests? I'm not an expert in coding but I do see the word "GET" as well as "POST" in the code. If that file is using "GET" requests, then it probably should be changed to "POST" by June 30, 2017. But I'm not sure if it's as easy as simply changing the word GET to POST. It's probably a little more involved than that. Any input from anyone on this?

New member

Posts

Joined
Fri May 19, 2017 8:29 am

Post by mkp007 » Tue Jun 05, 2018 12:27 am

RideTheWave wrote:
Thu May 25, 2017 12:40 am
..... Can anyone tell if the catalog/controller/extension/payment/pp_pro.php file is using GET requests? I'm not an expert in coding but I do see the word "GET" as well as "POST" in the code. If that file is using "GET" requests, then it probably should be changed to "POST" by June 30, 2017. But I'm not sure if it's as easy as simply changing the word GET to POST. It's probably a little more involved than that. Any input from anyone on this?
Did you figure this one out? I too will need clarification on GET vs POST. All of my credit card payments go through "PayPal Payments Pro Payflow Edition" and PayPal payments through "PayPal Website Payment Pro".

File location on my server is ../catalog/controller/payment/pp_pro.php
It would appear that it is using the GET NVP method.

Code: Select all

		if (!$this->config->get('pp_pro_test')) {
			$curl = curl_init('https://api-3t.paypal.com/nvp');
		} else {
			$curl = curl_init('https://api-3t.sandbox.paypal.com/nvp');
		}
https://www.paypal-notice.com/en/Discon ... ssic-APIs/
PayPal currently accepts both GET and POST HTTP methods on our classic NVP/SOAP APIs, used for Express Checkout, Website Payments Pro, MassPay, and Button Manager. Going forward, PayPal will allow the use of the POST request method only for these APIs. This change will not impact the behaviors of our other API products, such as REST and Adaptive APIs.

Vorticy, Inc.
Opencart 1.5.6.4, MySQL 5.1.73-5, PHP 5.3.3-46, Plesk v12.0.18, OS CentOS 6


New member

Posts

Joined
Fri May 10, 2013 12:56 am
Who is online

Users browsing this forum: No registered users and 61 guests