Post by Qphoria » Tue Jun 23, 2015 10:50 pm

In OpenCart 2.0, there is a new API system that uses a "curl" call (curl is a server-side web call) from the admin area to the front end. This method of calling the same domain from the admin side to the catalog side results in a "loopback" connection. It seems a good number of people have an issue with OpenCart 2.0's new API system due to their servers disallowing curl loopbacks to the same domain.

We've tried many ways to work around this
- Subdomain - Trying to use a subdomain like "api.mysite.com" and change the curl url calls to use that subdomain, But that didn't work. The server still detected the loopback
- localhost/127.0.0.1 - Tried uses the localhost, but most shared servers don't allow this anyway and give a 404 error

So the only working method I've found was to have a completely separate secondary domain and have the curl call pass through that domain, and redirect back to your store, then have the response go back to that site and redirect back to your store. Effectively creating a hop and bypassing the loopback check.

I've attached the files here.

Requirements:
- vQmod installed on your opencart 2.0 store
- A secondary domain (not subdomain). Can even be on the same host, just a different url.

1. Extract the zip
2. Upload the contents of the "upload_contents_to_secondary_domain" to somewhere in your secondary domain.
3. Try to load that file in a browser. You should see something like

Code: Select all

"Curlbounce Script found at http://somesite.com/curlbounce.php"
4. Using that url, EDIT the "upload_contents_to_opencart_store/vqmod/xml/api_curl_bounce.xml" file and globally replace

Code: Select all

http://example.com/curlbounce.php
with the url you used to load that page on your secondary site. There should be 3 spots.
5. Now upload that vqmod/xml file to your store's vqmod/xml folder
6. Now try to add an order history in the Admin->Sales->Orders->View area on the "History" tab. If you get a success then it worked :)

If it fails, check the system/logs/api_curlbounce_debug.txt on your opencart site to see what the http_code value is returning. If it isn't 200 then it isn't working correctly. Also check the curlbounce.txt file on your secondary site to see what it is receiving. You may need to edit that file to uncomment the // from the "file_put_contents" lines in the code.

I do a lot of upgrades and this script has worked on the last 3 clients I upgraded so it should hopefully help others.

I believe Daniel has changed the way the API works in versions later than 2.0.3.1 so you likely won't need this script in the future, whenever that happens.

Attachments

API Curl bounce files


Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by rph » Tue Jun 23, 2015 11:17 pm

Out of curiosity, did you try the public facing IP for the website?

-Ryan


rph
Expert Member

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by pm-netti » Wed Jun 24, 2015 12:29 am

Qphoria wrote: So the only working method I've found was to have a completely separate secondary domain and have the curl call pass through that domain, and redirect back to your store, then have the response go back to that site and redirect back to your store.
Can Opencart in compensation this issue and to provide free disk space those who need it?
http://www.arvixe.com/opencart_hosting

User avatar
Active Member

Posts

Joined
Sat Apr 07, 2012 11:22 pm
Location - Kittilä, Finland

Post by Qphoria » Wed Jun 24, 2015 12:36 am

rph wrote:Out of curiosity, did you try the public facing IP for the website?
Funny you mention it.. I actually thought about that as I was typing this thread. It may be possible to have the "temp url" work but I had not tested this.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by i2Paq » Wed Jun 24, 2015 1:36 am

I'm not sure what the issue exactly is and what I would experience from it?

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by Qphoria » Wed Jun 24, 2015 2:55 am

i2Paq wrote:I'm not sure what the issue exactly is and what I would experience from it?
The symptom is that when you try to do one of the following:
- Add Order History from admin order view
- Edit Order from admin order edit

You would get some sort of error like Syntax error json or something and you'd be unable to actually complete the process so you can't update orders or edit orders. Under the surface, the curl call from the admin to the catalog side would receive an HTTP Code 0 implying an error and that the call could not be made from within itself.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by i2Paq » Wed Jun 24, 2015 10:27 pm

Qphoria wrote:
i2Paq wrote:I'm not sure what the issue exactly is and what I would experience from it?
The symptom is that when you try to do one of the following:
- Add Order History from admin order view
- Edit Order from admin order edit

You would get some sort of error like Syntax error json or something and you'd be unable to actually complete the process so you can't update orders or edit orders. Under the surface, the curl call from the admin to the catalog side would receive an HTTP Code 0 implying an error and that the call could not be made from within itself.
No issues here with one of those actions.

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by rpmb » Thu Jun 25, 2015 3:31 pm

Am I reading this correct?

A Curl loopback has been introduced something not allowed on what 95%+ of shared hosts and the only way around it is to use a secondary domain.

Great i2Paq for providing the workaround nice job.

I am sat here scratching my ass wondering why this was ever introduced though. Will make interesting install requirements

REQ - Host that will allow Curl loopback. Good luck. ::)

opencart 3.0.2.0


User avatar
New member

Posts

Joined
Wed Jun 30, 2010 9:13 pm
Location - Cornwall

Post by Daniel » Thu Jun 25, 2015 7:16 pm

it was introduced because all the hosts i have ever used allow curl loopbacks!!

you might have more than one application that needs to speak to another one using restful api calls.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by i2Paq » Thu Jun 25, 2015 9:48 pm

rpmb wrote: Great i2Paq for providing the workaround nice job.
It wasn't me ;)

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by Johnathan » Thu Jun 25, 2015 11:24 pm

i2Paq wrote:
rpmb wrote: Great i2Paq for providing the workaround nice job.
It wasn't me ;)
I don't know...I'm pretty sure Qphoria and i2Paq are really the same person. Or maybe two split personalities, within the same body? Maybe you don't even *know* that you're the same person.

You might be fooling others, but not me.

;)

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by Qphoria » Fri Jun 26, 2015 12:57 am

LOL if that is the case then my i2paq personality complains an awful lot. :laugh:

Wordpress also has some loopback stuff:
https://trustiko.com/enable-http-loopba ... wordpress/

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by ActionHank » Wed Jul 01, 2015 6:19 pm

Hello,

I've setup OC 2.0.2.0 and used this work around for the Error you get on Editing Orders in Admin back end.
But it didn't solve the issue. I have tried all other possibilities like described in:
http://forum.opencart.com/viewtopic.php?f=190&t=135248 and several from Github.

cURL is enabled, according to the curl.php i found in an thread here on the forums.
I tried making a new API user and setting it to api_id 1 in phpmyadmin while deleting the old 1.
It is also Enabled as well selected in Settings -> Edit -> Option -> Checkout / API User

I have uploaded VQmod into the root of the shop and tried to install the edited XML file, which i needed to rename to api_curl_bounce.vqmod.xml else it would say incorrect file. I changed the url to the host where the curlbounce.php is located.

But when I check the admin/controller/sale/order.php nothing is changed.

Here are some images:
Image
Image
Image

Newbie

Posts

Joined
Wed Jul 01, 2015 5:05 pm

Post by nick5000 » Fri Jul 03, 2015 6:15 pm

I'm using 2.0.3.1 and still have the issue. Will this workaround fix it?
Can the other domain be on the same cpanel account? if not, can it be on same server (and IP address) ?

And, can someone tell how to enable curl loopback for a domain? I have a VPS so can do it, but what are the downsides (security threats) of enabling it?

New member

Posts

Joined
Fri Apr 13, 2012 2:25 pm

Post by harryo69 » Sat Jul 04, 2015 6:51 pm

Hi,
Please ignore my last post as I found a work around in another post, that solves my problem with the loopback
SyntaxError: Unexpected end of input
on a shared sever.....
http://forum.opencart.com/viewtopic.php ... 40#p539225
Cheers
H

Newbie

Posts

Joined
Sat Jul 04, 2015 6:27 pm

Post by nick5000 » Sun Jul 05, 2015 12:14 am

Can somebody tell me.how to enable curl loopback calls in cpanel / WHM ?

New member

Posts

Joined
Fri Apr 13, 2012 2:25 pm

Post by Qphoria » Sun Jul 05, 2015 11:43 pm

nick5000 wrote:I'm using 2.0.3.1 and still have the issue. Will this workaround fix it?
Can the other domain be on the same cpanel account? if not, can it be on same server (and IP address) ?

Yes it can be the same server.
nick5000 wrote: And, can someone tell how to enable curl loopback for a domain? I have a VPS so can do it, but what are the downsides (security threats) of enabling it?
None.. it's only a way of saving a tiny amount of bandwidth preventing people from looping out and back to their site.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by Qphoria » Sun Jul 05, 2015 11:44 pm

nick5000 wrote:Can somebody tell me.how to enable curl loopback calls in cpanel / WHM ?
http://lmgtfy.com/?q=enable+http+loopback+connections

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by nick5000 » Mon Jul 06, 2015 12:55 am

Qphoria wrote:
nick5000 wrote:Can somebody tell me.how to enable curl loopback calls in cpanel / WHM ?
http://lmgtfy.com/?q=enable+http+loopback+connections
I didn't find any clear answer to this after googling for a while. Some pages suggest a apache setting file need to be created for each domain, some blame /etc/hosts, other that apache needs to be setup to listen to a dedicate port. Other posts from shared hosting says that they don't support that.

Anyway, i found that in my case the issue was not problem with loopback, the issue was caused by maxmind fraud.

New member

Posts

Joined
Fri Apr 13, 2012 2:25 pm

Post by pm-netti » Mon Jul 27, 2015 7:11 pm

Here is suggestion to Loopback problem:

Create new features, classes:
1. system/library/order
this do eg. same than file catalog/api/order and catalog/api/edit
2. system/library/account
this do same eg. catalog/api/customer
3. system/library/api
this do same eg. catalog/api/login
4. remove curl connect from admin to catalog

User avatar
Active Member

Posts

Joined
Sat Apr 07, 2012 11:22 pm
Location - Kittilä, Finland
Who is online

Users browsing this forum: No registered users and 2 guests