Hi List,
I noticed a few issues on the paypal payment module: 1. Currency - it seems no currency parameter is passed to the paypal form thus resulting in currency defaulting to USD. Thus in our shop, a £50 order gets billed 50USD in paypal. 2. Checks - it appears that the module only checks for a 'valid' response from paypal before approving the order. It does not check the amount paid and the currency it is paid in. Has anyone addressed these issues before? Cheers! Jason |
Jason,
That is strange, we have a couple of old systems using paypal and GBP, so the functionality must have somehow been removed. Are you sure you are setting all the properties properly? - Andrew On Wed, 2006-09-06 at 13:45 +0100, Jason Ling wrote: > Hi List, > > I noticed a few issues on the paypal payment module: > > 1. Currency - it seems no currency parameter is passed to the paypal form thus resulting in currency defaulting to USD. Thus in our shop, a £50 order gets billed 50USD in paypal. > > 2. Checks - it appears that the module only checks for a 'valid' response from paypal before approving the order. It does not check the amount paid and the currency it is paid in. > > Has anyone addressed these issues before? > > Cheers! > > > Jason Kind Regards Andrew Sykes <[hidden email]> Sykes Development Ltd http://www.sykesdevelopment.com |
In reply to this post by Jason Ling
Andrew,
This code snippet creates the url the user is redirected to. As you can see, it is missing the "currency_code" parameter. From line 146 of PaypalEvents.java: // create the redirect string Map parameters = new LinkedMap(); parameters.put("cmd", "_xclick"); parameters.put("business", payPalAccount); parameters.put("item_name", itemName); parameters.put("item_number", itemNumber); parameters.put("invoice", orderId); parameters.put("custom", userLogin.getString("userLoginId")); parameters.put("amount", orderTotal); parameters.put("return", returnUrl); parameters.put("cancel_return", cancelReturnUrl); parameters.put("notify_url", notifyUrl); parameters.put("image_url", imageUrl); parameters.put("no_note", "1"); // no notes allowed in paypal (not passed back) parameters.put("no_shipping", "1"); // no shipping address required (local shipping used) Also, I can't seem to find the code which checks the amount paid, and currency it is paid in, before approving the order. below is the code snippet where the order is approved (i think!) // get payment data String paymentCurrency = request.getParameter("mc_currency"); String paymentAmount = request.getParameter("mc_gross"); String paymentFee = request.getParameter("mc_fee"); String transactionId = request.getParameter("txn_id"); // get the transaction status String paymentStatus = request.getParameter("payment_status"); // attempt to start a transaction boolean okay = false; boolean beganTransaction = false; try { beganTransaction = TransactionUtil.begin(); if (paymentStatus.equals("Completed")) { okay = OrderChangeHelper.approveOrder(dispatcher, userLogin, orderId); } else if (paymentStatus.equals("Failed") || paymentStatus.equals("Denied")) { okay = OrderChangeHelper.cancelOrder(dispatcher, userLogin, orderId); } Jason -----Original Message----- From: Andrew Sykes [mailto:[hidden email]] Sent: 06 September 2006 14:58 To: [hidden email] Subject: Re: Paypal: Currency, checks on currency and amount paid Jason, That is strange, we have a couple of old systems using paypal and GBP, so the functionality must have somehow been removed. Are you sure you are setting all the properties properly? - Andrew On Wed, 2006-09-06 at 13:45 +0100, Jason Ling wrote: > Hi List, > > I noticed a few issues on the paypal payment module: > > 1. Currency - it seems no currency parameter is passed to the paypal form thus resulting in currency defaulting to USD. Thus in our shop, a £50 order gets billed 50USD in paypal. > > 2. Checks - it appears that the module only checks for a 'valid' response from paypal before approving the order. It does not check the amount paid and the currency it is paid in. > > Has anyone addressed these issues before? > > Cheers! > > > Jason Kind Regards Andrew Sykes <[hidden email]> Sykes Development Ltd http://www.sykesdevelopment.com ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ |
Free forum by Nabble | Edit this page |