Multiple transactions

  • Posts: 31
  • Thank you received: 0
3 years 5 months ago #324903

-- HikaShop version -- : 4.4
-- Joomla version -- : 3.9.22
-- PHP version -- : 7.2
-- Browser(s) name and version -- : Chrome
-- Error-message(debug-mod must be tuned on) -- : eWay transaction

We are having issues at the moment with multiple Hikashop websites were a transaction will go through multiple times (average twice, but there has been a few that have gone through three times) but no order will be made within Hikashop.

The payment gateway that is being used is eWay. We have reached out to eWay to ask on their end is there a prevention of multiple transactions within a certain amount of time, which they have replied the transaction is a minute to 2 minutes apart; ask your eCommerce solution.

So our question is, is there a check within the system to make sure if a transaction has been made it cannot do that transaction again and continue on or what should we look for within the plugin for eWay or code to see why the transaction is happening multiple times and not creating a hikashop order.

We see this as a bug, as transaction should only go through once and not multiple times; as it should check customer, flag a transaction has been made or is being made and not to make another.

Hopefully you are able to shed some light on this situation and help.

Trevor

Please Log in or Create an account to join the conversation.

  • Posts: 81504
  • Thank you received: 13063
  • MODERATOR
3 years 5 months ago #324912

Hi,

With the eWay integration payment plugin available by default in HikaShop 4.4.0 here is how the workflow is done:
- the customer enters his credit card information on your website checkout
- the customer clicks on the "finish" button of the checkout
- the "finish" button is disabled while the browser sends the checkout finish request to your server
- the payment plugin sends the order information to the payment gateway
- if the payment gateway accepts the payment, the plugin tells HikaShop that the order can be created
-> in that case, HikaShop creates the order, send the notification emails and display the thank you page to the customer
- if the payment gateway refuses the payment, the plugin tells HikaShop to not create the order
-> in that case, HikaShop doesn't create the order, flushes the credit card information from the user sesison and redirect the customer back to the checkout

So there is no way that what you're describing can happen as far as I know.

However, I checked your website and I can see that you're actually not using the 4.4.0 but the 4.2.2 and worst, you're actually using the legacy checkout from HikaShop 1.x and 2.x. So you're using a really old checkout.
Now I can see that the old checkout on your website still has the mechanism to disable the "finish" button once it's clicked on.
And I actually did some tests on your website and even if I try clicking on the button several times, I can see that only the first time sends a request to your server.
So I don't see why it would happen even with that old checkout. Are you able to reproduce the problem yourself ? If so, what do you do to reproduce the problem ?

I see two potential solutions you can try for now :

- You disable the "checkout legacy" setting of the HikaShop configuration in order to switch to the new checkout system. That way, you'll switch to the new checkout system and it might help avoid the problem. The issue with that is that you'll lose the customization you have on your checkout as they were made for the old checkout system. So it will require some work to adapt the new checkout if you want to keep the exact same look. However, that will allow you to easily update to the 4.4.0 since the legacy checkout is not available in the 4.4.0, but you'll have to switch to it at some point when you want to update your Joomla to Joomla 4 as only the 4.4.0 and up will be compatible with Joomla 4. Another advantage of using the new checkout system is that it works better for the customers and comes with more options to adapt it to your needs.

- You use another payment solution where you don't enter the credit card information during the checkout and the payment doesn't happen when you click on the "finish" button, but instead where you're redirected to the payment gateway after the order is created so that the credit card information can be entered there and only then the payment will happen. Most payment gateways actually work like that. It's a bit less nice for the customer, but it avoids the credit card information going through your website which is also a plus for PCI DSS compliance. (but maybe you don't care about it ?).

Please Log in or Create an account to join the conversation.

  • Posts: 31
  • Thank you received: 0
3 years 5 months ago #325083

Digging into the code and I see within the public_html/plugins/hikashoppayment/eway/eway.php
There is the function onBeforeOrderCreate
Which reading correctly, EWAY_TRANSACTION_OK means the transaction worked and has gone through.

Checking within eWay there is a different transaction number, reference number etc meaning that the function has run multiple times.

---

I see:

if(parent::onBeforeOrderCreate($order, $do) === true) return true;

Where does $do get set? So it comes back to return true.

Could we set a session to not go through the transaction again?
We have multiple eWay payments again, we have a custom plugin to personalise products and working through this, but in the meantime seeing if we can stop the multiple transactions.

Your help is greatly appreciated.

Please Log in or Create an account to join the conversation.

  • Posts: 81504
  • Thank you received: 13063
  • MODERATOR
3 years 5 months ago #325091

Hi,

$do is set to true by default.
This parameter allows for plugins to cancel the order creation when they deem it not possible.
You can see that this code calls the function of the same name in the parent class hikashopPaymentPlugin
If you check that function in the file administrator/components/com_hikashop/helpers/paymentplugin.php you'll see that it only changes $do to false if it can't load the parameters of the payment method selected in the order (since that would be problematic to process the payment).

Your problem is not there. When you arrive in onBeforeOrderCreate, it's already too late as the order creation process has already been initiated by HikaShop's core.
Your issue is with the fact that this creation process has been launched twice for the same cart (which indicates that the customer was able to validate the "finish" process of the checkout twice.
There is a window of time when it's possible to trigger a second order creation process between the beginning of the order creation process of the first order and its end, when the cart is cleared.
However, as I said in my previous message, this is normally blocked by the checkout as the finish button is disabled after you click once on it.

But yes, adding some kind of flag in the user session should help you out circumvent the problem while avoiding have to update and redo your customization.
What you can do is have both the onBeforeOrderCreate and onAfterOrderCreate functions and add a flag in the session in the first function and removing it in the second. And in the first function, you can check if that flag is already there before proceeding.
For example:

function onBeforeOrderCreate(&$order,&$do){
 if(!empty($_SESSION['order_is_being_created'])) {
  $do = false;
  return true;
 }
 $_SESSION['order_is_being_created'] = true;
}

function onAfterOrderCreate(&$order, &$send_email){
 unset($_SESSION['order_is_being_created']);
}

Please Log in or Create an account to join the conversation.

  • Posts: 31
  • Thank you received: 0
3 years 5 months ago #325139

Hi,

I will give this a try and see how we go.

Cheers.

Please Log in or Create an account to join the conversation.

Time to create page: 0.063 seconds
Powered by Kunena Forum