PHP programmer
Discussion
Basically on a sale less than £1000 it works fine. On a sale over £1000 it passes the wrong amounts, the 3Ds logs show this for the test I did on a £1000 :-
<Amount>100</Amount
><CurrencyCode>826</CurrencyCode>
<ShippingAmount>1049</ShippingAmount>
<TaxAmount>-3751</TaxAmount>
They strip off decimal places so I can see the shipping was correct at £10.49 but the total has become £1 & the tax amount has become -£37.51! The code is as follows :-
$subtotal = $row[0];
$delivery = $row[1];
$discount = $row[2];
$vatrate = $row[3];
$totalex = str_replace(",","",$subtotal) + str_replace(",","",$delivery);
$vatamount = ($totalex - $discount) * ($vatrate/100);
$vatamount = number_format($vatamount, 2, '.', ',');
$total = $row[4];
$centinel_total = $total * 100;
$centinel_delivery = $delivery * 100;
$centinel_vatamount = $vatamount * 100;
This then becomes this to send off to them for processing:-
$centinelClient->add('Amount', $centinel_total);
$centinelClient->add('CurrencyCode', '826');
$centinelClient->add('ShippingAmount', $centinel_delivery);
$centinelClient->add('TaxAmount', $centinel_vatamount);
Does that help at all??
<Amount>100</Amount
><CurrencyCode>826</CurrencyCode>
<ShippingAmount>1049</ShippingAmount>
<TaxAmount>-3751</TaxAmount>
They strip off decimal places so I can see the shipping was correct at £10.49 but the total has become £1 & the tax amount has become -£37.51! The code is as follows :-
$subtotal = $row[0];
$delivery = $row[1];
$discount = $row[2];
$vatrate = $row[3];
$totalex = str_replace(",","",$subtotal) + str_replace(",","",$delivery);
$vatamount = ($totalex - $discount) * ($vatrate/100);
$vatamount = number_format($vatamount, 2, '.', ',');
$total = $row[4];
$centinel_total = $total * 100;
$centinel_delivery = $delivery * 100;
$centinel_vatamount = $vatamount * 100;
This then becomes this to send off to them for processing:-
$centinelClient->add('Amount', $centinel_total);
$centinelClient->add('CurrencyCode', '826');
$centinelClient->add('ShippingAmount', $centinel_delivery);
$centinelClient->add('TaxAmount', $centinel_vatamount);
Does that help at all??
The code was actually written by a PH'er who never finished the job! I'm no programmer, as you have gathered, in fact I know nothing about this at all so I'm just trying to bungle my way around it to fix this issue. Of course I could just switch off the 3DS but it would be nice to fix the issue. Thanks for the help so far everyone 
Well I guess that's my luck summed up!! If anyone can help fix it I can email over the file I ***think*** is the cause. I've got something to try now and will give it a go. The amounts that are passed for 3D secure processing require the decimal points removing btw hence the code I guess? All I can add is the VAT amount on the actual webpage was not displaying correctly, I found this line :-
$totalex = $subtotal + $delivery;
& replaced it with this :-
$totalex = str_replace(",","",$subtotal) + str_replace(",","",$delivery);
& that worked. Whether hat helps diagnose this issue or has anything to do with it I haven't got a clue!!
$totalex = $subtotal + $delivery;
& replaced it with this :-
$totalex = str_replace(",","",$subtotal) + str_replace(",","",$delivery);
& that worked. Whether hat helps diagnose this issue or has anything to do with it I haven't got a clue!!
cwis said:
rxtx said:
That is dreadful code, treating numbers as strings to manipulate them is a recipe for disaster, as you're seeing. The only time any commas should come into it is at the presentation layer, the rest of the time they should be nothing but numbers.
Looking at that code, that could well be the least of your worries.
Strongly agree! PHP does something called type juggling:Looking at that code, that could well be the least of your worries.
http://php.net/manual/en/language.types.type-juggl...
Which will attempt to convert variables between types (a string to a number, for example) but it looks like the root of the issue is numbers being stored as strings (with commas!) in a database somewhere. PHP can't help withj that so someone's bodged.
Scary!
Well that's all well & good but finding a developer that will sit down, look at it & make the changes required seems the hard bit here. At the end of the day I paid a PH'er to make a cart system which they did do, it all works fine but for some reason the 3Ds part started passing the incorrect amounts. I know for a fact it did all work 100% so maybe it was a PHP upgrade or apache upgrade that broke it. Finding the person that wrote this isn't really the issue, they are active on here but I'm not here for that. The cart passes PCI scanning & works fine. If you know someone who would look at it & go through point by point what should change & why then fire away.
Well that's a shame. I paid someone to do I job and as far as I was aware they'd done it (apart from the parts that were never finished which I've since done with help & by working through it myself). This is the trouble with this stuff, you get someone to do it then someone else looks at it & tells you it's utter s
t & start again! It's not always viable to do that. It's easy to say from a coders POV but when that means the business basically starting from scratch it's not always possible. I look at big sites like Royal Mail & they have bugs that have not been fixed for months so this kind of thing affects big & small. I'll not mention the bugs Pay Pal have that have been awaiting a fix for 4 months now too! (which they know about but seem unable to fix!)
t & start again! It's not always viable to do that. It's easy to say from a coders POV but when that means the business basically starting from scratch it's not always possible. I look at big sites like Royal Mail & they have bugs that have not been fixed for months so this kind of thing affects big & small. I'll not mention the bugs Pay Pal have that have been awaiting a fix for 4 months now too! (which they know about but seem unable to fix!)Durzel said:
How much code is there on the website? Was the entire thing written from scratch? I don't mind taking a look but can't easily look at it until later, maybe even tomorrow.
Yep, AFAIK it was written 100% from scratch using code examples from the 3DS processor & Pay Pal. Back then we also had Google Checkout as a gateway but that has been disabled for years as they closed it down. I honestly think the person who wrote it knew what they were doing (despite some of the strong comments on this post!!), I'm certainly not here to start chucking their name around as I feel even though they didn't finish the project (& hence I never finished paying the entire fee!) that would be pretty unfair.Edited by Dave_ST220 on Monday 8th February 19:00
droopsnoot said:
This bit here
is formatting the VAT amount to two decimal places and adding comma-separators for thousands, so it might be easier to find other bits of code that format the other numbers in similar ways and remove them, than go through stripping out commas. Unless you've got it all working, in which case stick with it. The fact that the start of your code references $row[0], $row[1] and so on suggest that these are being retrieved from the database which would mean that they are being stored in a formatted way, which doesn't sound good.
Have a look at the functions used to access the database as well - if they look like this, then you may have another issue any time soon: mysql_query("some text") or mysql_close(). Functions that use the old-style calls (as opposed to mysqli or PDO) won't work when your host upgrades to PHP7.
It is woking now. Re: your point about php 7, what's the fix there?! Is it just a case of replacing old commands with new or is it a big issue?! $vatamount = number_format($vatamount, 2, '.', ',');
is formatting the VAT amount to two decimal places and adding comma-separators for thousands, so it might be easier to find other bits of code that format the other numbers in similar ways and remove them, than go through stripping out commas. Unless you've got it all working, in which case stick with it. The fact that the start of your code references $row[0], $row[1] and so on suggest that these are being retrieved from the database which would mean that they are being stored in a formatted way, which doesn't sound good.
Have a look at the functions used to access the database as well - if they look like this, then you may have another issue any time soon: mysql_query("some text") or mysql_close(). Functions that use the old-style calls (as opposed to mysqli or PDO) won't work when your host upgrades to PHP7.
woowahwoo said:
Although, I am not averse to the DIY approach, it seems you are 'hacking' at crucial aspects of a system that is important to you without the basis of fundamental knowledge to go with it. Be careful!!!
Thanks. I back up anything I change & test it. At the moment I don't have much choice. The support staff from the processor are zero help. I guess this is the pitfall of having something custom written rather than an off the shelf package. Live & learn. I'm not buying that other people's money shouldn't be touching this code though. At the end if the day it passes PCI scanning and takes the payment securely. We aren't just billing people random amounts!! Pay Pal is riddled with bugs, how many payments are they dealing with?! Ironically the developer who did this work actually highlighted bugs in their new system which after months they admitted to! He wasn't all bad!!!woowahwoo said:
Disagree. As I said, the OP could, quite easily, have tested the basket/cart at various order values and quantities, spamming the inputs with garbage etc... No selenium or code review needed, not for functional aspects, and then the primary issue would have been revealed. You can argue about the robustness of the coding (there and back again, a decimal's tale) later but at least checkout would be passing valid data onwards.
I did. It used to all work.droopsnoot said:
Have a look at the functions used to access the database as well - if they look like this, then you may have another issue any time soon: mysql_query("some text") or mysql_close(). Functions that use the old-style calls (as opposed to mysqli or PDO) won't work when your host upgrades to PHP7.
I can see a config.php file that is full of references like this :-$result = mysql_query($sql);
So I guess that's me f
ked 
Smart. The developer wrote the lot, from scratch. I gave a detailed spec of what was needed & off we went. It was tested in the sandbox for the 3DS & processor & tested again when live. I have no idea why it stopped working other than an Apache upgrade or PHP upgrade. Starting again would obviously be the best bet but this system does everything, invoicing, payments, products etc etc. It would take weeks if not months to setup all again. It took them months to write it all in the first place!
As I've said I'm not here for finger pointing, I could quite easily name the person who wrote it but that isn't going to achieve anything. They left me in the st with bits not working which over the years I've fixed. The code IS a mess, unused parts & scripts exist so it's hard to work out what is going on. As I've said I'd pay someone to go through it all and clean it up but no one wants to do that. Sooner or later I'll have to bite the bullet and get an off the shelf package & re-write the whole site.
Anyway, another band aid that was applied got it working as it should, it takes payments and passing PCI scans so at the moment I have some more time.
One pitfall to bespoke, if the person that did it "disappears" you are left with a big fking mess & headache, never again!
ETA, this was all written in 2008/2009 by memory so it's worked fine for quite a while!
As I've said I'm not here for finger pointing, I could quite easily name the person who wrote it but that isn't going to achieve anything. They left me in the s
t with bits not working which over the years I've fixed. The code IS a mess, unused parts & scripts exist so it's hard to work out what is going on. As I've said I'd pay someone to go through it all and clean it up but no one wants to do that. Sooner or later I'll have to bite the bullet and get an off the shelf package & re-write the whole site.Anyway, another band aid that was applied got it working as it should, it takes payments and passing PCI scans so at the moment I have some more time.
One pitfall to bespoke, if the person that did it "disappears" you are left with a big f
king mess & headache, never again!ETA, this was all written in 2008/2009 by memory so it's worked fine for quite a while!
Edited by Dave_ST220 on Tuesday 9th February 08:38
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff