|
Michael Bernhard
|
July 30, 2013 at 10:49 pm
Hello, whenever I try adding events to my cart right now, I’m getting a strange subtotal amount on the bottom (like $1000014). site is shorewoodttc.org. Here is the screenshot http://imgur.com/0cZYxZH. I am using MER and did not have this problem before tonight. The only thing I remember changing was adding one line of code on the paypal.php which my hosting provider explained was necessary for IPN to work “curl_setopt ($ch, CURLOPT_CAINFO, ‘D:PHPca-bundle.crt’);” But this should be totally unrelated to the shopping cart.
|
|
Dean
|
July 31, 2013 at 5:00 am
Hi Michael,
This is due to a security issue that we implemented a while ago (we are currently working on changing how it functions) but basically if some one tried to manipulate the price this would occur.
It can also occur if the system isnt getting the right data and I think thats what is occurring here. If you were to go directly to the view cart page you will see two events in the cart, even though you have not added them there.
Have you done anything to the events or events templates in relation to adding events to cart?
Can you also advise your Event Espresso core and active add on plugins version please.
|
|
Michael Bernhard
|
July 31, 2013 at 8:22 pm
MER Version 1.0.4
Just upgraded to Core Version 3.1.34.P tonight and the problem seems to have resolved itself. I am going to open another forum post about the SSL cert though.
|
|
Dean
|
July 31, 2013 at 11:51 pm
All right, glad thats sorted then!
|
|
Michael Bernhard
|
August 4, 2013 at 2:12 pm
I’m seeing this problem continue. I wonder if it’s related to all the testing i’m doing. I’ve been adding things to the cart in both firefox and chrome (incognito) and trying to complete the checkout process (although not simultaneously in both browsers).
I was using a custom event_list_display.php template and stored it in the uploads folder, but i’ve since deleted these files from the server and the issue persists. I was also using custom_functions.php for displaying price ranges, and to aggregate registration emails. This has also since been deleted.
To recap, i’ve tried:
– Deactivating all EE plugins/addons
– deactivated my caching plugin (other plugins are pretty standard akismet, jetpack, youtube)
– clearing browser cache and using incognito mode
– removing all custom templates from uploads folder
– reimporting original event_list.php & event_list_diplay.php files into core folders.
Site to test: http://www.shorewoodttc.org/index.php/badger-open-registration/
Please advise as we are supposed to be running live on Monday.
|
|
Michael Bernhard
|
August 5, 2013 at 3:38 pm
Any update on this?
|
|
Josh
|
August 5, 2013 at 4:45 pm
Hi Michael,
I checked your site and could not reproduce the issue. Is this happening for a specific event? If so, which one?
If you are testing this out on one domain, then on another domain for a site running Event Espresso that’s on the same server it can corrupt the session which would lead to the price getting messed up in the cart. If that happens you can go to the registration-cancelled page and it will clear the session.
While I was checking I noticed that the site is hosted on an IIS server. We generally recommend hosting on a full LAMP stack as that’s what Event Espresso is developed on, tested on, and supported.
https://eventespresso.com/requirements/
|
|
Michael Bernhard
|
August 5, 2013 at 11:10 pm
Thanks Josh. We are only running EE on one domain. My hunch was that having EE open in 2 browsers at the same time would maybe cause the issue. I tested registration on my work computer today (IE 8) and I did not experience the cart issues. I have emailed my host about about migrating data over to a LAMP server and they are willing to do this for a small fee. Would the migration effect any existing EE data assuming all data/file paths are the same?
One other thing I noticed yesterday, but did not put in the prior post. I noticed that when I was having this issue, I would add events to the cart and view cart, but a different set of events (from a prior session) would be in the cart and not the ones I just added. This was the same regardless of browser. Thanks so much for your help!
|
|
Dean
|
August 6, 2013 at 3:14 am
“Would the migration effect any existing EE data assuming all data/file paths are the same?”
So long as the paths are transferred correctly and of course the full database is moved it shouldnt be an issue.
“I would add events to the cart and view cart, but a different set of events (from a prior session) ”
The session isn’t being completed. You would need to finalise the registration by paying, pressing the finalise button (invoice gateway for example), or if you are just testing, going to the registration-cancelled page to clear the session.
|
|
Michael Bernhard
|
August 19, 2013 at 11:25 pm
Hey guys – having a few attendees seeing this issues as well and they are very concerned given the dollar amount. I think what’s happening is they are probably not completing their cart session and going back at a later time and re-entering their registration which is activating the anti-manipulation fix you put in place.
Is there any way to disable this function? We double check registrations for the correct fees so i’m not all that worried about someone manipulating the price of their event. This is really causing us some headaches.
|
|
Josh
|
August 20, 2013 at 8:26 am
While this does not resolve the root problem of going back to an older session without clearing it, the following code will remove the 1000000 amount. If you open up event-espresso/includes/functions/pricing.php and change both lines 201 and 279 to:
return FALSE;
They will still get an error -or- possibly an incorrect total but it will not add $100000 to the price if the session has been corrupted. One other thing that you can do is add a link to the registration-cancelled page in the shopping_cart.php template (located in the /templates/ folder). If they go to that page it will clear their session so they can start over.
|
