Hello there
We implemented a new payment processor , and it works fine. but we have an strange problem
Return urls are like this :
SuccessURL = “$current_location/$index_script” . “?dispatch=payment_notification.success&payment=myprocessor&order_id=$order_id”;
ErrorURL = “$current_location/$index_script” . “?dispatch=payment_notification.failed&payment=myprocessor&order_id=$order_id”;
but after return, we can this address in addressbar, but processor will not receive request and browser will stay in a white page with a text that show version of cs-cart : CS-CART: version 2.1.4 PROFESSIONAL !
Can anyone please let me know what is wrong ?
Any help is appreciated.
Kind Regards.
Strange
The version page is called like this /index.php?version
[QUOTE]Strange
The version page is called like this /index.php?version[/QUOTE]
Thanks for your consideration.
No, its not like that! the Url in address bar is correct, but the page is strange!
and payment processor does not get the request.
I attach screen shot 
I don’t know what is causing it to show the version page.
When I enter the address in your screen shot it takes me to this page
/index.php?dispatch=payment_notification.failed&payment=garanti3D&order_id=487If i enter that URL manually it works fine, but it should happen automatically due the payment process!
I am new in cs-card (less than one week) and i am not aware about cs-card source structures,
Who knows when or why cs-cart show a page like that?
Try this to see what happens
Open init.php and comment out the version call
Find this near line 25
```php
if (isset($_REQUEST[‘version’])) {
die(PRODUCT_NAME . ‘: version ’ . PRODUCT_VERSION . ’ ’ . PRODUCT_TYPE . (PRODUCT_STATUS != ‘’ ? (’ (’ . PRODUCT_STATUS . ‘)’) : ‘’) . ‘’);
}
```Change to
```php
/*if (isset($_REQUEST[‘version’])) {
die(PRODUCT_NAME . ‘: version ’ . PRODUCT_VERSION . ’ ’ . PRODUCT_TYPE . (PRODUCT_STATUS != ‘’ ? (’ (’ . PRODUCT_STATUS . ‘)’) : ‘’) . ‘’);
} */
```
Clear your store cache system
```php
admin.php?cc
```
Now try a test order with this code disabled to see if it will now work properly
Thanksssss
You are the best 
can you tell me what was that for (if you know)?
Where the cs-cart set this parameter and why?
That problem resolved.
Im sorry but if you can assist me for this issue , it can be great 
Now, in processor, when payment failed, i used this code to notify user :
$pp_response = array();
$pp_response[‘order_status’] = ‘F’;
$pp_response[‘reason_text’] = "get error from posted values…
$pp_response[‘transaction_id’] = $post[‘tranid’];
fn_finish_payment(trim($_REQUEST[‘order_id’]), $pp_response, false);
fn_order_placement_routines(trim($_REQUEST[‘order_id’]),$pp_response);
But it always show same warning to user :
[COLOR=“DarkOrange”]
Important: Transaction was canceled by the customer
[/COLOR]
even i set order_status to ‘P’ or ‘C’ to inform cs-card that payment was successfull
I appreciate you very much.
That version call is not important and is also a possible security risk when enabled if running an older version with vulnerabilities.
A potential hacker can find the version you are using by typing yourdomain.com if it is enabled.
Sorry, I don’t know what is wrong with your failed payment coding. Hopefully someone else here can help you with that.
Probably a pretty good bet that the processor is POSTing a ‘version’ paremeter back to the page. Since init.php looks for a REQUEST variable, it will pick up the POSTs. It should only look for a GET parameter.
Not sure what value knowing the version of the cart a site is running would be to a hacker. It makes it a lot easier to help people to be able to determine their version vial their URL.
[quote name=‘tbirnseth’]Probably a pretty good bet that the processor is POSTing a ‘version’ paremeter back to the page. Since init.php looks for a REQUEST variable, it will pick up the POSTs. It should only look for a GET parameter.
Not sure what value knowing the version of the cart a site is running would be to a hacker. It makes it a lot easier to help people to be able to determine their version vial their URL.[/QUOTE]
Yes its like a joke!
They send the “Version” field in posted values , and it comes from bank! ha ha they are Shascool
I think it can be a BUG! it should only check $GET[‘version’] and not in posted values!
[quote name=‘tbirnseth’]Not sure what value knowing the version of the cart a site is running would be to a hacker. It makes it a lot easier to help people to be able to determine their version vial their URL.[/quote]
I agree that it makes it easier to help those who don’t say what versions they are running but it also does the same for those who are looking for vulnerabilities to exploit.
Whenever a new vulnerability is found and posted to the pubic, every wannabe script kiddy on the planet will be trying to find that affected version to see if it works. CS-Cart stores are very easy to find via Google so it’s a good idea not to tell them the version also.
It’s also a good idea to remove changelog.txt for the same reason