I upgraded from 3.0.5 to 3.0.6 via upgrade centre this morning, and since then I stopped getting email notifications of orders.
I looked at each order and noticed that under payment information it says “Your order was not placed: the recipient PayPal account is wrong.”
Yet I had received all the payments perfectly fine. This has only happened after the upgrade.
All info in PayPal addon looks fine and a test purchase I made went through as normal but orders status shows as cancelled with the same message Your order was not placed: the recipient PayPal account is wrong.
I also upgraded from 3.0.5 to 3.0.6 today. No issues here. Order status correct and email-notification from PayPal received.
[quote name='Onkel_Sid' timestamp='1361377567' post='155939']
I also upgraded from 3.0.5 to 3.0.6 today. No issues here. Order status correct and email-notification from PayPal received.
[/quote]
I tested the same. No issues.
Could be a config problem with the PayPal account's redirect back to your store?
Well I am not getting anywhere on this and customers are getting very annoyed. I have raised a ticket but so far all I have heard back is support is 'busy'.
As it stands people are making successful payment, and upon returning to the site Cs cart is telling them the order is cancelled.
You can then understand their confusion when they receive the order in the mail and they have already bought it from elsewhere!!!
try disabling the existing Paypal and add another one from scratch
John
Good idea:( Will give it a go right now 
Afraid no luck. Exactly the same.
To confirm the paypal account HAS received the payment fine without any problems. It is just the site that is reporting it this way. I am really confused.
I have attached the screenshot.
PayPal takes payment normally, it goes to the paypal confirmation screen and says that the order has been placed and that you will be redirected back to the store in 10 seconds). When you go back you arrive at what I have screenshot.
Oh… if you try and pay again, Paypal rightfully reports that payment has been made for the order number.
Ah… a bit of an update that may help. I have just got it to work. Pheewww.
For those familar with Paypal you have a 'merchant account ID' which you can use instead of using your email address as the recipient PayPal address. You can find it is your Profile > My Business Details (near the bottom of that page).
This is what was being used on my site and what has always been used. Until this upgrade all was fine.
I have just chnaged it from my merchant ID to the Paypal email address on my account and it is fine and an order has gone through perfect.
It does not bother me using the Paypal Email address… but this is a glitch that needs to be looked at incase it is a universal bug and not specific to my site. This would explain why some have upgraded to 3.0.6 without problem… maybe they already had their email address.
It would appear to me that when returning to the site after paying CS Cart does validation to ensure that the correct cart is updated as paid and as part of this it validates the recipient email address… and when using the merchant ID it is failing.
Should report it in the bug tracker I reckon
Glad your back up
John
There has been a PayPal Security patch issued recently. I have 2.2.4 Pro. CS-Cart sent me a bulletin, in part it says:
[quote]
"You have received this email because you may be using PayPal for accepting payments and/or USPS for real-time shipping rates in your CS-Cart store.
We would like to inform you that important patches for these services have been released recently. If you use either of the mentioned services, it is strongly recommended to apply the patches to your CS-Cart installation.
The patches are included in the latest CS-Cart 3.0.6 release, so, in order to apply them, you can just upgrade to this version via the Upgrade Center in the CS-Cart admin panel.[/quote]
There is a paypal.patch.sql file and a Paypl.php file.
The patch has [quote]Additional PayPal account check applied: if the account is incorrect, the order is not processed, and a notification is shown to the customer.[/quote]
Maybe this has something to do with the problem observed in 3.06 since this new patch is included in this version.
Bob
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]Since the paypal update, my 2.25 store marks about 1 per 15 orders as declined, even while they are paid and all is well.[/size][/font][/color]
[color=#282828][font=arial, verdana, tahoma, sans-serif][size=3]This definitely did not happen before the update.[/size][/font][/color]
[quote]Problem description:
It was possible to substitute the recipient’s PayPal account when paying with PayPal; such an order had the status “Completed” in the CS-Cart admin panel, while the store owner received no money at their PayPal account.[/quote]
I didn't even get the email notification from CSC but after reading this thread, the files are in my helpdesk.
I haven't experienced any problems and I do not process any orders unless an accepted payment notification comes from PayPal, so I am not sure if I should apply the patch or not.
When PayPal reports back to the site (CS Cart) that a payment has been made, it provides the email address the payment was made to in the IPN callback so that the site can check it was a valid payment made against a valid order, and that the IPN has not been 'manipulated' to imply payment has been made when it has not. As per
Problem description:
It was possible to substitute the recipient’s PayPal account when paying with PayPal; such an order had the status “Completed” in the CS-Cart admin panel, while the store owner received no money at their PayPal account.
This fix does indeed correct that problem - but it does not allow for the fact that some people will have a merchant ID in the setings instead of an email address. Thus the email address does not match the contents of the PayPal accounts field (eg: me@yourdomain.com is not going to match a sample merchant ID of KJADKLAJLKAJJD)
I think the way to fix this is to have BOTH the PayPal email address AND merchant id (optional) in the PayPal settings of CS Cart. Thus it can use the Merchant ID in the outgoing part of the transaction and the incoming IPN/Callback can validate using the email address part.
Personally I would still use and apply the patch. Just make sure that if you use a merchant ID you replace it with your paypal email address instead.
Yesterday, I received my first order that was successfully paid via Paypal with the Payment Processor response:
“Your order was not placed: the recipient PayPal account is wrong.”
The order status was set to “Cancelled”.
Orders paid via PayPal prior to this sale and after this sale were processed normally.
I'm on v3.0.6 and use the email address to identify the PayPal account (always have).
Searched the Languages database and found the language is assigned to the variable: “paypal_security_error”.
payments/paypal.php includes this new code with the last update:
$paypal_statuses = $processor_data['params']['statuses'];
if ($_REQUEST['business'] != $processor_data['params']['account']) {
$pp_response['order_status'] = $paypal_statuses['denied'];
$pp_response['reason_text'] = fn_get_lang_var('paypal_security_error');
fn_finish_payment($_REQUEST['order_id'], $pp_response);
exit;
}
I can see no reason why the 'params' or 'account' in the processor data would not be equal to what was sent in the request.
I suppose it could be related to the customer taking some action (like clicking the BACK button in the browser) and a valid response not being received back from PP. Previously I used to get the occassional “Incomplete” order - which I think was due to the customer clicking the BACK button in the browser after paying by PayPal. But I don't know. According to the logs, the customer was using Firefox browser.
Didn't we used to have an order status of “Fraud Review” or something in the early ver of 3 that would be more appropriate for the status in cases like this than “Cancelled”?
I applied this fix in the bug tracker, and will see if it makes any difference.
But since my account parameters should have matched I don't have very high hopes:
[url=“http://forum.cs-cart.com/tracker/issue-3776-paypal-and-merchant-id-result-cancelled-orders/”]http://forum.cs-cart.com/tracker/issue-3776-paypal-and-merchant-id-result-cancelled-orders/[/url]
As stupid as this sounds I have just updated to 3.0.6 from 2.2.5 and have been having nothing but trouble with Paypal_Pro - I could not get credit cards to process at all…However having messed around for at least 5 hours with it I decided to use the old 2.2.5 Paypal Pro TPL and lo and behold it damn well works now!
Hope this helps someone else and saves their hair!
Mark
As has been pointed out on March 7th in the above mentioned bug tracker post: [url=“http://forum.cs-cart.com/tracker/issue-3776-paypal-and-merchant-id-result-cancelled-orders/”]http://forum.cs-cart.com/tracker/issue-3776-paypal-and-merchant-id-result-cancelled-orders/[/url], IF you have more than one email account on your PayPal account - then you need to use the Primary Email Account at PayPal for your processing from CS-Cart, as defined in the Payment Method Config tab for your PayPal payment method.
I just updated the CS-Cart store with the email address that is set as primary at PayPal and I am hoping THIS will finally solve the problem. I suspected this might be the entire problem. I have high hopes this will do the trick.
Ok so I figured out the issue and it seems to be an issue with a number of cart programs. I purposed a fix on the issue tacker.
However if you want to get around it you can do my suggested change, but instead of $processor_data['params']['primary_email'] use your primary PayPal email address.
So (this assumes you have made the fix already suggested in the tracker) replace:
if ($_REQUEST[$account_type] != $processor_data['params']['account'])
With
if ($_REQUEST[$account_type] != $processor_data['params']['account'] && $_REQUEST['receiver_email'] != 'foo@bar.com')
Note that the email address is in quotes
I should also add:
$paypal_post[$account_type] = $processor_data['params']['account'];
Change to
$paypal_post['receiver_email'] = 'foo@bar.com';
Just started using PayPal and ran into this same problem with order coming back as cancelled and customers getting upset that their money was taken. I have changed the email address used to the primary email on the PayPal account and will see what happens.