duplicate orders

Start
Prev
1
Next
End

Genr8r
Topic Author
Offline

Posts: 39
Thank you received: 2
Hikaserial Standard Hikashop Business

5 months 3 weeks ago #361349

-- HikaShop version -- : 5.0.4
-- Joomla version -- : 4.4.5
-- PHP version -- : 8.3.7

We had two clients this week that checked out using authorize.net and hikashop created duplicate orders. One customer had the order created 4 times. None of the orders show a payment in the history. Yet, Authorize charged them for all four orders and with four seperate transaction id's. The other customer only had one duplicate. One of the two order correctly shows payment in hikashop but the duplicate does not have a payment in the payment history. Again authorize billed them for both orders.

These transactions happened running hikashop 5.0.3. I have since upgraded to 5.0.4. I did read the changelog and the only item relating to authorize did not seem relevant to the issue described.

When using a credit card form embedded in the checkout by HikaShop (like with the offline credit card payment plugin, or the Authorize.net payment plugin in AIM mode), we now check the expiration date is provided and valid before even trying to submit the credit card information.

Other forum posts that seem similar are very old. I am not seeing any other recent concerns about duplicate orders.

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

5 months 3 weeks ago #361352

Hi,

Indeed, no one reported similar issues with it recently.
Note that there are 2 payment plugins for Authorize.net. The one included by default in HikaShop ( www.hikashop.com/support/documentation/6...-authorize-form.html ) uses a really old API which Authorize.net themselves deprecated.
The one we usually recommend nowadays is this one:
www.hikashop.com/marketplace/product/150...e-js-by-obsidev.html
It is made for a recent API of Authorize.net
So first, we need to know which one you're using and how you configured it.
Could you provide a screenshot of the settings of the payment method ? ( please leave out / blur the credentials area )
Also, if you could provide a screenshot of the orders details (especially the "history" area at the bottom) ? That would allo us to better understand the situation.

Please Log in or Create an account to join the conversation.

Genr8r
Topic Author
Offline

Posts: 39
Thank you received: 2
Hikaserial Standard Hikashop Business

5 months 2 weeks ago #361386

Hi Nicolas,

I hope there is enough info here. Our client could be pretty easily figured out by the product names so I blanked those out.

The username/IP in the history is all for a super user at the company. However, the order was placed on the website by a customer. There is no action type of "payment" in the history for the orders that duplicated but authorize.net billed for each copy of the order.

I am assuming that we are using the older default version of the payment method. I am going to implement and test the newer method with the customer tomorrow.

Let me know if you need any addtional information.

Thanks,
Brian

Attachments:

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

5 months 2 weeks ago #361418

Hi,

Thanks. The options there looks fine.

There are several things preventing duplicate orders, normally:
- We've added a "duplicate window" setting to the Authorize.net plugin:
community.developer.cybersource.com/t5/I.../highlight/true#U285
This will prevent Authorize.net from accepting orders with the same data inside the window. I can see that you configured it to 10 seconds. So within 10 seconds, it should be impossible for Authorize.net to accept several similar orders. Can you confirm that this is the case ?
- The checkout disable the "finish" button once the user has pressed on it. So it should be impossible for him to submit the order several times via this button.
- When you click on the finish button, HikaShop fills an extra parameter and HikaShop checks this parameter on the server side in order to make sure that the button has been clicked. This should prevent several orders by refreshing the page in the browser of the user.

Are you able to reproduce the problem on your end ?

Also, if you open the content of the file plugins/hikashoppayment/authorize/authorize.php (via FTP of cpanel's file manager), you should see the version of the file there. It should be the same version as your HikaShop. If, instead you see an old version (like 3.0.4), it means that the Joomla updater was not able to update the file when HikaShop was updated. This can happen because of permissions on the file or its folder. That could explain why you get issues that no one else has since you wouldn't get all the patches that have been added to the plugin for years.

Also, the new Authorize.js plugin can't have that issue due to the way the API is done. On top of this, Authorize.net recommends using the new API as it will remove the old one at some point in the near future. So if you can switch, you'll kill two birds with one stone.