Hello got an email today informing me of paypal changes. Is open cart 1.5 with stock paypal express checkout right to go without any changes? and the 2 that require changes look server side issues, how do i fix them?
Change............................................... Change required?...............Deadline...............Complexity
1. TLS 1.2 and HTTP/1.1 Upgrade ..................Yes ............................17 June 2016 .........High
2. SSL Certificate Upgrade to SHA-256 .............Yes ............................17 June 2016 ......... High
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low
4. IP Address Update for PayPal Secure FTP ..........No .............................14 April 2016.......... Medium
Servers
5. Merchant API Certificate Credential Upgrade ......No ...............Act between 31 January 2016
....................................................................................... and 1 January 2018 ............Medium
6. Discontinue Use of GET Method for Classic ........ No .......................30 September 2016 .........Low
NVP/SOAP APIs
thanks
Change............................................... Change required?...............Deadline...............Complexity
1. TLS 1.2 and HTTP/1.1 Upgrade ..................Yes ............................17 June 2016 .........High
2. SSL Certificate Upgrade to SHA-256 .............Yes ............................17 June 2016 ......... High
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low
4. IP Address Update for PayPal Secure FTP ..........No .............................14 April 2016.......... Medium
Servers
5. Merchant API Certificate Credential Upgrade ......No ...............Act between 31 January 2016
....................................................................................... and 1 January 2018 ............Medium
6. Discontinue Use of GET Method for Classic ........ No .......................30 September 2016 .........Low
NVP/SOAP APIs
thanks
Most of these changes require your host to comply. I would suggest sending it to them to begin with and you'll meet most, if not all requirements.
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhost.com
Active Member
1 and 2 only affect Opencart merchant that do take payments on their own server and therefore required TSL and SSL (when the customer leave their credit card details to you or you do take bank payments directly into your store). If you are using PayPal express or any other payments where the customer is redirected to the financial institution site, these changes do not affect you at all.tallica22 wrote:Hello got an email today informing me of paypal changes. Is open cart 1.5 with stock paypal express checkout right to go without any changes? and the 2 that require changes look server side issues, how do i fix them?
Change............................................... Change required?...............Deadline...............Complexity
1. TLS 1.2 and HTTP/1.1 Upgrade ..................Yes ............................17 June 2016 .........High
2. SSL Certificate Upgrade to SHA-256 .............Yes ............................17 June 2016 ......... High
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low
4. IP Address Update for PayPal Secure FTP ..........No .............................14 April 2016.......... Medium
Servers
5. Merchant API Certificate Credential Upgrade ......No ...............Act between 31 January 2016
....................................................................................... and 1 January 2018 ............Medium
6. Discontinue Use of GET Method for Classic ........ No .......................30 September 2016 .........Low
NVP/SOAP APIs
thanks
Over 95% of all computer problems can be traced back to the interface between the keyboard and the chair...
It's good that date change.
I have question.
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low
Is this method affect to paypal payment standard?
Also Paypal needs TLS 1.2 and HTTP 1.1 as default. --"
How are your guys plan?
I have question.
3. IPN Verification Postback to HTTPS............... No ...........................30 September 2016....Low
Is this method affect to paypal payment standard?
Also Paypal needs TLS 1.2 and HTTP 1.1 as default. --"
How are your guys plan?
Today I also got this mail happy to have me here I got the solution
No. There is no impact if you are using PayPal Standard, as they handle all the payment processing on their end.mrcraz wrote:Is this method affect to paypal payment standard?
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
This PayPal page says you can test if your site will be compatible with the new changes (which take effect June 30, 2017): https://www.paypal-knowledge.com/infoce ... id=FAQ1914 Specifically it says the following:
I'm not 100% sure but this is how I think you set up the test on your OpenCart site (I'm using version 2.3.0.2 but there's probably a similar file in earlier versions). In catalog/controller/extension/payment/pp_pro.php look for the code:
which should be around line 148. Change that to:
and then go through a test purchase on the front end and see if you get a success or failure. Like I said, I'm not 100% sure if that's how it's done but it sounds right. Can anyone confirm if this is the right procedure for testing? And if you've run a successful test, can you let us know? Because I'm certain I have the most updated SSL certificate and have TLS 1.2 and HTTP/1.1 but for some reason the test doesn't work - it doesn't give a success or failure message. After entering credit card details, the "Please Wait" message just disappears and nothing happens. With the original sandbox url, I do get a successful test purchase, but not with this new testing url. Has this happened to anyone else?
Code: Select all
PayPal has created a new endpoint - https://tlstest.paypal.com - to help you verify that your systems can support the latest security standards. This endpoint supports all of the security standards to which the PayPal endpoints are moving.
•On success: A successful connection to https://tlstest.paypal.com will return an HTTP 200 response with the following text in the body: “PayPal_Connection_OK”
•On failure: One of the following errors will occur depending on what your system does not support:
◦HTTPS - tlstest.paypal.com will return an HTTP 400 response with the following text in the body: “ERROR! Connection is not HTTPS. Please use https://tlstest.paypal.com”
◦HTTP/1.1 - tlstest.paypal.com will return an HTTP 400 response with the following text in the body:
“ERROR! Connection is using HTTP/1.0 protocol. Please use HTTP/1.1”
◦TLS 1.2 (SHA-256) - An SSL connection error will be thrown by your code.
Code: Select all
$curl = curl_init('https://api-3t.sandbox.paypal.com/nvp');
Code: Select all
$curl = curl_init('https://tlstest.paypal.com');
There's actually another requirement for the PayPal Pro change in addition to the SSL certificate, the TLS 1.2 and HTTP/1.1. From the page: https://www.paypal-knowledge.com/infoce ... cale=en_US it says in a nutshell:
It's possible that's the reason why the test isn't working for me (because again I'm sure I have the right SSL certificate and TLS1.2 & HTTP/1.1). Can anyone tell if the catalog/controller/extension/payment/pp_pro.php file is using GET requests? I'm not an expert in coding but I do see the word "GET" as well as "POST" in the code. If that file is using "GET" requests, then it probably should be changed to "POST" by June 30, 2017. But I'm not sure if it's as easy as simply changing the word GET to POST. It's probably a little more involved than that. Any input from anyone on this?PayPal currently accepts both GET and POST HTTP methods on our classic NVP/SOAP APIs, used for Express Checkout, Website Payments Pro, MassPay and Button Manager. Starting on June 30, 2017, PayPal will only allow the use of the POST request method for these APIs ... Update your code to always use the POST HTTP request method when making classic NVP/SOAP API requests.
Did you figure this one out? I too will need clarification on GET vs POST. All of my credit card payments go through "PayPal Payments Pro Payflow Edition" and PayPal payments through "PayPal Website Payment Pro".RideTheWave wrote: ↑Thu May 25, 2017 12:40 am..... Can anyone tell if the catalog/controller/extension/payment/pp_pro.php file is using GET requests? I'm not an expert in coding but I do see the word "GET" as well as "POST" in the code. If that file is using "GET" requests, then it probably should be changed to "POST" by June 30, 2017. But I'm not sure if it's as easy as simply changing the word GET to POST. It's probably a little more involved than that. Any input from anyone on this?
File location on my server is ../catalog/controller/payment/pp_pro.php
It would appear that it is using the GET NVP method.
Code: Select all
if (!$this->config->get('pp_pro_test')) {
$curl = curl_init('https://api-3t.paypal.com/nvp');
} else {
$curl = curl_init('https://api-3t.sandbox.paypal.com/nvp');
}
PayPal currently accepts both GET and POST HTTP methods on our classic NVP/SOAP APIs, used for Express Checkout, Website Payments Pro, MassPay, and Button Manager. Going forward, PayPal will allow the use of the POST request method only for these APIs. This change will not impact the behaviors of our other API products, such as REST and Adaptive APIs.
Vorticy, Inc.
Opencart 1.5.6.4, MySQL 5.1.73-5, PHP 5.3.3-46, Plesk v12.0.18, OS CentOS 6
Who is online
Users browsing this forum: No registered users and 191 guests