Support

Admin Tools

#21174 callback blocked Cardgate

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 20 November 2014 17:20 CST

Tuesday, 07 October 2014 05:56 CDT

zegenrijk
Hello,

I'am using Virtuemart 2.6.10 with paymentprovider CardGate.com. The callback from CardGate that a payment is succesfull is blocked bij de htaccess from admintools. With the normal htaccess there is no problem.

I understand that i must give in the php file in 'Allowed direct access to this files' to allowed that file to communicate with the shop. Card gate said this is the file: components/com_cgp/controller.php

But still something is blocking the answer from Card Gate.

How can i solve this or how can i investigate this?

Regards Michel

Tuesday, 07 October 2014 06:36 CDT

nicholas
If they can provide us with a sample request to this file we can tell you why it could be blocked.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 07 October 2014 06:44 CDT

zegenrijk
Hello Nicholas,

This is the callback url from cardgate: https://test.nu/index.php?option=com_cgp&task=callback

This must be the file where it's handeled said Cardgate: components/com_cgp/controller.php

Regards Michel

Tuesday, 07 October 2014 11:42 CDT

nicholas
OK, first things first.

You are NOT accessing components/com_cgp/controller.php directly. You do it through Joomla! itself. As such, adding a .htaccess exception is NOT required. Access to Joomla!'s index.php file is always allowed. If it wasn't, quite obviously you wouldn't be able to access your site, period.

Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!. If you are on GoDaddy please wait for 1-30 minutes for the changes to be effective. Then, retry loading the problem page. If you can still reproduce the error, then it is not caused by .htaccess Maker.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and we can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log. The latest log entry at the top should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that we can further help you.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 10 October 2014 04:00 CDT

zegenrijk
Hello Nicholas,

When i place the standard Joomla htaccess there is no problem. With the admintools htaccess there is a problem.

Error reporting is none, there is no logging in Security Exceptions Log.
How to solve?

Regards Michel

Friday, 10 October 2014 06:04 CDT

nicholas
This brings me back to what I requested upfront: If they can provide us with a sample request we can tell you why it could be blocked.

I need to know which data is sent via HTTP POST or GET. I need both the names of the request variables and sample data. I suspect that there is a URL, a file path or a suspiciously looking string passed a query parameter. However, unless I do see the request variable names and contents I can only make blind guesses. I am really bad at blind guesses and they won't help you fix the issue. So, please, do ask them to provide us with a sample request's data and we'll be able to help you.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 21 October 2014 08:07 CDT

zegenrijk
Hello Nicholas,

There is GET.

callback url: http://test.nu/index.php?option=com_cgp&task=callback

Example:
<form method="post" name="cardgate_callback" action="https://menergy.nu
/index.php?option=com_cgp&task=callback">
<input type="text" name="transactionid" value="2194879"><br>
<input type="text" name="transaction_id" value="2194879"><br>
<input type="text" name="site_id" value="3186"><br>
<input type="text" name="is_test" value="1"><br>
<input type="text" name="ref" value="a532058"><br>
<input type="text" name="extra" value=""><br>
<input type="text" name="status" value="200"><br>
<input type="text" name="currency" value="EUR"><br>
<input type="text" name="amount" value="465"><br>
<input type="text" name="billing_option" value="creditcard"><br>
<input type="text" name="transaction_fee" value="0"><br>
<input type="text" name="transaction_fee_bank" value="0"><br>
<input type="text" name="transaction_fee_cgp" value="0"><br>
<input type="text" name="customer_firstname" value="Richard"><br>
<input type="text" name="customer_lastname" value="Schoots"><br>
<input type="text" name="customer_address" value="Maaskade 1"><br>
<input type="text" name="customer_city" value="Oss"><br>
<input type="text" name="customer_state" value="Sa"><br>
<input type="text" name="customer_zipcode" value="5344 KD"><br>
<input type="text" name="customer_countrycode" value="NL"><br>
<input type="text" name="customer_phonenumber" value="2222222222"><br>
<input type="text" name="customer_email" value="[email protected]"><br>
<input type="text" name="customer_ip_address" value="62.212.71.77"><br>
<input type="text" name="card_type" value="visa"><br>
<input type="text" name="cardnumber_masked" value="111111*****1111"><br>
<input type="text" name="card_expirydate" value="11/12"><br>
<input type="text" name="threed_secure" value="U"><br>
<input type="text" name="hash" value="ef9cd5d38aa72c335724f813e4f7fe23"><br>
<input type="text" name="hashSHA1" value="4c4771e5e74749190e224a297daf48e100acc7ad"><br>
<input type="submit" name="invoeren" value="Invoeren">
</form>

Regards Michel

Tuesday, 21 October 2014 09:03 CDT

nicholas
This information is not helpful. This is what your client posts to CardGate, not the information CardGate posts back to your site. I'll have to make a wild guess which may or may not work.

First make sure that you are running Admin Tools 3.3.1. Go to .htaccess Maker and change the following settings:

Disable PHP Easter Eggs => No
Block access from specific user agents => No
Redirect index.php to the site's root => No
Redirect www and non-www addresses => Do not redirect
HSTS Header (for HTTPS-only sites) => No
Host name for HTTPS requests (without https://) => test.nu
Host name for HTTP requests (without http://) => test.nu
Base directory of your site (/ for domain's root) => /

Click on Save and Create .htaccess. Hopefully the problem was caused by one of these settings. Unfortunately, even if this fixes the problem, I can't possibly know which one because I still don't know what CardGate posts back to your site...

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 20 November 2014 17:20 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2014-11-20 17:20 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!