Double payments issue with PayPal

but actually - maybe even with payment buttons s2member could prevent this? Is there some mechanism that for a single IP maybe s2member sends the same identification for paypal - so paypal can notice it’s a double payment?

1 Like

It may be possible. I’m looking into it. I don’t know that the PayPal API that s2 used for the integration supports that, but I’ll see what can be done.

2 Likes

Is anyone else still having this problem? We just got a 6x payment (charged six times instead of just once):

The user was upset, naturally.

We asked the user if they noticed anything odd when they purchased and they said “No it seemed normal, I just purchased [one]. I’m not sure why it came back as 6.”

The charges all happened in a span of 14 seconds:
April 21, 2021 at 8:11:56 PM PDT
April 21, 2021 at 8:11:58 PM PDT
April 21, 2021 at 8:11:58 PM PDT
April 21, 2021 at 8:12:01 PM PDT
April 21, 2021 at 8:12:04 PM PDT
April 21, 2021 at 8:12:10 PM PDT

These are one time payments, with “Payment Type: Website Payments Pro”, and went through a Visa card.

Please let me know if you need any more information

@clavaque I was wondering if this issue was reported by other clients and if perhaps it is fixed in the newer versions of s2member? I don’t see any mention of it in the change logs, but perhaps it was fixed but not mentioned in the change log.

Hi Alan.

I haven’t had anyone else report it. I haven’t changed anything to the code, since I haven’t been able to reproduce the behavior to isolate the cause behind it.

Did you keep getting duplicate charges? Anything regular or in common between them? Do you have the s2 logs for those?

:slight_smile:

@clavaque
I’m helping a client with https://classcenter.net/ and she’s been having this issue frequently (duplicate PayPal charges) for years. I’ve set up a page with a $1 product (the minimum price IIRC) that you can use to try to reproduce the behavior if you want: https://classcenter.net/plsc-public-opinion-and-political-behavior/

If you email me at nathan.wailes @gmail.com I’ll send you a Dropbox link to the s2Member PayPal API logs.

Hi Nathan,

Does it happen to all transactions, or only some? Do they seem random, or is there something in common?

The min amount is 1 cent. You can send me a message here with the logs, click on my name and then the message button.

Any particular transaction that you know this happened to, so I look it up? In the log entries, do you see mention of the duplicate charge?

:slight_smile:

Does it happen to all transactions, or only some?

It’s only happening on some transactions.

Do they seem random, or is there something in common?

It’s never happened to me, so I can only go off what others say. My client (the owner of the site) seems to think it can happen when students click PayPal’s “Pay Now” button more than once.

The min amount is 1 cent.

I’ve updated the price to 1 cent.

You can send me a message here with the logs, click on my name and then the message button.

Ok I’ll PM you the link to the log file. The file is >1mb, so probably too big to just directly send you.

Any particular transaction that you know this happened to, so I look it up?

Yes, I’ll PM you the email address.

In the log entries, do you see mention of the duplicate charge?

Yes, I believe so.

Hi Nathan,

Thanks for the additional details, and log.

Could you show me the shortcode you’re using to sell these? (the $110, and $115 ones)

I looked up the buyers you sent me, and for some (not all) I did find the duplicate, about a minute after the original. It looks almost as if they had clicked on the checkout button more than once, but I don’t know how likely that is.

I’m suspecting it may be something to do with a communication problem between your server and Paypal’s. If your server doesn’t get a clear ack from PayPal, it may retry, and it could end up as a duplicate if PayPal had actually gotten the first one.

Some APIs have something to prevent these duplicates (idempotency), but I’m not sure the PayPal Express Checkout one does. I’m studying the API docs for it.

Would you try something for me? Make a copy of this file: s2member-pro/src/includes/classes/gateways/paypal/paypal-checkout-in.inc.php

Find this line:

																$paypal_set_xco["EMAIL"] = ($user) ? $user->user_email : $post_vars["email"];

Right below it add these:

																$request_id = md5(serialize($paypal_set_xco));
																$paypal_set_xco["PAYMENTREQUEST_n_PAYMENTREQUESTID"] = $request_id;

Keep the original of the file as a backup, and try the modified one. Do a test purchase to make sure the checkout is still working correctly. Then look in the s2 paypal-api log for that test, and see if the PAYMENTREQUESTID is there.

If the checkout test went well, leave it for a while and see if you get a duplicate charge again.

:slight_smile:

Shortcodes:

[s2Member-Pro-PayPal-Form level="1" ccaps="eating_disorders" desc="Eating Disorders" cc="USD" custom="classcenter.net" ra="110.00" rp="4" rt="M" rr="BN" coupon="" accept_coupons="1" default_country_code="US" captcha="0" /]

[s2Member-Pro-PayPal-Form level="1" ccaps="personality_psychology_training_interviews" desc="Personality Psychology Training Interviews And Perspectives" cc="USD" custom="classcenter.net" ra="115.00" rp="4" rt="M" rr="BN" coupon="" accept_coupons="1" default_country_code="US" captcha="0" /]

I made the change to paypal-checkout-in.inc.php and did a test transaction and it worked, but I don’t see a new entry in the PayPal log(?).

Hi Nathan,

Thanks for the shortcodes and update.

I’m glad the checkout went fine. That seems to mean there were no errors. Then now we wait to see if any duplicate payments happen. How often would a duplicate happen lately?

Funny that it’s not in the paypal-api log, though. So everything did go normally, right? Was the user account created/upgraded with the payment? Was the confirmation email sent?

You do still have logging enabled, right? What about the other logs like the core-rtn or core-ipn ones? Any mention there?

:slight_smile:

How often would a duplicate happen lately?

Students typically all sign up for a course at around the same time, and it seems like within each batch of maybe a few dozen students there will be a few who will report this issue.

So everything did go normally, right? Was the user account created/upgraded with the payment? Was the confirmation email sent?

Yes, everything went normally. I got a confirmation email, I was able to create a new account, and that account had the proper custom capability.

You do still have logging enabled, right?

Yes. I’m seeing other new transactions have been added to the log since I last posted here.

What about the other logs like the core-rtn or core-ipn ones?

I do see the transaction in those logs.

1 Like

Excellent.

Do you see the new PAYMENTREQUEST_n_PAYMENTREQUESTID in some log entries?

Now we wait to see if any new duplicates happen in the coming days.

I look forward to your update.

:slight_smile:

I don’t see the string PAYMENTREQUEST in either gateway-core-ipn.log or gateway-core-rtn.log.

That’s fine. I would expect it to be only in the paypal-api.log.

I just checked and I do see PAYMENTREQUEST_n_PAYMENTREQUESTID in the PayPal log. I haven’t been alerted to any duplicates from my client so far.

1 Like

Good! :smiley:

Could you send me the paypal-api log file again? I’d like to look at the recent entries, if that’s okay.

I just sent you a private message with a Dropbox link to the latest version of the log.

1 Like

Thanks a lot, Nathan. Let me know if you find out about a new duplicate in the coming days, please.

What PayPal account type are you using, regular Business or Pro?

:slight_smile:

I just got an answer from the client: They’re using PayPal Pro.

1 Like