Customer Cheated Us, Bought product for $0.01

Discussion in 'Troubleshooting' started by osmark, Jul 3, 2013.

  1. osmark

    osmark New Member

    Joined:
    Feb 7, 2013
    Messages:
    10
    So today a customer was able to adjust his checkout price and payed $0.01 for $89 worth of access. The system approved him and he got away with it.

    Any ideas how to prevent this? cheat.jpg
  2. gswaim

    gswaim CGI-Central Partner

    Joined:
    Jul 2, 2003
    Messages:
    641
    Not sure what happened, but customer should not be able to change the price of a product. Someone from aMember support will likely need to go over your log files and determine how this happened.
  3. osmark

    osmark New Member

    Joined:
    Feb 7, 2013
    Messages:
    10
    yes this script has sloppy paypal integration without correct validation. I am hoping someone from support will get to this today, its a critical issue for sure.

    How can I turn off auto approve so I can verify payments are legit before giving access? I had a quick look through settings but could not establish how to do this.
  4. gswaim

    gswaim CGI-Central Partner

    Joined:
    Jul 2, 2003
    Messages:
    641
    I wouldn't automatically assume it is sloppy code. I trust you will post to this thread the answer to this issue
    You can try "Manually Approve New Members" on the "Advanced" tab under Setup/Configuration.
  5. osmark

    osmark New Member

    Joined:
    Feb 7, 2013
    Messages:
    10
    thanks mate, thats what I was after.

    by sloppy, I mean it fails to validate the amount paid against the amount expected. This is not an assumption, its a fact. As you can see the system was well aware this customer paid $0.01 on a $89 invoice but that did not prevent the user from being given full access.

    Choose your word to describe this behavior :)


    I will most certainly report back
  6. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Have you submited ticket t helpdesk already? If so what is ticket number? I will check this asap. Also feel free to contact me in Skype: alexander_cgicentral
  7. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    I found it.
    There was a bug in paypal plugin, it didn't check amount in incoming IPN messages for not-recurring payments.
    Only recurring payments were checked.
    I applied fix to your installation.
    guy1 likes this.
  8. osmark

    osmark New Member

    Joined:
    Feb 7, 2013
    Messages:
    10
    excellent, thanks for the quick and effective support!
  9. guy1

    guy1 Member

    Joined:
    Aug 29, 2006
    Messages:
    129
    Is this a fix for the next release Alexander?

Share This Page