Orders being placed for wrong store - php

I am using Magento 1.3.2 in a multi-store setup. www.example.com is the main store, and abc.example.com, foo.example.com and bar.example.com are affiliate stores with separate subdomains, separate inventory, separate carts, separate designs.
My problem is that some orders being placed through the affiliates are showing up as coming from the main store. It doesn't happen frequently, maybe once in every 1000 orders. I notice these when I go to fulfill the order and I see that the SKU is not one of mine but rather it is one of the affiliate's, despite the fact that the website, store and store view on the order screen all show the main store. I know that the customers are adding the product to their cart from the affiliate site (we don't even list affiliate products on the main site) and they go through the checkout process on the affiliate site. Does anybody have any ideas what could be causing this?
EDIT: I wish I could recreate this so I could post some code that I think might be buggy or something else helpful, but I've tried every permutation I can think of (logging in on the affiliate site vs the main site, having two carts open, adding/removing products in various sequences) but I still can't reproduce the issue.

You should follow some steps :
Make sure affiliates use different databases. Provide them with different database username/password sets. This ensures they are not messing with your database.
Make sure you have CSRF tokens, Or some URL Redirection/DNS config would make orders of affiliates to end up on the main shop.
If you feel like it, Browse web server logs to see what happened (might be time-consuming)
Provide people you ask for help with your system configuration, e.g Web Server, Server-side Scripting Language, Database Server, Operating System, etc.
If it is 1 in a 1000 problem, Then there are two general case of triggers for that:
Some particular costumers with particular system setup / clicking habits result in that.
You have concurrency problems in your code (Database Transactions?)
Hope it helped

Related

Shared shopping basket over multiple sites

I've researched 2 methods that could reproduce the functionality coolblue.nl has.
They have 83 webshops, and all shopping baskets are merged. So if you add a product
to your basket on laptopshop.nl and go to one of their other shops (ie. smartphoneshop.nl) the product is already in your basket.
But how does it exactly work?
Single Sign on? I guess not, users are not required to log in
Identifying pixel? But how is the product directly available?
Unique links? They are not using it.
Can anyone give me some detailed info how i could get this to work?
Single Sign on? I guess not, users are not required to log in
Simply share the sessions between your servers. Store everything in a central memcached server. Only limitation is the cookie placed for one domain, not directly accessable by the other domain. Maybe it's JavaScript / JSONP used to circumvent this.
I personally use memcached too because it's faster, has less disc i/o, can be clustered, integrated into PHP and is dispatched from your webserver.
Identifying pixel?
Session IDs are stored per domain, so one domain usually cannot read other domains data (security). You can circumvent this using JSON(P). So you send a JSON(P) request to your central (web)session server and ask it "is there already a session for the user, if yes, return me the id".
You'd simply reuse the session then.
But how is the product directly available?
You can be sure all their Shops share the same database server and a unique product id like SKU/EAN.

PHP Codeigniter sharing session

I had problem with session sharing. Can session be shared across domain? I'm using PHP codeigniter framework for my project.
I had this case where I got 2 domain name register in server and I use 1 application.
Eg:
domainA = www.domainA.com
domainB = www.domainB.com
for domainA, i used default application
—-application
—-images
—-system
for domainB, i create new folder named domainB
—-application
—-domainB
—-application
—-images
—-system
By using htaccess, i rewrite rule whenever link is www.domainB.com it will pointing to domainB folder. This case, it working fine.
The problem is, the session created in domainA are not same as domainB. This is troublesome if we had to gather data from both domainA and domainB. Eg, let said, I add product A to add to cart in domainA, and another product B in domainB, i want to collect these both product and call it in shopping cart in domainA. Can i do that?
Need advise on how to implement these kind of problems? Usually when coding shopping cart we have to use session to keep the products in shopping cart at certain amount of times. Are there any other methods beside this? I had searched in google mostly i read the replied was something like this:
Assume you have a sites called www.innovativephp.com and www.innovativejs.com hosted on same server. Even though both sites are on same server, domain names are different hence you will see that the cookies will not be working in another top domain. :(
Thanks.
I had the same problem and still reading about it:
Extending session in another application
you might want to look on Single Sign on, openid,or even the answer given in the link provided.

Magento customer login hangs on some accounts

I have been looking everywhere for an answer but can't find anything that helps.
I have a magento 1.7.2 install, and some customers can't login into their account area, the website just hangs. They don't get no error or anything. It was that bad that it brought down a whole server when multiple customers were logging in at the same time.
I have since moved on to a new server an it still happens, but doesn't crash the server.
The only way I can get round the issue is resetting the customer password in the admin - but i need to know what is causing it.
Note, this is standard Magento 1.7.2 login system - no customer modules etc. It only happens on some customers too, as many can log in fine.
Ok, it appeared that my cron wasn't triggering the log cleaner in magento. There were stupid amount of data in tables such as log_visitor, log_visitor_url. I believe this was slowing down the performance of my magento site causing the login to hang in some cases.
I followed this tutorial to TRUNCATE various tables - and I have noticed a difference at login.
http://www.crucialwebhost.com/kb/magneto-log-and-cache-maintenance-script/
Hope this helps someone in a similar situation.
it might be something related to cart, try this fix:
UPDATE quote set is_active = 1 where is_active = 0;

In Magento, make same customer use different quotes on different browsers

Unfortunately, due to circumstances beyond my control, I need to make the following configuration work:
Alice logs in as a Customer with username foo.
Then Bob logs in as the same Customer (foo) on a different browser.
Alice and Bob each have separate shopping carts. When Alice adds something to the cart in her browser, Bob's cart is not affected.
In Magento's default configuration, Alice and Bob share one cart stored on the server, and thus the cart is synchronized between them. Is there any way I can force Magento's sessions to work the way I need them to?
EDIT:
Thanks for the replies! After looking into some of the hints in Alan's
answer, I guess the crux of my question is whether quotes can be made
to apply to sessions rather than to users.
Can I hook onto some login event and do something like:
Mage::getSingleton('checkout/session')->setQuoteId(null);
And still keep the cart of the user logged in on the other browser?
That is a very odd use case, but one that doesn't seem to be related to "sessions" as much as limitations of the cart. Seems like new functionality you would need to create if you want to support multiple carts per user. Functionality which would need to include UI changes and other changes throughout the system, so as to not really confuse users who might legitimately log into the site in different browsers (perhaps on different devices) and want to see their SAME shopping cart.
So I would say if you you need to think about this on a deeper level than just changing cart behavior, and think of it more as modifying base application functionality.
I've never seen a turn-key extension or cookbook solution that would allow you to do this. You might want to try asking this question over on the StackExchange Magento site — non programming questions are more welcome over there.
If I was going to build/program this feature, my general approach would be
Find an event that fires after a customer logs in, and then setup an observer for this event
In the observer, find the last unconverted "cart" for the user that just logged in using the sales/quote object (i.e. the sales_flat_quote table).
Then, still in the observer, I'd use the setQuoteId method of the cart session to make this old quote the current quote
The above is a naive approach to the problem — I'm not sure if Magento persistant cart feature would play nice with the above, but the fastest way to find out would be to implement something, test, and iterate.
This is not a simple solution, unless this functionality is a live or die business requirement, I'd skip the feature.

SEO neutral way to redirect human users to confirmation dialog?

A web site I'm working on sells vehicles to business entities only.
Consequently, it displays data aimed at business customers (prices without Value Added Tax, warranty limitations, etc.). In Germany, showing this kind of data to private end-users can be punished as misleading advertising.
One way around that is to show a dialog when the user enters the site. In the dialog, the user must confirm that they are a business user.
My idea at the moment is to use a flag in $_SESSION to detect whether the user is new, and then to redirect them to a confirmation page using a header redirect. When they confirm they are a business user, they get taken to the actual page.
However, search engines should see the content straight away, without the confirmation page.
Does somebody have a genius simple way of detecting search engine bots
Without the use of JavaScript
Without the need for constant maintenance (e.g. a list of spiders' USER_AGENT strings)
Bot detection doesn't need to be 100% reliable as long as the major search engines are served properly. Any other ideas on how to fulfill the legal requirement of having the user confirm their business status are very welcome as well.
The web site is based on PHP 5 and runs on a Linux-based shared hosting package (can't install any extensions).
Adding an absolute positioned overlay to all pages if the session variable isn't set is the easiest solution I'd think: Still serving the whole page (for users & bots), but not usable for users untill they confirm their status,

Categories