Justin,

I have been unable to test what is happening all day as I have not been able to add anything to cart on your site.

Kind regards,

Sh*t. Nor can I. Because the site is, well live but not actually live, I'd been getting on with other jobs for a day. I just accessed the site myself and got this error when trying to add to cart:

Error: Error opening /home/www/uklaptopbags.com/public_html/acatalog/212Z18Z226Z180A1180039776B25465.session (Permission denied)

I have no idea what that means. Just for kicks, I refreshed the site (I've made no changes in Catalog since the last time it worked), emptied my caches and so forth but still no joy. Is this my web host (Easyspace)?

I tried to refresh the site but no change. So, I ftp'd in and emptied the acatalog and cgi-bin directories, then did a refresh. It gets nearly to the end and then stops with

The web site index has been corrupted. Catalog is unable to update the index. Copy /home/www/uklaptopbags.com/public_html/acatalog/fulltext.fil to /home/www/uklaptopbags.com/public_html/acatalog/oldtext.fil failed. Permission denied. Please refresh the site.

I manually did this copy using my ftp client, and it worked fine. So I'm trying to refresh again now this file has been created.

If all else fails, I'm going to open a support issue with Easyspace. Knowing them it'll be mid next week before anyone responds but I'll do it anyway.

By the way Bruce, thanks very much for taking a look at my problem.

I don't know if this is the right thing to do, but I think I've got it working again - by giving Everyone write permissions in the acatalog directory (CHMOD 757; it was 755). Once I'd done that, I was able to make a purchase. Is it right that people can write into that directory? Doesn't that mean people can hack into the site and replace it?

Refresh Site works now, too. Back to the credit card capture thing...

Justin,

The permissions on the acatalog folder need to be '777' but you can lower it to '755' if the cart still works, which in your case it does not.

You also do not need SSL to use PayPal Pro as a payment method as it is a PSP. The issue with details not passing to PayPal could be down to the SSL. Turn it off and then check to see if the payment details are transferring over.

Kind regards,

Bruce, thanks for the advice on permissions. I've made those changes.

Regarding Paypal Pro and SSL, I'm not sure I understand what you mean. On my site, the customer is entering his credit card details and so forth on one of my pages - not Paypal's. Surely that's where the customer needs SSL?

I will experiment with turning off SSL, but not today since I'm out for the rest of the day. But even if it fixes the problem, I can't see that it would be a good idea not to have SSL on the checkout pages.

Does anyone else use Paypal Website Payments Pro as their PSP and have SSL running on their checkout pages?

If you've my thread about Easyspace recently then you'll know that getting the SSL certificate was a bit fraught. The last thing I want to hear is that I can't use it...

If you only take payment with PPP technically you do not need SSL. Although PPP docs are confusing on this matter, as I also asked the same Q - PPP say the processing is on client website, I'm not sure exactly what they mean by this, if it is literally on client website then you would need SSL. However the whole point of PP is to offer secure processing on their secure servers - isn't it>

If in addition to PP, you would need SSL if you were taking CC payments and downloading the CC detail for manual local card input/processing.

OK, now I truly don't get this. I'm not technical about SSL or credit card processing so maybe I'm missing the point.

But... when someone gets to the checkout on my website, they type their name and address and all their credit card details into a form on the screen.

When I'm doing that on some other vendors site, I sure as hell want and expect to see the https: at the beginning of the address bar. It gives me some confidence that I'm really where I think I am.

If I don't have SSL on these pages, what's the point of anything?

If they are putting their credit card info into a page on your site, then they are not using PPP to process the transaction at all, it is all being done on your site. You then download the transaction and process it manually. In this scenario you should have SSL.

Excuse me for not being sure of page names etc because I'm still getting started with Catalog. When someone buys something from the site, they end up on this page:



which is on my domain. They've just entered their personal details and now they're entering their credit card details. After they've gone past this page the details somehow get transferred to Paypal and end up in my paypal manager transactions. The Actinic order processing page does not have the full credit card number in it, just the last four digits - I'm not downloading the details for off line processing - BUT surely the point here is that the sensitive data is being entered by the purchaser on pages controlled by me, so it's my responsibiilty to secure them.

This is not the same as 'classic' paypal, which I also offer. In that scenario the customer is transferred to an address starting https://www.paypal.com/uk/cgi-bin... so they're not entering details on my site.

Pinbrook - the whole point of PAYPAL is to offer secure processing on their servers, you're right. But that's not the same service as "Paypal Website Payments Pro". When I go through a transaction I never see a Paypal page.

I just put through a transaction using a card I know to be invalid, and got this:



showing that the details are being transferred to Paypal - but they're entered on my site. SSL must be required in this scenario.

Leehack - The pictures above illustrate (I hope) that people ARE putting their info onto my site and they ARE using Paypal Pro to process the transaction. I can't put up any more images so I'm splitting this post...

...on to here. When you sign up for Paypal Website Payments Pro, you get a new interface, but the old paypal interface is also still active so cc transactions appear in both places. Here's my test transaction as it appears in Paypal Manager (the new interface):



And here's how it appears in the old interface:



The thing to note being that there's no name, address or email address in either record. (All the details are present in the Catalog order record of course). I appreciate it's possible to live with this because you generally only want to tie up the two when there's a query and that should be possible without too much trouble, but it seems wrong to me...

Bruce wants me to switch off SSL and see if that fixes it - which I can try sometime this weekend. However, my long-winded blather above is saying that I don't think I can run without SSL, so that's not a solution anyway.

Please excuse the gigantic posts.

I gotta be honest and say that currently the PPP process has me totally confused. Before PPP was introduced, anyone completing credit card details on your site would have to be processed on your site, usually with SSL. If people now complete their details and then this goes over to Paypal, then it's no wonder this whole PPP process is confusing.

It is new though i guess and in the not too distant future i'm sure we will grasp wtf is actually going on.

gotta agree Lee, Hopefully Bruce will come along and clarify.

I have tested stardusts's integration and Justin's and can not figure it out.

When I ran tests on my own site, I had to have 2 entries in the payment method DDB, credit card and PPP, Justin's doesn't seem to have this.

The thing that still hasn't been answered (i asked it http://community.actinic.com/showthread.php?t=29981 post 8) do you need SSL to take PPP on your own website.

Over to you Bruce... a one stop total integration guide to PPP please

Crazy situation, something new and we know fa about it.
If someone can explain i'll write the chuffing guide myself.