Is this an error, or something else?

[countingsheep]

Here's what my client says is happening.. about a month ago, she said that someone placed an order from Italy (she does have a registered customer in Italy), but, the ship to and billing address were from Miami, Florida. The purchase was via credit card. She attempted to process the cc, but it was declined. She then proceeded to contact the customer in Italy, but they had not placed an order. Then this evening, she said someone contacted her saying that they were placing an order without registering and when they proceeded to check out, the name, billing info, etc was already filled out in someone else's name? Is this something in the cart that I need to be looking for? If so, could anyone tell me what to be looking for?

[michael_s]

The problem is that your client is hardcoding session ID's in her links, and when someone else clicks the link, they get the same session. Go through her code and find any hardcoded session ids and delete them... Then for good measure, delete all the sessions from the tmp directory...

[countingsheep]

Thank you Michael, I will do that. Appreciate your help!

[countingsheep]

Michael, I am still having trouble with this particular site and the accounts getting mixed up. I have done a search of all files and do not see anywhere in the site that the session ids have been hard coded now. Any that were, I changed. However, she emailed me again this evening telling me that she got an email saying that someone ordered and it randomly added products to her cart, as well as ordered in someone elses name. You mentioned that I needed to delete the sessions in the tmp folder. She doesnt have a tmp folder.. I believe they are stored in the database if I am understanding everything correctly. Can you give me any more suggestions for this?

[countingsheep]

I think I found two more places that the session ids were hardcoded. I removed those, so, hopefully this will be the last of it. If not, I may not have any hair left!!

[michael_s]

They would not be hardcoded into any of the php files. It would be any html files external to osCMAx that you link products on or in the Define mainpage file.

[i2Paq]

When you run your shop on a shared server:

Make sure you store your sessions in you database instead of in files.

Make also sure you have your cache directory renamed so it will not have the same name as another osCMax (or osCommerce) shop on this shared server.

[argentbeads]

Quote:

Originally Posted by countingsheep

Here's what my client says is happening.. about a month ago, she said that someone placed an order from Italy (she does have a registered customer in Italy), but, the ship to and billing address were from Miami, Florida. The purchase was via credit card. She attempted to process the cc, but it was declined. She then proceeded to contact the customer in Italy, but they had not placed an order. Then this evening, she said someone contacted her saying that they were placing an order without registering and when they proceeded to check out, the name, billing info, etc was already filled out in someone else's name? Is this something in the cart that I need to be looking for? If so, could anyone tell me what to be looking for?

This does sound similar to scam e-mail requests our business receives all the time. Something like:

"Hello. My name is XXXXXXX XXXXXXX and I live in [Miami/Atlanta/Orlando/New York City] I am wondering if you will ship to my client in [Nairobi/Nigeria/Kenya/Burundi]. I would like to pay with a credit card.

Please get back to me soon and let me know which products you carry..."

At least two versions for the scam are:
Fraudulent Credit Card Number or
Overpay with Money Order, request for the difference to be wired immediately, then finding out that the Money Order is forged. Hopefully before the product is shipped. Otherwise, you're out the product, out the "difference" that was wired and out of time and energy to deal with it.

So it could be a scam rather than faulty programming.

Paul
OhioBeads.com