Is the payment going through twice? is the orders database updated twice? Are the people paying with credit card or paypal?
I added this to the top of the confirm.php page:
<?php
if ((isset($_POST["Payment_submit"]) || isset($_POST["Payment_submit_x"])) && isset($_SESSION["eCart1_OrderID"])) {
header("location: hvw-checkout_success.php");
die();
}
?>
It checks to see if the session variable that is saved when an order is inserted into the database already exists before processing the transaction again. Then it redirects to the success page if it does already exist, since this hypothetically means that the transaction has been processed but the success page hasn't been viewed since the session variable is removed on the success page.
I think that should stop any repeat transactions unless users are somehow visiting the success page and going back to the checkout page to process the payment a second time.