Random users not able to complete PayPal Advanced using iframe

I have a site that has been running for a while so it might be something PayPal has changed although I did update the site to MySQLi recently too.
It uses the PayPal Advanced checkout within an iframe.

They go to complete the checkout, enter their shipping info and click "Continue". Then the address form slides up, and the PayPal form is loaded where they can choose to either "Check Out with PayPal" or "Pay Now" using their credit card.

If they enter their credit card and click "Pay Now" it goes blank but never comes back with a message. Not the whole page, just the area where the iframe should appear, goes blank. I realize that at that point they should see either the success page or the failure page. Their order never goes through when the column goes blank.

I can't seem to reproduce the issue myself. It always works for me when I checkout and others checkout just fine. But there has been enough people that have experienced this, that I know it's not just one instance of user error.

Also, I have confirmed with at least one user that they are doing this on a desktop PC and have tried Internet Explorer and Chrome with the same results.

Any idea where I should begin? Could this be a javascript issue or something else?

Thanks for any ideas you might have.
TroyD

The first step to fixing any problem is to reproduce it. If you can't do that, then there is no way to guarantee the cause or test anything you do to see if it works.

Maybe contact a user that is having the issue and try using their card information to reproduce the problem. One way or another we are going to have to see the issue to fix it.

Yes, that's what I'm up against, trying to recreate the problem. But every time I try it using different browsers, or credit cards, debit cards etc., it always works for me.

One thing that I thought of was the cvv. This form uses the "Type C" form and it has a place for the name, number and expiration date. There is no cvv where they enter the 3 digit security code on the live site. I am not sure where I add that but I do find a place in the PayPal Manager setup where I can turn what they call "CSC" on. It's the same thing as cvv, cvv2, etc. Different cards call it different things.

I'm reading that some cards now require it so I thought maybe that was the cause of random cards failing. It needs to be added anyway so it's worth trying.
How do I turn that feature on? Is there something in eCart I need to do, or do I just turn that feature on in PayPal's setup?

And if that's the case, is there somewhere at paypal.com I need to also change a setting? They have a message that reads "Use these settings to allow or decline transactions based on AVS/CSC responses. If PayPal is your payment processor, be sure the AVS and CSC settings in your PayPal account match your settings here. These settings automatically allow or decline transactions based on AVS and CSC responses."

Any help would be appreciated.

Thanks
TroyD

That entire form is generated by Paypal, so it would have to be a setting that would add it. I haven't used paypal advanced in a while, so I'm not that familiar with the admin back end. You may want to contact PayPal support about this. They may have a log of why it fails and could tell you how to get that field added.

That's what I assumed since the form is coming from PayPal through an iframe.

I logged into the PayPal Manager account and went to settings. In the middle of the page are some checkboxes to include and require the CVV form field. I checked both include and the edit checkboxes for the CVV (PayPal calls it CSC).
Then at the bottom there is a dropdown to sets how the validation is to be handled. The choices are "light" and "full". I used "light" because that setting allows the CVV to be empty IF the credit card company doesn't require it but if the cc company requires it, the field is required. I might end up changing to "full" if I see a need to.
This worked in terms of showing the form field and my initial test order was successful. So adding that CVV box to the form was pretty straight forward.

Now I am not sure this has anything to do with my original issue here but it's the first thing I am going to try. I have a user that is going to try her order again tonight. If her order is completed then I know it may be the solution to this problem anyway. I will report back.

Thanks
TroyD

If not, ask your user for the billing information including credit card that they are using. Then we can reproduce the issue and find the true cause and solution.

Yes, that would be ideal but they won't/can't do that for me. It's a corporate card and so I don't want to push it with them.

Hopefully when they try again it will work now that the CVV is there.

One other thought. The file paymentoptions.js in the webassist > ecart folder is the same file since I first set this site up in 2015. Should I regenerate that file or is that the most current version? I've compared it to a couple other sites that were created a little later and they are the same so I can't tell if there is a newer version.

Thanks
TroyD

That wouldn't be the problem. I'd keep your current file.

Ray,

I was able to reproduce the checkout failure. Not sure what was different this time but the checkout failed. But more than that, the checkout_failure.php page loaded inside the iframe instead of on it's own. Normally, if the checkout fails, the failure page loads on it's own. The $errorURL uses the full URL for the checkout_failure.php page.

I did capture the sessions though by opening the iframe into a new tab and since I had set it to dump the sessions, I have them. What should I look for in terms of the reason it failed?.
Any thoughts on why it would load the pages inside the iframe instead of redirecting to the actual page?

TroyD

This issue appears to be resolved. Ray figured out that it was caused by the use of a / in the name of the product. It seems that the / was somehow messing with PayPal's code or something.

On PP_PayAdv_PHP.php the variable for the name was like this

$vars[] = 'L_NAME' . ($item_count+1) . '=' . (substr(strip_tags($cart->DisplayInfo("Name")), 0, 36));

He added the urlencode to it

$vars[] = 'L_NAME' . ($item_count+1) . '=' . (substr(urlencode(strip_tags($cart->DisplayInfo("Name"))), 0, 36));

Things are working again.

Oh, and as for the failure page loading in the iframe. He added some javascript to the head that makes it break out of the iframe so it's loaded in it's own page.

if (window.location	!== window.parent.location) {
	window.parent.location = window.location;
}

Thanks for the help Ray!!!

TroyD