DoubleCount error - we think at PayPal

Has anyone ever heard of, or experienced, a "double count" error?

We've configured eCart to work with our client's PayPal "Business Account". They are not prepared to pay for Website Payments Pro so all we have, in eCart, is an option to pay by PayPal which obviously drags the user through to PayPal for all the login stuff etc.

We're experiencing a major problem whereby customers are being charged twice at PayPal and we can't work out why. The only feedback we've been able to retrieve from a customer is that they received a "DoubleCount" error.

What's weird is that PayPal is, apparently, displaying an error message which, we are assuming, is prompting the customer to try the order again, except when the second order goes through, the order ID and item descriptions are all muddled and, at the end of the process, PayPal isn't writing back to database either.

It's a complete mess and the client is tearing their hair out.

This isn't happening with all orders, and there isn't any obvious pattern to it (I suspect there will be, but it's not obvious just now).

Has anyone heard of this error?

Thank you.
NJ

I think the best solution is to pass the shopping cart ID or session id to paypal as the invoice ID. Paypal has a built in protection to prevent the same invoice ID from being charged twice. That way you won't have to worry about duplicate transactions.

I suspect the error may have been on their side, so there might not be anything you can do about it and it might just stop happening since they have likely resolved it. I haven't found any information about that particular error in my searches.

We only have two add to cart buttons on the website and we are only passing a single 'product' but are running into all sorts of problems.

This is one of the add to cart buttons, which is basically for new orders on the site....

<form name="eCartSMC_1_ATC_<?php echo($rsEDITFORM->getColumnVal("SMCformID")); ?>" method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".htmlentities($_SERVER["QUERY_STRING"]):""; ?>">
<input type="hidden" name="eCartSMC_1_ID_Add" value="<?php echo($rsEDITFORM->getColumnVal("SMCformID")); ?>">
<button type="submit" class="btn btn-info" name="eCartSMC_1_ATC" id="eCartSMC_1_ATC">Add to Basket <i class="fal fa-shopping-cart"></i></button>
</form>

And this is it's corresponding behaviour on the same page...

<?php
// WA eCart AddToCart
if (isset($_POST["eCartSMC_1_ATC"]) || isset($_POST["eCartSMC_1_ATC_x"]))     {
  $ATC_itemID = $_POST["eCartSMC_1_ID_Add"];
  $ATC_AddIfIn = 4;
  $ATC_RedirectAfter = "health-screening-form-checkout.php";
  $ATC_RedirectIfIn  = "";
    $ATC_itemName = "Sports Medical Certificate Form Ref. ".$_SESSION['NEWformID']  ."";// column binding
    $ATC_itemDescription = "Order Ref. SMC".$_SESSION['eCartSMC_OrderID']  ."";// column binding
    $ATC_itemThumbnail = "";// column binding
    $ATC_itemWeight = floatval("0");// column binding
    $ATC_itemQuantity = floatval("1");// column binding
    $ATC_itemPrice = floatval("65");// column binding
  $ATC_itemQuantity = floatval($ATC_itemQuantity);
  if (is_numeric($ATC_itemQuantity) && $ATC_itemQuantity != 0)     {
    $eCartSMC->AddToCart($ATC_AddIfIn, $ATC_RedirectIfIn, $ATC_itemID, $ATC_itemName, $ATC_itemDescription, $ATC_itemThumbnail, $ATC_itemWeight, $ATC_itemQuantity, $ATC_itemPrice);
    if ($ATC_RedirectAfter != "" && $eCartSMC->redirStr == "")     {
      $eCartSMC->redirStr = $ATC_RedirectAfter;
    }
    if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "")  {
      $_SESSION['WAEC_ContinueRedirect'] = $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'];
    }
    else  {
      $_SESSION['WAEC_ContinueRedirect'] = $_SERVER['PHP_SELF'];
    }
  }
}
?>

This is the other, which appears for orders that customers are returning to (that they haven't yet paid for)....

<form name="eCartSMC_1_ATC_<?php echo($rsEDITFORM->getColumnVal("SMCformID")); ?>" method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".htmlentities($_SERVER["QUERY_STRING"]):""; ?>">
<input type="hidden" name="eCartSMC_1_ID_Add" value="<?php echo($rsEDITFORM->getColumnVal("SMCformID")); ?>">
<button type="submit" class="btn btn-info float-right" name="eCartSMC_1_ATC" id="eCartSMC_1_ATC">Proceed to Payment <i class="fal fa-shopping-cart"></i></button>
</form>

And it's corresponding server behaviour...

<?php
// WA eCart AddToCart
if (isset($_POST["eCartSMC_1_ATC"]) || isset($_POST["eCartSMC_1_ATC_x"]))     {
  $ATC_itemID = $_SESSION["eCartSMC_OrderID"];
  $ATC_AddIfIn = 4;
  $ATC_RedirectAfter = "../health-screening-form-checkout.php";
  $ATC_RedirectIfIn  = "";
    $ATC_itemName = "Sports Medical Certificate Form Ref ". $rsEDITFORM->getColumnVal("SMCformID")  ."";// column binding
    $ATC_itemDescription = "Order Ref SMC". $rsEDITFORM->getColumnVal("SMCorderID") ."";// column binding
    $ATC_itemThumbnail = "";// column binding
    $ATC_itemWeight = floatval("0");// column binding
    $ATC_itemQuantity = floatval("1");// column binding
    $ATC_itemPrice = floatval("65");// column binding
  $ATC_itemQuantity = floatval($ATC_itemQuantity);
  if (is_numeric($ATC_itemQuantity) && $ATC_itemQuantity != 0)     {
    $eCartSMC->AddToCart($ATC_AddIfIn, $ATC_RedirectIfIn, $ATC_itemID, $ATC_itemName, $ATC_itemDescription, $ATC_itemThumbnail, $ATC_itemWeight, $ATC_itemQuantity, $ATC_itemPrice);
    if ($ATC_RedirectAfter != "" && $eCartSMC->redirStr == "")     {
      $eCartSMC->redirStr = $ATC_RedirectAfter;
    }
    if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "")  {
      $_SESSION['WAEC_ContinueRedirect'] = $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'];
    }
    else  {
      $_SESSION['WAEC_ContinueRedirect'] = $_SERVER['PHP_SELF'];
    }
  }
}
?>

Is the $ATC_itemID the invoice ID that PayPal uses or is this the product ID?

I believe that it's the later form that's causing the problems because people are arriving at PayPal but are sometimes dumped out at that stage.
Therefore, it could be that $_SESSION["eCartSMC_OrderID"]; is wiped and PayPal has nothing to work with?

I would appreciate clarification on $ATC_itemID as if that's the invoice ID then I should probably look to make that:
$ATC_itemID = ". $rsEDITFORM->getColumnVal("SMCorderID") .";

Thank you.
NJ

I don't think the issue is in this code. I think it is in the checkout code with paypal. Probably the code on the pp_confirm.php page if you are using express checkout, or on confirm.php if you are using direct payments.

Please attach that page and I'll take a look.

I understand that we are using Express Checkout, but that we have removed the option to pay with card - you had helped me set the page to automatically select PayPal and show the 'Continue' button. I attach both pages.

Thank you.
NJ

on pp_confirm.php try adding the invoice id after the taxtotal al ine 138, so this:

$WA_PP_ECO_Do_optional[0][$nextIndex] = "TaxTotal";
  $WA_PP_ECO_Do_optional[1][$nextIndex] = "".$eCartSMC->GetTax()  ."";
  $nextIndex = count($WA_PP_ECO_Do_optional[0]);

becomes:

$WA_PP_ECO_Do_optional[0][$nextIndex] = "TaxTotal";
  $WA_PP_ECO_Do_optional[1][$nextIndex] = "".$eCartSMC->GetTax()  ."";
  $nextIndex = count($WA_PP_ECO_Do_optional[0]);
  $WA_PP_ECO_Do_optional[0][$nextIndex] = "InvoiceID";
  $WA_PP_ECO_Do_optional[1][$nextIndex] = "".session_id()  ."";
  $nextIndex = count($WA_PP_ECO_Do_optional[0]);

That should prevent duplicate transactions during the same session.

What will PayPal do if there is a duplicate transaction, or will this change in the code simply prevent that from ever happening in the first place?

What does appear to be happening, when a problem has occurred, is that when the user attempts to submit the order again, it hasn’t carried over the ItemName or ItemDescription, or sometimes those are muddled. On quite a few occasions, also, PayPal takes two payments so even though it reports an error, they still process the payment. The customer is returned to the website on the first fail, so as far as they can see, unless they check their email and see the receipt from PayPal, they have still to pay because the order shows as payment outstanding because PayPal doesn’t arrive at the page that updates the order status ID.

Appreciate the help Ray, thank you.
NJ

Sorry, do I need to change the session_id() reference to be the name of the session or should it just be left as session_id()?

Where I'm confused on this is that the Add to Cart behaviour has this for people who are new customers:

$ATC_itemID = $_POST["eCartSMC_1_ID_Add"];

The itemID, in the above instance, is being populated by this:

<input type="hidden" name="eCartSMC_1_ID_Add" value="<?php echo($rsEDITFORM->getColumnVal("SMCformID")); ?>">

However, for returning customers it's this:

$ATC_itemID = $_SESSION["eCartSMC_OrderID"];

Which is populated by the session value eCartSMC_OrderID.

We have two different tables with the following primary key fields...
1) Forms (SMCformID)
2) Orders (SMCorderID)

Customers complete the form - it inserts a new record in the Forms table with a unique SMCformID and a session value of NEWformID - and when they press the "Finish" button on the last page of the form, it creates a new record in the Orders table with a unique SMCorderID and a status ID indicating that payment is outstanding.

The INSERT behaviour for the Orders table creates the following session value:
$InsertQuery->saveInSession("eCartSMC_OrderID");

Once that's done, the customer is presented with the Add to Cart button. Should the Add to Cart behaviour actually have this for itemID?:
$ATC_itemID = $_SESSION["eCartSMC_OrderID"];

...and for returning customers:
$ATC_itemID = "". $rsEDITFORM->getColumnVal("SMCorderID") ."";


This is all on the assumption that $ATC_itemID is the unique ID that's passed to PayPal, however I'm not clear on that. SMCformID is the only product that should be able to be added to the cart, so I'm wondering if, actually, it's the NEWformID session that should be the $ATC_itemID?

Hoping that you can help me un-muddle this.
Thank you.
NJ

The only line that I think you need to change is the one I gave you. It does not need any code removed or changed.