Home → Problems →

Bug in PHP API library

• Edit

Frank Koehl

14 Sep, 2009 09:30 PM

The CheddarGetter_Client::editCustomer() method does not appear to use the correct URL (line 315). Assuming the request uses a customer code, the method issues a request with this URL...

/customers/edit//code/YOUR_CUSTOMER_CODE

Note the double slash after edit. After removing the extra slashes, my tests still report back this XML error document...

In both cases -- the original URL and my attempted fix -- the API reports back this XML error doc...

<?xml version="1.0" encoding="UTF-8"?><error code="412">Precondition Failed: Array ( ) </error>

However, this URL does not appear anywhere in the API docs, so I guessed it might be outdated. The seemingly correct URL, listed under "Update a Customer and Subscription," was ...

/customers/edit/productCode/MY_PRODUCT_CODE/code/MY_CUSTOMER_CODE

I tried to apply this logic to the method by changing the URL to read as follows...

'/customers/edit/productCode/' . $this->_productCode . (($id) ? 'id/'.$id : 'code/'.$code)

This URL reports a new error...

<?xml version="1.0" encoding="UTF-8"?><error code="400">Bad request: User [email blocked] does not have access to productCode=FWDVAULTcode</error>

What concerns me here is the string 'code' tacked onto the end of the product code (productCode=FWDVAULTcode) . It looks as if the API has a malformed variable somewhere, so I need you to take over from here, Marc. :)

1. Support Staff 1 Posted by Marc Guyer on 14 Sep, 2009 10:21 PM

   

   There's something fishy going on there. There were some extraneous quotes in some of the path definitions in the Client object but extra slashes are no big deal in http. I've removed them for good measure.

   The product code is added on line 441 if it exists. The __call method enforces the productCode requirement for methods that require it. So, line 441 should be adding the productCode. If you want to see the url, you'll need to test it with a die() at line 442 or so. If the productCode isn't there for a /customers/edit call, CG will return an error like this:

   <?xml version="1.0" encoding="UTF-8"?><error code="400">Bad request: No product selected. Need a productId or productCode.</error>
   

   It shouldn't be possible to get an error result of "Precondition Failed: Array ( )". If there isn't something in that array, then a precondition didn't fail. That's weird. I'd like to get to the bottom of that but I'd need some more info. I'd be a big help if you just temporarily added the following just before the "if (class_exists('..." line at around line 445 and post the result back here:

   echo $url . "\n";
   die(print_r($args, true));
   

   Your attempted fix just introduced a bug of it's own:

   '/customers/edit/productCode/' . $this->_productCode . (($id) ? 'id/'.$id : 'code/'.$code)
   

   You're missing a slash after the _productCode variable. That's not the fix but if it were, it should be like this:

   '/customers/edit/productCode/' . $this->_productCode . '/' . (($id) ? 'id/'.$id : 'code/'.$code)
   

   I suppose I don't have a straight answer for you. I've just been thinking out loud, so to speak.

   • Edit

2. 2 Posted by Frank Koehl on 15 Sep, 2009 05:04 AM

   

   True, extra slashes shouldn't be a problem, but they can cause havoc with mod_rewrites. Not knowing the inner workings of the API I thought it safe to err on the side of caution, as you suggest.

   I see where the product code is added to the mix, that is obviously not the issue. I also see how my missing slash caused the "400 Bad Request" error. Also a dead end. Accounting for both of those things, I am still getting the "412 Precondition Failed" error.

   Here is the result of the output for the debug code you provided...

   https://cheddargetter.com/xml/customers/edit/code/1/productCode/FWDVAULT
   Array 
   (
       [firstName] => Frank
       [lastName] => Koehl
       [email] => [email blocked]
       [subscription] => Array
       (
           [planCode] => STD_VAULT_MONTH
           [ccFirstName] => Frank
           [ccLastName] => Koehler
           [ccNumber] => 4007000000028
           [ccExpiration] => 04/2011
           [ccZip] => 90210
       )
   )
   

   I see what you're after with your debug code. So for what it's worth, here is the actual array I am passing, along with the call to editCustomer...

   $data = array(
     'firstName' => 'Frank',
     'lastName'  => 'Koehl',
     'email'     => '[email blocked]',
     'subscription' => array(
       'planCode'      => 'STD_VAULT_MONTH',
       'ccFirstName'   => 'Frank',
       'ccLastName'    => 'Koehl',
       'ccNumber'      => '4007000000028',
       'ccExpiration'  => '04/2011',
       'ccZip'         => '90210'
     )
   );
   $CheddarGetter->editCustomer('1', null, $data);
   

   • Edit

3. Support Staff 3 Posted by Marc Guyer on 15 Sep, 2009 02:41 PM

   

   Wow -- all that trouble. It's always some mundane detail. It just turns out that the error message wasn't getting back to you. It's this:

   [ccNumber] => Array
       (
           [ccnumChecksum] => '4007000000028' is not a valid credit card number
       )
   

   I'm still working on the error messaging fix but this info should get you going.

   • Edit

4. Marc Guyer closed this discussion on 15 Sep, 2009 02:41 PM.

5. Frank Koehl re-opened this discussion on 15 Sep, 2009 03:07 PM

6. 4 Posted by Frank Koehl on 15 Sep, 2009 03:07 PM

   

   Yeah its not a valid number, but in with Auth.net in test mode that shouldn't matter, should it?

   Actually, I'm fairly certain it doesn't, because I am getting test mode charge receipts from Auth.net based on these attempted transactions. So you may have a bigger problem beyond the error message.

   The amount charged is wrong ($1.00), but I don't know if that's because Auth.net is set to test mode, or something that CG is doing.

   You've got my email, send me a message so i can forward one of these along to you for consideration.

   • Edit

7. Support Staff 5 Posted by Marc Guyer on 15 Sep, 2009 08:09 PM

   

   It needs to be valid at the checksum level at least. So, it doesn't need to be a real card, it just needs to pass the checksum test.

   Are you sure you're getting charge receipts for the cc number ending in 0028?

   Authnet runs the card for an auth-only transaction of $1 when in test mode. In live mode it's $0.01. Not sure why they are different. The CIM does this to ensure that the cc is legit.

   • Edit

8. Support Staff 6 Posted by Marc Guyer on 15 Sep, 2009 08:10 PM

   

   Oh, and I did find what caused the error message to get stuck. The fix is deployed.

   • Edit

9. 7 Posted by Frank Koehl on 16 Sep, 2009 03:00 PM

   

   Alright now we're getting somewhere. Moving on to bigger and better bugs. :)

   The subscription was submitted correctly, however it did not update the subscription, but added another to the account. You can see these for yourself in my account under the lone customer. Is that a bug or a feature?

   So I decided to give the cancel subscription code a shot. That doesn't seem to go to the correct URL, as it spit back an HTML document. Here's the url being called in CheddarGetter_Client::request()...

   https://cheddargetter.com/xml/customers/cancel/code/1/productCode/F...

   And here's the response I get...

   Warning: DOMDocument::loadXML() [domdocument.loadxml]: Opening and ending tag mismatch: html line 1 and body in Entity, line: 39 in /home/fwdvault/frontend/includes/classes/CheddarGetter/Response.php on line 29

   Fatal error: Uncaught exception 'CheddarGetter_Response_Exception' with message 'Response failed to load into the DOM.
   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> CheddarGetter <!--[if IE 7]> <link rel="stylesheet" href="/styles/ie7.css" type="text/css" media="screen, projection" /> <![endif]-->

   You've been logged out due to inactivity. Please login below.

   
   • Edit

10. Marc Guyer closed this discussion on 16 Mar, 2010 04:21 PM.