Double registration/payment on single submission

WordPress Event Management, Calendars & Registration Forums Report A Bug Double registration/payment on single submission

This topic contains 6 replies, has 2 voices, and was last updated by  Tristan Tamplin 7 years, 6 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • September 29, 2016 at 11:03 am #24453

    Hi Stephen.

    I searched the forums to see if there were any other reports of this issue and I didn’t find any.

    We’ve been using Pro with the Authnet gateway extension on two sites for a couple of years now. About a month ago, my client started reporting instances of multiple bookings (and payments) for what should have been a single registration/purchase. In one case, they were able to contact the user who was fairly confident they had only clicked the “Register” button once.

    In most cases, two registrations were recorded in the bookings section, and two payments were approved at Authnet. In one case, there were three of each. They all have the same time listed in their bookings, and they are processed about a second or two apart at Authnet.

    At a minimum, it’s imperative to stop the multiple charges. I can do this if we send the bookee’s IP address to Authnet, but I don’t think that info is currently captured during registration.

    Do you have any ideas about what could be causing this? Please feel free to contact me if you need further details.

    Thanks,

    Tristan

    Tristan Tamplin
    September 29, 2016 at 9:19 pm #24459

    Hi Tristan,

    I’ve not had this report elsewhere, but the Authorize.net extension does not disable the button when the user clicks submit (unlike the Stripe extension) – so there is a possibility the user has clicked ‘Book now’ twice.

    The only other possibility is that there is a plug-in conflict of some sort, which is causing the plug-in’s internal hooks/events to fire multiple times. This would be, in my view, extremely unlikely. It was also result in consistently duplicated bookings – so if you’re only seeing some then that would rule that possibility out.

    I shall aim to get an update to the authorize.net extension out as soon as possible which would disable the submit button. I’ll look into submitting the IP address to Authorize.net if this would also help prevent duplicate bookings.

    Stephen Harris
    September 29, 2016 at 10:01 pm #24462

    Just wanted to follow up on this, I’ve checked, and the plugin does send the customer IP address.

    Also, Authorize.net’s API allows you to set a x_duplicate_window field to prevent duplicate transactions (defaults to two minutes). However, in comparing potential duplicates, it does appear to compare the invoice ID – which would correspond to the booking ID – so this is unlikely to help in this instance.

    Once the update is released, please let me know if the problem persists as we can set up some logging on your server to determine the execution paths of the bookings and their duplicates – this should tell us why they are being created twice.

    Stephen Harris
    September 29, 2016 at 10:06 pm #24463

    Tristan,

    Apologies for the barrage of replies. Can you confirm your Event Organiser Pro version? As the plug-in may already disable the booking form submit button once its first clicked. If so, this effectively rules out users double-clicking the button.

    If so, I’ll be in touch via email about how to go about diagnosing the problem.

    Stephen Harris
    September 30, 2016 at 11:03 am #24465

    Hi Stephen.

    Thanks for looking into this, and sorry for the delay. Here are the versions we are using:

    Pro: 1.11.7
    Authnet: 3.7

    The site also uses the latest versions of ACF and WooCommerce.

    You can set a limit on the speed of transactions that will be processed by Authnet from any given IP address, so that was the fallback plan. If we send the IP and I’ve set a limit of say, 1 transaction per minute, that should at least prevent multiple payments being made.

    Tristan Tamplin
    September 30, 2016 at 1:15 pm #24474

    Hi Tristan,

    It sounds like adding the IP restriction will fix the symptom. If you wanted to diagnose the cause you can try this snippet (put it in a mu-plugin, or similar) to log when a booking is made, to which gateway and the execution path:

    <?php

add_action( 'eventorganiser_pre_gateway_booking', function( $booking_id, $booking, $gateway, $form->errors, $form ) {

    error_log( "Booking $booking_id with gateway $gateway" );
    error_log( wp_debug_backtrace_summary() );

}, 1, 5 );

    If you find that a booking is duplicated, check for the the corresponding lines in your error logs, and feel free to paste the corresponding logs over. Of particular interested is what is logged from wp_debug_backtrace_summary() – this will be a list of function calls that describe the execution calls. This will help determine why the booking is being created twice.

    Stephen Harris
    September 30, 2016 at 3:34 pm #24479

    Thanks for spending so much time on this. I’ll update our settings at Authnet to limit the transaction velocity by user IP and then I’ll modify their error logging as you suggest. I’ll keep you posted as and when I learn anything new.

    Do you want to keep this thread open or switch to email?

    Tristan Tamplin
  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
To enable me to focus on Pro customers, only users who have a valid license for the Pro add-on may post new topics or replies in this forum. If you have a valid license, please log-in or register an account using the e-mail address you purchased the license with. If you don't you can purchase one here. Or there's always the WordPress repository forum.