monero-integrations / monerowp Goto Github PK
View Code? Open in Web Editor NEWMonero WooCommerce Plugin for Wordpress
License: MIT License
Monero WooCommerce Plugin for Wordpress
License: MIT License
Generating a Monero address
I have tried everything:
Setting MySQL permssions to 3306
Installed Curl and Json
Restarted nginx countless times
What should I do now?
The payment gateway class stores the exchange rate in $_COOKIE['rate']
. Cookies can be modified by the HTTP client (web browser). This effectively allows customers to modify prices. To fix, remove the rate cookie altogether and store the exchange rate in the database or another server-side cache.
Source of exploit:
monerowp/monero/include/monero_payments.php
Line 166 in 5d043b0
Cheers,
– Evan
Deprecate JQuery
Improve the payment box
Describe the bug
The monero --> payments tab throws an uncaught exception: "There has been a critical error on this website. Please check your site admin email inbox for instructions."
Here is the stack:
An error of type E_ERROR was caused in line 104 of the file /var/www/html/wp-content/plugins/woocommerce/includes/data-stores/abstract-wc-order-data-store-cpt.php. Error message: Uncaught Exception: Invalid order. in /var/www/html/wp-content/plugins/woocommerce/includes/data-stores/abstract-wc-order-data-store-cpt.php:104
Stack trace:
#0 /var/www/html/wp-content/plugins/woocommerce/includes/class-wc-data-store.php(159): Abstract_WC_Order_Data_Store_CPT->read()
#1 /var/www/html/wp-content/plugins/woocommerce/includes/abstracts/abstract-wc-order.php(114): WC_Data_Store->read()
#2 /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/admin/class-monero-admin-payments-list.php(154): WC_Abstract_Order->__construct()
#3 /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/admin/class-monero-admin-payments-list.php(135): Monero_Admin_Payments_List->get_order_link()
#4 /var/www/html/wp-admin/includes/class-wp-list-table.php(1452): Monero_Admin_Payments_List->column_default()
#5 /var/www/html/wp-admin/includes/class-wp-list-table.php(1392): WP_List_Table->single_row_columns()
#6 /var/www/html/wp-admin/includes/class-wp-list-table.php(1379): WP_List_Table->single_ro
To Reproduce
Steps to reproduce the behavior: not entirely sure. I made a few sales, then it broke. To see where it is breaking specifically:
Expected behavior
It should show a total of 4 orders instead of 1 before throwing the error. The other orders are cancelled/refunded orders; perhaps there is some uncaught logic for this page handling those types of orders? I am happy to help debug this in any way I can.
WordPress version 5.8
Current theme: Storefront (version 3.7.0)
Current plugin: WooCommerce (version 5.5.2)
PHP version 7.4.3
Any help appreciated. My site is live and still functioning, but being unable to see past-orders is way too cumbersome if my site were due to any high-volume.
A whole refresh on the page via javascript isn't that pretty. Instead if the payment form can be embedded into the page via an iFrame there wouldn't be a big refresh on the whole page; only the things needing to be refreshed.
This can be accomplished by creating a view and then referencing that view inside the iFrame.
I installed plugin on my WordPress with Woo-commerce located in Tor with onion address. Everything is configured.
But on checkout page when I hit "Place Order" there is error message displayed: Internal Server Error.
Info from logs:
2021/05/13 09:36:35 [error] 16899#16899: *11 FastCGI sent in stderr: "PHP message: PHP Warning: Attempt to read property "rate" on null in /var/www/website/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 757PHP message: PHP Fatal error: Uncaught DivisionByZeroError: Division by zero in /var/www/website/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php:238
Stack trace:
#0 /var/www/website/wp-content/plugins/woocommerce/includes/class-wc-checkout.php(971): Monero_Gateway->process_payment()
#1 /var/www/website/wp-content/plugins/woocommerce/includes/class-wc-checkout.php(1186): WC_Checkout->process_order_payment()
#2 /var/www/website/wp-content/plugins/woocommerce/includes/class-wc-ajax.php(466): WC_Checkout->process_checkout()
#3 /var/www/website/wp-includes/class-wp-hook.php(292): WC_AJAX::checkout()
#4 /var/www/website/wp-includes/class-wp-hook.php(316): WP_Hook->apply_filters()
#5 /var/www/website/wp-includes/plugin.php(484): WP_Hook->do_action()
#6 /var/www/website/wp-content/plugins/woocommerce/includes/class-wc-ajax.php(90): do_action()
#7 /var/www/website/wp-includes/class-wp-hook.php(292): WC_AJAX::do_wc_ajax()
#8 /var/www/website/wp-includes/class-wp-hook.php(316): WP_Hook->apply_fil" while reading response header from upstream, client: 127.0.0.1, server: toraddress.onion, request: "POST /?wc-ajax=checkout HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "toraddress.onion", referrer: "http://toraddress.onion/checkout/"
Probably plugin can't get proper Monero price from ???somewhere???
Because when I put shortcode [monero-price currency="USD"]
it shows 1 XMR = 0.00000 USD
logs:
2021/05/13 09:47:45 [error] 16899#16899: *48 FastCGI sent in stderr: "PHP message: PHP Warning: Attempt to read property "rate" on null in /var/www/website/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 757" while reading upstream, client: 127.0.0.1, server: toraddress.onion, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "toraddress.onion", referrer: "http://toraddress.onion/checkout/"
The issue is probably related to this:
include/class-monero-gateway.php $currencies = implode(',', self::$currencies); $api_link = 'https://min-api.cryptocompare.com/data/price?fsym=XMR&tsyms='.$currencies.'&extraParams=monero_woocommerce';
When I visit cryptocompare API link i see json with line:
Message | "You are over your rate limit please upgrade your account!"
I see this code hasn't been updated recently. Will it continue working after the V8 upgrade?
I am looking for a simple plugin/script/whatever for accepting monero on a simple shop i set up on a vps. Its a text based, apache server. I dont know how to use php or whatever. I just want something that works, or comes with a step by step guide I can follow.
For some reason payments no longer show up when they are paid. It generates a valid subaddress and the wallet gets the funds, yet the order status and payment status in general do not work. The transactions can be verified through the xmrchain website. However the extension fails to do it automatically.
Hello,
I am trying to integrate the plugin with my store but I have no settings shown in the configuration page : http://i.imgur.com/VRXGbKA.png
Hello there,
monerowp/monero/include/monero_payments.php
Line 399 in 2140291
To pay 1XMR, If I issue two payments of .5XMR instead of a single 1XMR payment, this check will fail, but I still paid in full. So this verification will fail for some cases. Just wanted to give you a heads up, might be of interest to improve the check.
Cheers.
I use the monerowp code for a few customers on my system. I am in an unusual position regarding the connection the code makes to third party sources. This connection can become undone on my system, which uses a SOCKS proxy to reach a server which gives it Internet connectivity. Basically everything goes thorough a transproxy (redsocks) and to this remote server. This complicated setup sometimes goes down for a while, and monerowp runs but on outdated prices.
The code for this extension would be much improved if it kept note in the database of when it was last able to conect. Then you could have an option one sets on how long without a connection it takes until the checkout goes offline automatically. The current code when it loses the connection keeps running, but with outdates Monero prices.
Looking at the code one would just need to add a config option to set how long the system goes without Internet before going down. It could just check the timestamp in the table for Monero prices. One should also be able to choose a message to display when the Monero checkout goes down from the timeout.
I installed this plugin from the add plugins menu within woocomerce, added wallet address and viewkey. Go to checkout and get this error message:
Notice: Trying to get property 'rate' of non-object in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 774 Warning: Division by zero in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 721 Notice: Trying to get property 'rate' of non-object in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 774 Warning: Division by zero in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/class-monero-gateway.php on line 721 0.000000000000 XMR
Wordpress running on linode public internet not tor.
Checked the db and the live rates table is empty.
Let me know what I should check next.
XMR defaults payments due at 12 digits. Wallets only send XMR at 8 digits. This causes orders to cancel because of partial payment.
Can this be changed to 8 instead of 12 at check out? If so, how to do it.
Thank you.
Describe the bug
The extension doesn't allow the use subadress. The error message is : Monero Gateway Error: Monero address is invalid
I've double checked, triple checked the adress is correct !
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Subadress is a key feature of Monero and should works
Desktop (please complete the following information):
Warning: call_user_func_array() expects parameter 1 to be a valid callback, class 'Monero_Admin_Interface' does not have a method 'orders_page' in /home/customer/www/astroadvisor.com/public_html/wp-includes/class-wp-hook.php on line 292
This is a new warning code I noticed. Is this anything important to fix?
Thanks if anyone knows!
I ran monero wallet rpc with
"monero-wallet-rpc.exe --daemon-address xmr.getmonero.us:18081 --rpc-bind-port 18083 --wallet-file *** --password *** --disable-rpc-login"
and then i installed this plugin and connected to wordpress well.
but when i try to check out sample product, it is displaying
"Payment error:The price for Monero could not be retrieved. Please contact the merchant."
My host OS is window 10 pro. and I tested in MAMP. I would appreciate if you help me.
Have a good day
CoinMarketCap is halting their Public API and requiring a API Key to use their calculations (later this year).
https://coinmarketcap.com/api/
"The Public API will be migrating to the new, more powerful Professional API on December 4th, 2018. Please update your application to use the free tier of the Professional API before then. "
Wrong permissions
http://cdn.monerointegrations.com/logomonero.png
After enabling this plugin, in Woocommerce->General->Currency Options->Currency the dropdown list is now empty. If I make any change in woocommerce and Save then it saves it with no currency (all the $ symbols disappear from the website). The solution is always to disable the monero gateway plugin, fix the currency in Woocommerce and enable the plugin again.
(Using monerowp pre-release 2.1)
Hey guys,
Where is the latest code?
The Wordpress plugin has a version of 2.1.1 but this cloned repo shows v 2.0 with SerHack as the author.
When using Monero as payment on product variations it does not get completed.
I have looked in the source code and it does not take into account that variations have a different product-id.
This function will just look for the main product-id and not the variation-id.
monerowp/include/class-monero-gateway.php
Lines 770 to 784 in fcedf21
It possible monero wordpress integration for the user has javascript disabled?
I understand ajax movement to customer-privacy of increase of the side, but I absolutely necessary for my site being able to process transaction of customers that has javascript disabled.
What necessary change for this repository provides fall-back support for users with javascript disabled?
Example, the possible to add to customer/order-page.php so html refresh happen if ajax no possible when fall-back? https://github.com/monero-integrations/monerowp/blob/master/templates/monero-gateway/customer/order-page.php
<noscript><meta http-equiv=”refresh” content="10" /></noscript>
Any one other necessary changes for javascript can it gives fall-back support?
Hello everyone,
We would Monero almost everywhere. For this reason, I think I should submit plugin to Wordpress.org
There are few things that I develop before submitting
Hi
I created a shop and add 2 test products with normal price in USD. After install plugin enabled it and add all data and enable payment option, I saw thats my products have price in minus. i dont know what happen. if i turn off addon prices are normal in dolar.
Can You help me resolve this?
See #69
Describe the bug
Despite using the option to disable javascript, the checkout page for payment shows a javascript warning that is pessimistic and says things will not work without it. However it does work without it provided one manually refreshes the page to check payment status. The notice should reflect that reality better and just tell users they need to mash F5.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The Monero payment/checkout should display a different warning to users that merely informs them to manually refresh to keep track of orders they have made.
The Monero amount of the order isn't set in stone when order is created but instead calculated and updated on every page refresh. This leads to discrepancies when an individual pays and the amount it's looking for. Especially when there is high volatility on the price.
Ideally the amount of xmr would be set on the order creation and not updated on every refresh.
Hi there,
How we can use the monero testnet account to test payments. If I create a testnet account and then go ahead configure the payment gateway using wallet address and secret view key it goes for normal checkout process and asks for the payment at the end.
But the wallet address it's providing in the end gives invalid error when I try to pay the required coins from my testnet wallet. It looks like it's generating new kind of address.
Can you please help, that how we can test the payment gateway using the monero testnet.
Thanks ,
Shan
I was testing the latest beta code (3.0) and the Qr code shows correct address and payment id but incorrect amount. For example 0.758 xmr is shown as 758 in the qr code but correctly in the Total due: text.
The Pay to: text show 105 chars out of 106 of the integrated address.
Describe the bug
xmrchain.net is the only payment processing API
xmrchain.net is currently offline (for 3 days!)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Working plugin
add 2nd payment processing api
add fallback: if 1st api not working -> try 2nd api
maybe: https://localmonero.co/blocks/api
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Suggested Resolution:
add 2nd payment processing api
add fallback: if 1st api not working -> try 2nd api
maybe: https://localmonero.co/blocks/api
Even if the addresses are different, a customer can place two orders and pay for one, then two orders are sent.
This is something I discovered using the cryptowoo fork of this plugin
Only local based style.css works, not the one from CDN.
Hi, would you be able to support other coins like Electroneum, AEON, SumoKoin, etc?
Hey,
It seems monero_payments.php is vulnerable to a SQL injection via $payment_id
.
monero_payments.php#L319
monero_payments.php#L331
monero_payments.php#L334
Take a look at the wpdb docs on Protecting your Queries for some tips.
Thanks for helping bring XMR to the masses!
Gerry
On xmrchain.net it says “payment_id8” instead of the previous “payment_id”. The “payment_id8” is the short payment id and in encrypted form. We need to decrypt the encrypted payment id to compare it with the real payment id (which was used when generating the integrated address. I think I found a function for this in monerowp called stealth_payment_id
with comment this is a one way function used for both encrypting and decrypting 8 byte payment IDs
I called said function like so:
monero_cryptonote()->stealth_payment_id( $tx['payment_id8'], monero_cryptonote()->txpub_from_extra( $tx['extra'] ), $options[ 'xmr_view_key' ] )
However it ends up in an infinite loop in function scalarmult at line 181 in monerowp/include/crypto/ed25519.php
The code below works and this is actually what monero_payments in monerowp is doing with function verify_non_rpc but this is a horrible way to do it for performance. Every single tx in a block is making an api call to xmrchain in the $tools->check_tx function. and that took almost 1 second per tx in the last test I did. For this reason previously I made it so it would check if the tx has a matching payment id before it calls check_tx, rather than calling it for every single tx block by block. As soon as we manage to decrypt the payment_id so we can match it, we can continue having this performance benefit.
$tools = new NodeTools();
$tx_found = false;
foreach ( $txs as $tx ) {
// TODO: Only call check_tx if payment id is found
//$decrypted_payment_id = $tx['payment_id8'] ? monero_cryptonote()->stealth_payment_id( $tx['payment_id8'], $tx['tx_hash'], $options[ 'xmr_view_key' ] ) : '';
//if ( $decrypted_payment_id == $payment_id ) {
$tx_hash = $tx[ 'tx_hash' ];
$result = $tools->check_tx( $tx_hash, $order->address, $options[ 'xmr_view_key' ] );
if ( $result ) {
$tx_found = $tx;
$tx_found[ 'output' ] = $result;
break;
}
//}
}
When I enable this plugin my list of available currencies disappears from the WooCommerce settings, and the dropdown menu says "No matches found". When I deactivate the plugin, this problems goes away and I can see the full list of currencies.
Hello,
When trying to use this for our store, we have noticed the payments are not verified (still shows 0.00 XMR paid). This has been tried with xmrchain block explorer and via monero-wallet-rpc. We have tried poor mans cron, and native cron. It looks like there is no action being executed to actually check the TX's? No TX id's show up under 'wp_monero_gateway_quotes_txids'
When enabling debugging, seem to get this on the Payments page in the admin dashboard:
Notice: wpdb::prepare was called incorrectly. The query argument of wpdb::prepare() must have a placeholder.
And in the PHP error log:
[02-Mar-2019 13:45:59 UTC] user_id was called incorrectly. Order properties should not be accessed directly. Backtrace: require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, WC_AJAX::do_wc_ajax, do_action('wc_ajax_monero_gateway_payment_details'), WP_Hook->do_action, WP_Hook->apply_filters, monero_get_payment_details_ajax, Monero_Gateway::get_payment_details_ajax, WC_Abstract_Legacy_Order->__get, wc_doing_it_wrong. This message was added in version 3.0.
WooCommerce shops can support a large variety of currencies however the monero gateway only supports the following:
USD
EUR
CAD
INR
GBP
COP
SGD
If the currency of your shop is set to something else in the woocommerce settings then the plugin cannot convert the price total of a customers cart into the amount to pay in XMR.
I am having trouble with the altest version of the modules. At first I couldn't get exchange rates, but that turned out to be SELinux and I fixed it up. For a while before that I wrote my own python script which runs on cron to get the price of XMR in euros (EUR). This worked for a while, but I no longer need it.
Currently it is showing this: 1 XMR = 9913.52000 EUR
There is some kind of maths error in the code.
This is more of a feature request than an issue.
I've had multiple customers for some reason have their payments rounded or the last four out of the eight decimal points set to zero. This makes payments fail and gets orders cancelled for sub-one cent worth of XMR.
I was hoping to be able to get a feature that would allow for a percentage discrepancy in the payment amount that'd still let the order go through.
is MoneroWP active and working?
Does this function with WooCommerce currently?
Thanks and limtless peace.
Currently, the Woocommerce Order Status is updated to Completed when the payment is received. Is there any way we can change this to "Processing" rather than "Competed"?
This issue aims to track the progresses about switching to subaddresses, instead of integrated address.
Feature request to add an option to use the average price for a specified update interval instead of updating every minute. This will allow prices to stay the same across the period and will not cause listed prices on the page to mismatch the cart amount when using the show prices in xmr feature.
Hi there
I get this error when putting the monero address into and clicking go (note, have to turn WP_DEBUG to true):
Fatal error: Uncaught Error: Call to undefined function bcdiv() in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/base58.php:313
Stack trace: #0 /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/cryptonote.php(233): base58->decode(Array)
#1 /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/monero_payments.php(277): Cryptonote->verify_checksum('46amisAS55Nei3p...')
#2 /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/monero_payments.php(255): Monero_Gateway->check_monero()
#3 /var/www/html/wp-includes/class-wp-hook.php(286): Monero_Gateway->validate_fields('')
#4 /var/www/html/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(NULL, Array)
#5 /var/www/html/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#6 /var/www/html/wp-admin/admin-header.php(255): do_action('admin_notices')
#7 /var/www/html/wp-admin/admin.php(216): require_once('/var/www/html/w...')
#8 {main} thrown in /var/www/html/wp-content/plugins/monero-woocommerce-gateway/include/base58.php on line 313
These are the settings in MySQL (i have buffered out the address):
a:13:{s:7:"enabled";s:3:"yes";s:5:"title";s:18:"Monero XMR Payment";s:11:"description";s:23:"Pay securely using XMR.";s:11:"use_viewKey";s:2:"no";s:14:"monero_address";s:95:"[--* address *--]";s:7:"viewKey";s:0:"";s:7:"use_rpc";s:2:"no";s:11:"daemon_host";s:23:"oc.node.moneroworld.com";s:11:"daemon_port";s:5:"18089";s:8:"discount";s:1:"5";s:11:"environment";s:2:"no";s:9:"zero_conf";s:2:"no";s:13:"onion_service";s:2:"no";}
Note, this only happens when I put the address in. And it then bricks everything because of the error and then have to edit via MySQL to recover access to WooCommerce / monero settings.
It happens with enabled set to yes
or no
and with default daemon_host
Resolved outdated scripture
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.