Callum MacGregor

To be clear, it is not just one user. It is a large and increasing number of users. With one user I checked their browser plugins and they didn't have anything that should affect it. Also, this same user fixed it by using a Edge rather than Chrome. This leads me to believe its a HTML/Javascript/browser compatability issue, but I am of course speculating. I can try and find a user willing to help test and see what happens after disabling plugins/apps.

Hello, yes I updated to 4.7.16 and cleared all caches, the problem persisted. I can't very easily disable all applications as that will cause service disruption. But if it was a plugin/application surely it would affect all users, not just _some_ ?

Hello, I am not sure exactly when the issue started, but we are seeing an increasing number of users unable to login. This happens after a purhcase is made, at which point 2fa is required by the user. Upon trying to login, the user gets kicked backed to https://<domain>/?_mfaLogin=1 but no 2fa popup appears and the user cannot log in. I know this is definitely a problem with users on Chrome, unsure about other browsers. The issue has steadily been increasing for the last few months now and is causing a serious problem. Any help appreciated, thanks.

It is a standard product with renewals.

I've encountered a bug in the commerce application whereby a user can generate a renewal invoice for their current active product, then change their renewal term after generating the invoice. Upon paying the invoice the amount paid is that of the original renewal, but the renewal term is whatever the user changed it to. So for example. Let's say I generate my renewal incvoice for 1 day at £1. Before paying it, I can change my renewal term to 30 days for £30. I then pay the invoice for £1 but the renewal term given to me is 30 days. I therefore got £29 worth of product for free. This also works inversely.

Thank you for the clarification.

Yeah, until they scrap pages too 😄

I got it working now. Thanks @Adriano Faria for offering to help. I had to create a dummy extension in admincp, then the extensions.json was created correctly. This is exactly why I am so reluctant to upgrade Invision to newer versions.

I don't have an extensions.json file, its an old application. I'll try and create it myself.

Its my own application. For a bit more information, in the admincp the extension does show up as expected: However, I logged what ItemsIterator collects from \IPS\Application::allExtensions call, and my extension is no longer listed there:

I have an application that creates a custom commerce package, extending \IPS\nexus\Invoice\Item\Charge. Up until the latest update it worked fine, but since the latest update the ItemsIterator expects all extensions to be in the 'nexus' application, and therefore cannot load the class of my package object. How it works now, I don't think its possible any more to create custom chargable items, but I desperately need this functionality.

You're right, its working as intended. I would say that opting to store billing details wouldn't necessarily count as giving consent for continuous billing; but that's a separate issue. But back to the main topic: please could I officially request the ability to disable automatic billing for account credit? Or if its not possible to do it on a granular level, to disable automatic billing entirely for all payment methods.

There is no such setting for account credit, so payment is taken for users automatically who have enough account credit to cover it. EDIT: Sorry I forgot to clearly clarify in the original post that this affected account credit only.

In the automated task generateRenewalInvoices.php, Commerce will try to automatically take payment when a renewal invoice is generated (and a billing address is stored). While I don't think this is wrong necessarily, its not behaviour I desire, and my customers definitely do not want this. The offending line of code is: /* Try to take payment automatically, but *only* if we have a billing address (i.e. the customer has a primary billing address set) otherwise we don't know how we're taxing this and the customer will need to manually come and pay it - we can skip this if tax has not been configured */ if ( $invoice->billaddress OR \count( $availableTaxes ) === 0 ) I would request to have an option to disable this, as right now I have to comment this code out manually to prevent my users from being charged automatically (even if it is to account credit). Kind Regards.

Thanks for reporting it as a bug. I'll await the fix as it does appear to still be an issue even in the latest update.

User ID: 105995 The user is banned now, for obvious reasons, but wasn't at the time. EDIT: I actually think I might know why. Maybe Maxmind changed their API results format, because in the code within Rule.php, the expected syntax is 'riskScore'. But in the maxmind API response, its 'risk_score'. Rule.php: /* Score */ if ( $this->maxmind ) { if ( !$this->_checkCondition( $maxMind->riskScore !== NULL ? $maxMind->riskScore : round( $maxMind->score * 10 ), $this->maxmind, $this->maxmind_unit ) ) { return FALSE; } } Maxmind API response for this particular transaction (redacted): risk_score : 99

No, the user is not a reseller.

Hello I think commerce fraud rules are broken. I had a transaction that came back with a 99% risk score from maxmind, but was approved anyway, despite the second rule in my anti-fraud rule set being to refuse any transaction with a score greater than 55%.

Email ticket support is not primarily how it works. Its an optional component to the ticket system that without, it can continue to function perfectly fine.

Why bother paying your developers when your customers will do it for you for free, right? Same attitude that EA takes with "LiVe SupPorT" aka using paying customers to test their unfinished games for them with no cost.

From the link you sent I can see this, which is the app I need to update. How did it even expire to begin with? Anyway, if I go through the marketplace in my admincp to update the app (as is the recommended way), I am only shown the option to re-purchase again at full price:

It seems like every time I need to update an app, I have to buy it at full price again, despite having done that multiple times? If I buy an app it should be mine, this subscription model is just capitalist madness. Same goes for an IPS update: it seems like every major IPS update breaks every app I own, then I have to rebuy all the apps again in order to get the fixed version. As it stands, I am just not updating my IPS installation any more because of this exact situation. Who made the decision to employ this model, and what is my motivation to upgrade if every time I do I have to spend a bunch of money on getting a fixed app?

Line 1224 in applications\nexus\sources\Fraud\Rule.php is currently: 'subscriptions' => iterator_to_array( \IPS\Db::i()->select( 'p_id', 'nexus_member_subscription_packages' ) ), But should be 'subscriptions' => iterator_to_array( \IPS\Db::i()->select( 'sp_id', 'nexus_member_subscription_packages' ) ), Trying to check my anti-fraud rules in the admincp results in the following exception due to the this faulty code: SELECT p_id FROM `nexus_member_subscription_packages` IPS\Db\Exception: Unknown column 'p_id' in 'field list' (1054) #0 /var/www/vhosts/[snipped]/httpdocs/system/Db/Select.php(388): IPS\_Db->preparedQuery() #1 /var/www/vhosts/[snipped]/httpdocs/system/Db/Select.php(446): IPS\Db\_Select->runQuery() #2 [internal function]: IPS\Db\_Select->rewind() #3 /var/www/vhosts/[snipped]/httpdocs/applications/nexus/sources/Fraud/Rule.php(1224): iterator_to_array() #4 /var/www/vhosts/[snipped]/httpdocs/applications/nexus/sources/Fraud/Rule.php(102): IPS\nexus\Fraud\_Rule->isSubsetOf() #5 /var/www/vhosts/[snipped]/httpdocs/system/Patterns/ActiveRecord.php(335): IPS\nexus\Fraud\_Rule->get__description() #6 /var/www/vhosts/[snipped]/httpdocs/system/Node/Controller.php(223): IPS\Patterns\_ActiveRecord->__get() #7 /var/www/vhosts/[snipped]/httpdocs/system/Node/Controller.php(113): IPS\Node\_Controller->_getRow() #8 /var/www/vhosts/[snipped]/httpdocs/system/Helpers/Tree/Tree.php(130): IPS\Node\_Controller->_getRoots() #9 /var/www/vhosts/[snipped]/httpdocs/system/Node/Controller.php(99): IPS\Helpers\Tree\_Tree->__toString() #10 /var/www/vhosts/[snipped]/httpdocs/applications/nexus/modules/admin/payments/fraud.php(66): IPS\Node\_Controller->manage() #11 /var/www/vhosts/[snipped]/httpdocs/system/Dispatcher/Controller.php(118): IPS\nexus\modules\admin\payments\_fraud->manage() #12 /var/www/vhosts/[snipped]/httpdocs/system/Node/Controller.php(69): IPS\Dispatcher\_Controller->execute() #13 /var/www/vhosts/[snipped]/httpdocs/applications/nexus/modules/admin/payments/fraud.php(54): IPS\Node\_Controller->execute() #14 /var/www/vhosts/[snipped]/httpdocs/applications/nexus/modules/admin/payments/paymentsettings.php(81): IPS\nexus\modules\admin\payments\_fraud->execute() #15 /var/www/vhosts/[snipped]/httpdocs/system/Dispatcher/Controller.php(118): IPS\nexus\modules\admin\payments\_paymentsettings->__call() #16 /var/www/vhosts/[snipped]/httpdocs/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #17 /var/www/vhosts/[snipped]/httpdocs/minad/index.php(13): IPS\_Dispatcher->run() #18 {main}

Thanks for this, I have forced a password reset. Also thanks @Marc Stridgen for your assistance. I'll consider this resolved now.

I was searching for a way to do this but couldn't find any. Is there an option within admincp?