MarketPress order status not found for not logged-in users

The automatically generated order status page does never show a result for a correct order id if the user is not logged in. If the user is logged in he/she can look up all order id's - it does not matter if the order is by him/her or by somebody else.
In this thread https://premium.wpmudev.org/forums/topic/order-status-not-working-after-marketpress-3003-update from end of 2015 it is said, that the order status page would be changed so the order status would only be shown if you provide the order id AND the email you used for that order.
Looking into the code for the shortcode mp_order_lookup_form in includes/common/template-functions.php (line 2067 ff.) the generated form does not have an input field for the guest_email, but the code for the shortcode mp_order_status (line 2111 ff.) uses the guest_email to find out, if the request for order details can be fulfilled.
I tried to add the guest_email field to the form successfully, but unfortunately I am unable to proceed from here, because I am not familiar enough with the get_query_var mechanism of Wordpress, and the $guest_email field in mp_order_status is always empty.
But I need a solution for that - better now then with an unknown ETA :wink:
The alternative is, to remove all references from the code for mp_order_status to the guest_email - then it should work as it was in 2.x - just put the order id in....

  • Dimitris

    Hey there Emanaku,

    I trust you're doing great today! :slight_smile:

    The logic behind order status in MarketPress v.3.x.:
    1. If you buy a product while you are logged in, you can't check the status while you are logged out.
    2. If you buy a product when you are logged out, you can't check order status from a different browser, even not from the same browser if you delete cookies.

    As this is more of a feature request rather than support question, I can move that thread in Features & Feedback section for further engagement and consideration. I truly can't provide any ETA on this though.
    Just let me know if you wish to move this thread in that section.

    If you find yourself struggling implementing this, you may want to advise our Jobs & Pros section for this kind of custom/freelance work (no WPMUDEV staff members included!).

    Warm regards,
    Dimitris

  • Emanaku

    Hi Dimitris, thank you for your answer.
    This is NOT a feature request, because the feature has worked in 2.x and was removed without offering a good solution for this.
    Most customers will not have a registration - too much of a fuzz.
    For a developer of WPMUDEV it should be a thing of 10 minutes including testing to built in what was promised more than a year ago (please read the link in the opening post).
    BTW: I consider it as really unfriendly to advice me to pay extra for a feature that somebody at WPMUDEV has removed from a plugin.

  • Adam Czajczyk

    Hello Emanaku!

    I just reviewed the MarketPress code and run some extensive testes on it and I believer there's a bug in the code.

    What you stated in your initial thread is actually true: there is an option to use an e-mail field and apart from adding it to the order lookup form there shouldn't be any need to use an additional code or to play around with "query vars". These are already defined and also used in order status check.

    Furthermore, the check for not-logged in user does actually use that e-mail address already and while the general logic behind it is as my colleague stated (it's not a bug or a removed function, it's a changed workflow with a plugin that has been rewritten from scratch), it should bring back status if the e-mail is submitted.

    The issue here is that it never reads that e-mail. Therefore, regardless whether you add it to the form or not, it always returns an error of the status not being found (unless a user is logged in or a cookie is used).

    I have already submitted a bug report to the plugin developers and I believe they'll be able to fix that. I'm not able to give you an ETA on this and they will have to track down why this e-mail variable is not passed to the order lookup even though it is used in lookup functions and the query var is properly defined.

    Please keep an eye on this thread for further information.

    Kind regards,
    Adam

  • Emanaku

    Thank you, Adam,
    your analysis seems to confirm my findings.
    I added the guest_email field to the form for looking up orders (see opening post).
    Then I looked a bit closer, and found the following (I may have violated some rules how to program a plugin - but your developers can surely fix that easily):
    1. in class-mp-ajax.php function lookup_order() (line 463) looks up, if the order with order-id exists, then the wp_send_json_success sends a redirect URL, but this URL has no reference to the guest email any more. I believe that is why the guest email never shows up in the template-functions.php.
    2. I simply added the guest_mail as a GET parameter to that redirect URL:

    if ( $order->exists() ) {
    				wp_send_json_success( array(
    					'redirect_url' => trailingslashit( mp_store_page_url( 'order_status', false ) ) . $order->get_id() . "?guest_email=".mp_get_post_value( 'guest_email' ),
    				) );
    			}

    3. in template-functions.php function mp_order_status (line 2129) I am getting the guest_email from the $_REQUEST array:

    function mp_order_status( $args ) {
    		$args = array_replace_recursive( array(
    			'echo'     => false,
    			'order_id' => get_query_var( 'mp_order_id', null ),
    			'guest_email' => $_REQUEST['guest_email']			// emanaku: get_query_var( 'mp_guest_email', null ),
    		), $args );

    Now we are getting the guest_email actually here in this function - but it still does not work. Why not?
    4. The tests if the email address is the right one, looks like this (line 2164):

    if ( $order->exists() && (  md5( $order->get_meta( 'mp_billing_info->email', '' )) == $guest_email || md5( $order->get_meta( 'mp_shipping_info->email', '' )) == $guest_email ) ) {
    						$html .= $order->details( false );
    					}

    Why are there md5 calls around the stored mail addresses? These two tests will never succeed, as long as $guest_email contains a plain emal address (maybe the idea was to encrypt the email address somewhere?)
    5. So, if we remove the md5s, then we get what we want. With these tests the order status page finally shows the order details for the order-id, if the guest_email is the one used at the order:

    if ( $order->exists() && (  $order->get_meta( 'mp_billing_info->email', '' ) == $guest_email || $order->get_meta( 'mp_shipping_info->email', '' ) == $guest_email ) ) {
    						$html .= $order->details( false );
    					}

    Thank you, and Happy New Year to all!!!!

  • Emanaku

    Sorry for that lengthy post up there - when I realized, that it very likely was not correct I could not edit it any more.
    Here the better version:

    1. I added the guest_email field to the form for looking up orders (see opening post)

    Then I looked a bit closer, and found the following (I may have violated some rules how to program a plugin - but your developers can surely fix that easily):

    2. in class-mp-ajax.php the function lookup_order() (line 463) looks up, if the order with order-id exists, then the wp_send_json_success sends a redirect URL, but this URL has no reference to the guest email any more. I believe that is why the guest email never shows up in the template-functions.php.
    I simply applied md5 to the guest_mail (reason see below). It is added with slashes, because in marketpress.php (line 669) there is a rewrite rule for this URL (that is where the names with the mp_-prefix come from) :

    if ( $order->exists() ) {
    				wp_send_json_success( array(
    					'redirect_url' => trailingslashit( mp_store_page_url( 'order_status', false ) ) . $order->get_id() . "/".md5(mp_get_post_value( 'guest_email' ))."/",
    				) );
    			}

    3. in template-functions.php function mp_order_status (line 2129) I am getting the encrypted guest_email from the query_var (as it was originally programmed):

    function mp_order_status( $args ) {
    		$args = array_replace_recursive( array(
    			'echo'     => false,
    			'order_id' => get_query_var( 'mp_order_id', null ),
    			'guest_email' => get_query_var( 'mp_guest_email', null )
    		), $args );

    Now we are getting the guest_email actually here in this function, it is md5-encrypted

    4. The tests if the email address is the right one, looks like this (line 2164):

    if ( $order->exists() && (  md5( $order->get_meta( 'mp_billing_info->email', '' )) == $guest_email || md5( $order->get_meta( 'mp_shipping_info->email', '' )) == $guest_email ) ) {
    						$html .= $order->details( false );
    					}

    So here the programmer assumes, that the incoming guest_email is encrypted. The advantage is, that in the redirect URL (in 2. above) the email address does not appear in readable text.

    Thank you, and Happy New Year to all!!!!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.