eWAY pay now button, seems to have a bug?

Question

I've just implemented a eWAY pay now button and have noticed some strange behavior that only happens on a tablet with Microsoft edge.

Basically using the data-resulturl, one can redirect after successfull payment, eg.

data-resulturl="https://www.mysite.com.au/booking.php" >

In my situation, I bring over the session variables to the booking.php page, write them into the database , send a confirmation email to customer and a email to admin, end session, then redirect to a booking-success.html page.

However on the tablet running edge, if you click the 'pay now' button it loads a modal as per normal, but if you click cancel it fires the data-resulturl. sending the emails and writing to the database. it does not redirect to success page.

Essentially users can make bookings without paying.

Win10 Microsoft edge is not effected by the bug.

So I am at a loss at what is actually happening here, how is this even possible?

I just tried sending data-resulturl to payment.php with a redirect to booking.php, but it still fires the emails and db write.

<?php
$thankyouurl = "https://www.mysite.com.au/booking.php" ;
header( "Location: $thankyouurl" );
exit ;
?>

Answer 1

It sounds like you've encountered a bug with the Pay Now button, that is something that is best handled by reaching out to eWAY directly with some details such as the Microsoft Edge version that experiences the issue.

On a related note, you should be aware that the Pay Now button will redirect to the given URL when a transaction is complete - even if the payment failed. On your booking.php page you'll want to check the transaction result using the AccessCode passed in the query string.

To do this you can perform a Transaction Query, for example using the PHP SDK:

<?php

$apiKey = 'key';
$apiPassword = 'password';
$apiEndpoint = \Eway\Rapid\Client::MODE_SANDBOX; // Use \Eway\Rapid\Client::MODE_PRODUCTION when you go live
$client = \Eway\Rapid::createClient($apiKey, $apiPassword, $apiEndpoint);

$response = $client->queryTransaction($_GET['AccessCode']);
$response = $response->Transactions[0];

if ($response->TransactionStatus) {
    echo 'Transaction successful! ID: '.$response->TransactionID;
} else {
    $errors = split(', ', $response->ResponseMessage);
    foreach ($errors as $error) {
        echo "Payment failed: ".\Eway\Rapid::getMessage($error)."<br>";
    }
}

This will also prevent users from just visiting booking.php to complete their booking. For extra security, log the AccessCodes so they can't be re-used to create multiple successful bookings.