Magento saves all checkout step data using AJAX.
Magento has a feature to go back to the cart page whenever an AJAX request goes to onFailure
state during any of the checkout steps.
.....
method:'get',
onFailure:this.ajaxFailure.bind(this),
onComplete: function(){
....
.....
ajaxFailure: function(){
location.href = this.failureUrl;
},
......
An AJAX response calls the onFailure() function whenever a header response is
HTTP/1.1 500 Internal Server Error`.
$this->getResponse()->clearHeaders()->setHeader('HTTP/1.1', '500 Internal Server Error')->sendResponse();
exit;
Or use 403 (permission denied):
$this->getResponse()->clearHeaders()->setHeader('HTTP/1.1', '403 Forbidden')->sendResponse()->sendResponse();
exit;
...Or 503 (service unavailable):
$this->getResponse()->clearHeaders()->setHeader('HTTP/1.1', '503 Service Unavailable')->sendResponse();
exit;
In your case you need to send a 500/403/503 header response code to ensure that the Prototype AJAX onFailure
is called.
saveShipping()
function saves shipping data using AJAX` and the response is the JSON content.
On receipt of this response the checkout is going to move to the next step.
That means that $this->_redirect('checkout/cart');
is not being run.
To me, it clearly sounds like your Magento is badly corrupted.
I can't confirm that because the URL you pasted links to a Shopify website but let me explain.
Regarding the error
That error happens in a very critical file in terms of security, app/code/core/Mage/Payment/Model/Method/Cc.php
being the file that handles the Credit Card payment method.
Having an error thrown here in a core file is already a red flag.
On top of that, line 388 does not exist in a native Magento 1.4.0.1 install, you can find the original file here: https://github.com/OpenMage/magento-mirror/blob/1.4.0.1/app/code/core/Mage/Payment/Model/Method/Cc.php
That is a super red flag.
Two possibilities:
- the original developer(s) modified the core files, which is a very bad practice but I can't see why they would change this file.
- your install got corrupted by a hacker who used a security breach to modify this file in order to steal Credit Card Information.
Unfortunately, I have a bad feeling that you're in the second case.
That bad feeling comes from the fact that the key that does not exist and that triggers the error is SESSIIID
. It looks to me that the corrupted file is trying to steal the session ids to be able to retrieve the credit card details.
One of the most famous Magento vulnerability regarding credit card hijacking uses SESSIID
(with two i, there's three in your code) and I'm pretty that's what the hacker wanted to achieve: https://www.byte.nl/blog/widespread-credit-card-hijacking-discovered
Fixing the problem
First, I suggest you run the website against MageReport: https://www.magereport.com/
It will help you finding out the vulnerabilities of your website.
Second, I suggest you roll back all the core files to the original ones.
My personal suggestion would be to use the MageRun plugin developed by AOE to find out which core files have been modified: https://github.com/AOEpeople/mpmd#command-mpmdcorehacks
Finally once you've rolled back the core files to their original state, I suggest you install all the missing patches. You can download them here: https://www.magentocommerce.com/download
Best Answer
You can do this by Magento event observer functionality whenever magento predispatch a controller then trigger event
controller_action_predispatch_youfullaction
you need trigger an event
when shipping method is select and click save button to goto next button you need event and redirect to third party from observer
.Here is an example that depends on Magento default