It's been a while now since I last posted about my experience with VirtueMart, but a recent update caused me to have several issues with the PayPal payment gateway.

The recent official 2.0.26x releases included an 'improvement' to the PayPal payment gateway, an update that unfortunately was not sufficiently tested and resulted in normally successful PayPal transactions not being completed but being marked as pending instead. The issue relates to a check that was introduced for the merchant email address.

My investigations unearthed the root cause of the problem - a check that compares the merchant email against the paypal receiver email.


The problem arises when your PayPal account has several registered email addresses, the business email response returns the primary email that is registered with PayPal, if like me, you use several email addresses for several sites on the same PayPal account you will find that invariably the business address will differ from the email address stored as the merchant email address in the VirtueMart payment plugin and the transaction will appear to fail.

What actually happens is that if this check fails the transaction is not changed from pending to complete - the actual PayPal payment has already successfully taken place so it's too late to do anything to affect the transfer of money. To me this is a bit like closing the gate after the horse has bolted - too little - too late. It makes no sense to perform this check at that time in the transaction. Your customer has already parted with their hard earned cash but cannot download their goods until you manually go in and change the status of the order in the backend admin panel. This results in either the customer cancelling the payment and filing for non-receipt with PayPal, or a barrage of angry support requests demanding their goods. Might as well go back to the olden days of sending cheques by mail.

The solution given to me was equally non-sensical and was actually specifically tailored to address my error message (AFAIK there can be two outcomes depending on whether you are using the primary PayPal email address as your merchant email address)

strcasecmp($paypal_data['business'],$this->merchant_email)!=0 )

I cannot really see the need for this check, why check that the email you sent the payment to is the email that PayPal actually used??? There is really no need to verify the functionality of PayPals API, if they cannot get it right, there really is absolutely no hope for the rest of us.

Apart from the nonsensical code, the thing that really surprised me was that this issue had been unaddressed for well over a month. This issue was originally reported at the beginning of December, an issue in the primary payment gateway of a product that calls itself 'The Future of eCommerce'.


I was actually very very very (did I say very) surprised that such an issue should have even made it into a production release. This was not even a major release - just a minor release, well in fact it was not even a minor revision release as the versioning numbering has letters tacked onto the end of it - not really sure what that signifies but it's definitely not following a standard major | minor | revision numbering scheme.

Test test test - that's the mantra of all software developers the world over. I have often said that developers that are as flippant as this would not last 5 minutes in the real world. A world where simple mistakes such as this cost money and reputation.

Unfortunately I decided to air my disappointment on their support forums which was met by a rather personal response that accused me of being brainless and less polite than a dog . This tickled me quite a lot, especially when taken in context with the recent issues I have been having with dog owners using my front lawn to empty their dogs - owners who appear to be both brainless and impolite.

Of course, such a rebuke was partially deserved, especially as it appeared to be from a sensitive teenager. (Teenagers are of course known for their angst.)

One point said teen raised was that...

they are fixing all this stuff for free.

Which led me back to my earlier article on Virtuemart which highlighted that the now absent download feature from VM1 that had been replaced by an overpriced, under featured extension in VM2. The 'we're fixing all this for free' excuse was exactly the same standpoint given back then, and here it is regurgitated and repeated by another forum member like some kind of mantra.

I was even more surprised when the dev who was dealing with my query accused my response as being aggressive and asked me to cool down. WTF?! Ahh well whatever.

Unfortunately it seems to me that Virtuemart have really lost the plot. Instead of trying to actually become 'The Future of eCommerce' it seems that they have lost sight of the goal. Rather than fixing major (fundamental) issues in their code and issuing a bugfix release, they just leave them in there until the next normal release on the release cycle. This is especially annoying when you consider that Joomla comes with an automatic update feature, that makes it simple to make such updates. Given that this bug is well over a month old I personally think that Virtuemart should really have done something about it.

There is a lot of trust placed in VirtueMart by their users, not only do it's users rely on Virtuemart to handle financial transactions without issue, (transactions that I might add can range in value from anything from a few dollars to several thousands of dollars), they also rely on the integrity of the developers to ensure that mistakes like this simply do not make it into a production release. Mistakes like this cost the end user money and when you are trying to run a business, failed sales and transactions cancelled by users unable to download their purchases is not good for the bottom line not to mention the extra strain on your support system.

In the world of financial software, just like in the world of industrial software and automation in which I work, there is zero room for error. Such flippancy on behalf of the developer ends up costing the end user money and if there is one thing that I know from running my own business; the quickest way to piss someone off is to affect their bank balance.

What VirtueMart really need to realise is that whilst they may consider that they operate under the banner of free and open source software, and that this in some way affords them some kind of perceived respite in their endeavors, the reality is that they operate within a field where their product performance is judged the same as every other product in the market; a product that people rely upon to run their business with, that people entrust to handle financial transactions on their behalf and that people expect to deliver what is promised. VirtueMart is a mature product, which means that there are certain expectations and qualities to uphold. The price has nothing to do with the expected quality, especially when the product is being advertised as 'The Future of eCommerce'.

There are a couple of products that I have come across in my travels that follow this philosophy of 'you cannot complain because we do this for free', and in both cases when you compare them against the competition it is clear to see that this attitude only serves to hold the product back. Constructive criticism is a very important part of customer feedback. Generally the level of irateness expressed is a good barometer for how large the problem is and such feedback should be considered an important part of the development lifecycle, after all, these are your customers.

Up until I experienced these recent PayPal issues I was still using VirtueMart here on I long ago switched to HikaShop for my other commercial sites. It is a much better product, with much better support. Download functionality is part of the core, as is a bunch of other stuff that you need to pay extra for in VirtueMart. However. PayPal issues, angry teens, missing features and poor support aside there is actually a much more compelling reason NOT to use VirtueMart.

It does not support Joomla 3.

Joomla 3 is now the defacto Joomla version to use. It is recommended by Joomla as the version to use of you are creating a site and whilst Joomla recommend existing Joomla 2 users to stick with it until the release of Joomla 3.5, Joomla 3 is officially the current stable version. It's also been the current stable version for some time now. So it's quite surprising to learn that despite countless questions by VirtueMart users the official line (expressed in a particularly passive-aggressive manner by aforementioned angst ridden teen) is that they are not even going to start looking at Joomla 3 compatibility until 3.5 has been released.

And that right there is the clincher for me and the reason that I have just updated this site to Joomla 3 and HikaShop.

If you are just about to embark on putting an online shop together I seriously recommend that you take a look into using Joomla 3 and HikaShop. If you currently use a Virtuemart store for your business, I would recommend that you seriously consider your position with regards to financial risk. All you really need to ask yourself is whether VirtueMart gives you that warm fuzzy confidence that you would expect from a product labelled as 'The Future of eCommerce'. In my case it was a resounding NO.