Race condition in cron for Scheduled-Capture (very very big sites and order review...

In one cron, 250-500 orders may be processed (based on 5 minutes).
If an admin sets cron time up smaller than 5 minutes and
250-500> new transactions are made after last cron executed, it can be blocked.
Authorize cron sets up an_lastcron every time when admin/cron.php executes.
This must be set up after blocking check code.

As result, if pending orders aren't accepted with in 30 days at payment management page, they expired and users cannot enrol.
When an admin enabled order review, he is guaranteed 'Payment managers accept/deny transactions manually'.
Scheduled-Capture is designed for forgotten orders only ;)

diff --git a/enrol/authorize/enrol.php b/enrol/authorize/enrol.php
index 0a5362348e8502cafa632a334ec7e3cb96523fcc..529e387dea8348bde8bbadbc6e96c36abdb161dd 100755 (executable)
--- a/enrol/authorize/enrol.php
+++ b/enrol/authorize/enrol.php
@@ -463,7 +463,8 @@ class enrolment_plugin_authorize
             $captureday = intval($frm->an_capture_day);
             $emailexpired = intval($frm->an_emailexpired);
             if ($captureday > 0 || $emailexpired > 0) {
-                if ((time() - intval($mconfig->an_lastcron) > 3600 * 24)) {
+                $lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
+                if ((time() - intval($lastcron) > 3600 * 24)) {
                     notify(get_string('admincronsetup', 'enrol_authorize'));
                 }
             }
@@ -538,7 +539,8 @@ class enrolment_plugin_authorize
         $emailexpired = ($emailexpired > 5) ? 5 : (($emailexpired < 0) ? 0 : $emailexpired);
 
         if (!empty($reviewval) && ($captureday > 0 || $emailexpired > 0)) {
-            if (time() - intval($mconfig->an_lastcron) > 3600 * 24) {
+            $lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
+            if (time() - intval($lastcron) > 3600 * 24) {
                 return false;
             }
         }
@@ -605,7 +607,6 @@ class enrolment_plugin_authorize
         $settlementtime = AuthorizeNet::getsettletime($timenow);
         $timediff30 = $settlementtime - (30 * $oneday);
         $mconfig = get_config('enrol/authorize');
-        set_config('an_lastcron', $timenow, 'enrol/authorize');
 
         mtrace("Processing authorize cron...");
 
@@ -635,6 +636,7 @@ class enrolment_plugin_authorize
             mtrace("blocked");
             return;
         }
+        set_config('an_lastcron', $timenow, 'enrol/authorize');
 
         mtrace("    $ordercount orders are being processed now", ": ");