13 replies to this topic

[dino705]

Hello-
I'm attemping to get a clients osCommerce site to work with Linkpoint/Yourpay connect. I cannot figure out how to integrate this. All the modules I find in the contributions say that an SSL is required. The client does not have an SSL certificate on their site because Linkpoint support tells them that they don't need an SSL certificate because the customers are taken to the linkpoint site to enter their credit card info if we are set up properly. I've read Linkpoints installation manual, but they mention nothing about osCommerce. Linpoint gave me the sample code below and told me I have to add it to a checkout page, but how do I integrate it into oscommerce? Where would I put this..checkout shipping, etc? And where do I get the value for 'chargetotal'? Any help would be appreciated.

BEGIN Sample code from Linpoint

<form action="https://www.linkpointcentral.com/lpc/servlet/lppay" method="post">
<input type="hidden" name="mode" value="fullpay">
<input type="hidden" name="chargetotal" value="2.00">
<input type="hidden" name="storename" value="123456">
<input type="hidden" name="txntype" value="sale">
<input type="hidden" name="comments" value="product info">
<input type="submit" value="Continue to Secure Payment Form">
</form>

[ecartz]

You would have to write a payment module. Otherwise, you wouldn't have integration with the osCommerce checkout. You can see a module for what you want at Linkpoint Connect contribution. Not sure if that's one of the ones at which you've looked already, but that's the one that offers the integration that you want. It should be possible to use that module without SSL, although there are going to be security issues (that Linkpoint is ignoring).

Also, be warned that any checkout method that involves going off site will run into synchronicity problems. For example, if your customer goes to Linkpoint and pays but does not return to osCommerce, it will not create an order in osCommerce, only in Linkpoint.

You would get a better integration with PayPal, where the payment modules are more up to date and where IPN is possible.

[knifeman]

I have a linkpoint module running on 2 stores that I cannot find in the contributions anymore. It works just fine, but requires SSL. All checkout is done on my site, card number and order info is sent to linkpoint, verified, charged and if OK, customers ends up on checkout_success.

There is a current one from iofast, but I believe it requires SSL also.

Tim



[quote name='dino705' post='1424488' date='Jul 27 2009, 11:27 AM']Hello-
I'm attemping to get a clients osCommerce site to work with Linkpoint/Yourpay connect. I cannot figure out how to integrate this. All the modules I find in the contributions say that an SSL is required. The client does not have an SSL certificate on their site because Linkpoint support tells them that they don't need an SSL certificate because the customers are taken to the linkpoint site to enter their credit card info if we are set up properly. I've read Linkpoints installation manual, but they mention nothing about osCommerce. Linpoint gave me the sample code below and told me I have to add it to a checkout page, but how do I integrate it into oscommerce? Where would I put this..checkout shipping, etc? And where do I get the value for 'chargetotal'? Any help would be appreciated.

BEGIN Sample code from Linpoint

<form action="https://www.linkpointcentral.com/lpc/servlet/lppay" method="post">
<input type="hidden" name="mode" value="fullpay">
<input type="hidden" name="chargetotal" value="2.00">
<input type="hidden" name="storename" value="123456">
<input type="hidden" name="txntype" value="sale">
<input type="hidden" name="comments" value="product info">
<input type="submit" value="Continue to Secure Payment Form">
</form>[/quote]

[dino705]

Thanks for all your help. I don't have enough php/osCommerce knowledge to write my own payment module. Unfortunately, the client signed up with Linkpoint on the basis that they would NOT need their own SSL with osCommerce to work with Linkpoint. Linkpoint is basically no help with assisting in getting their own system to work. I'm not sure which way to go at this point. The contributions for Linkpoint all seem to begin at the checkout_confirmation page, but if you don't have SSL then the credit card info on this page isn't encrypted.

[knifeman]

SSL certs are not that expensive. If your client is already paying the monthly Linkpoint fees, it would not be that much more to have SSL installed. When I signed up with them, they had a cancellation fee, and that fee was more than a decent cert and dedicated IP.

When Internet Explorer moved the padlock from the bottom of the browser page to the top, I had numerous phone calls from customers wondering why I did not have SSL on my site. That told me that a lot of customers are aware of the security issues and would not enter all that payment info without it.

Tim

dino705, on Jul 27 2009, 06:38 PM, said:

Thanks for all your help. I don't have enough php/osCommerce knowledge to write my own payment module. Unfortunately, the client signed up with Linkpoint on the basis that they would NOT need their own SSL with osCommerce to work with Linkpoint. Linkpoint is basically no help with assisting in getting their own system to work. I'm not sure which way to go at this point. The contributions for Linkpoint all seem to begin at the checkout_confirmation page, but if you don't have SSL then the credit card info on this page isn't encrypted.

[ecartz]

dino705, on Jul 27 2009, 06:38 PM, said:

The contributions for Linkpoint all seem to begin at the checkout_confirmation page, but if you don't have SSL then the credit card info on this page isn't encrypted.

All external modules will start at the checkout confirmation page. The kind of module that you want will not collect credit card infomation on the payment page but will just allow them to select LinkPoint and enter a billing address.

I would install the payment module. Then try it. If it works, you are done. If it doesn't work, then you can ask more pertinent questions. Right now, you are guessing about how the module works and concluding that it won't work based on your guess. Don't guess. Test.

[dino705]

Thanks for your response.
I have the contribution module installed successfully and it will work. But, the problem is that when the client gets to checkout_payment.php using the contribution they are asked for their card information but this page is not secure if they don't have an SSL certificate. I've installed many osCommerce stores using SSL and other payment gateways, but this client was sold on Linkpoint because they told him he didn't need his own SSL.

[germ]

The client may have bigger problems.

If the site even "sees" the CC info it has to be PCI Compliant (<- A link, click it).

Quote

However, according to the PCI DSS documentation, "PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."

[ecartz]

Linkpoint is claiming that there is a version that works like PayPal or 2Checkout, where the customer enters the credit card info off site. If so, then the site does not have to be PCI/DSS compliant, as it doesn't see the credit card info at all. It's been a while since I've done anything with Linkpoint, but I had thought that there was a contribution for this. Apparently not.

If it's really true that none of the Linkpoint modules support off site processing, then the two options would be to write a payment module or to switch to a different processor (e.g. PayPal). There is no easy, hacky solution to posting to Linkpoint and then processing the result. You need the payment module to get that integration. That said, this wouldn't be a hard payment module to write. It would be mostly like the 2Checkout module. Most of the difference would be in the process_button function, changing the field names and possibly deleting some fields.

[ecartz]

As I stretch my brain back to the last time that I worked with Linkpoint, I think that the way it works is that you can specify the credit card number but do not have to do so. It's possible that you could get the existing module to work the way that you want, just by deleting the lines that work with the credit card information. Linkpoint would then automatically realize that the information was missing and would ask the customer to provide the missing data.

[dino705]

Hello-
Thank you ecartz! You method works. By modifying linkpointconnect.php, classes/payment.php and checkout_payment.php (to remove the entry fields for the crdit card info), linkpoint does indeed bring up a window(s) asking for credit card info on their secure site, and the orders are processed. This is exactly what I was looking for. Thanks again.

[knifeman]

Dino705,

The linkpoint files you modified, are they from an existing osc contribution? Or are those files something you got from linkpoint?

Tim

dino705, on Jul 28 2009, 01:03 PM, said:

Hello-
Thank you ecartz! You method works. By modifying linkpointconnect.php, classes/payment.php and checkout_payment.php (to remove the entry fields for the crdit card info), linkpoint does indeed bring up a window(s) asking for credit card info on their secure site, and the orders are processed. This is exactly what I was looking for. Thanks again.

[ecartz]

You shouldn't have to edit includes/classes/payment.php or checkout_payment.php -- the payment module should be enough. There are many payment modules that do not collect credit card information. E.g. the COD module.

Editing the other files will make things more difficult if the store owner wants to get SSL and start using one of the other payment modules in the future.

[karthickk]

I have a diff question here.
It is a simple html form that posts to the linkpoint connect page.
Someone can easily change the "chargetotal" in the html and post a different data.
How to catch / prevent this. Also, I am noticing that the return data is also not hashed. Is it not a security concern??