Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

borghe

Archived
  • Posts

    36
  • Joined

  • Last visited

Everything posted by borghe

  1. Well, I implemented it on my production site. I needed to alter a few extra files due to the heavily modified nature of my site, but all in all from the normal stock osc distribution I only modified: /include/functions/html_output.php in here I just changed tep_href_link(). I put in a db call to pull out products_name, manufacturers_name, and categories_name (I only have one category per item). I then construct a key/value pair using manufacturer-or-category/products_name and add that the the url being built. This actually allows the option of this working perfectly well with SEF turned off also. /product_info.php here I just check to see if the correct format of URL is being referenced. If not I use a 301 redirect and have location determined by just using tep_href_link on $_GET['products_id']. This modification is primarily for any back-links coming in using the old URL format. They'll still work, just 301 redirect you to the new format. It's as simple as that. If anyone has any questions I would be more than happy to answer. I also put in the ability to add keywords to the url as well as an auto-versioning system when you change those keywords. This ensures that the most updated version of the URL is always the customer's final destination. Total programming time in this was under 4 hours solid, which honestly is less time than it probably would have taken to implement the contribution I wanted to use given my store's screwy way of building product names and using categories. you can see it in action here: http://www.badgercomics.com/
  2. so I looked at the seo/sef link in your post and quite frankly most of the really nice options would be extremely difficult to implement. by way of comparison, I put together my test case over just a few hours Friday night. I have items showing just fine, but I have a couple of questions about SEO/SEF in general and wondering if anyone could answer them. First, I realize you have to 302 your pages and I think I've figured out a way to do that (I check to see if I need to generate SEO links. I just use that same method to check and generate and NOT it to generate the 302). However, how quickly does google handle 302's in the directory? Do I include the old links to the 302's in my sitemap for google or do I just include the new links and let google catch the 302s on the old pages? This one is common to seemingly most of the SEO implementations (including even amazon and many others). Does google or others catch what is basically a BS SEO move? I mean even looking at amazon, most of the implementations in here, etc, the URLs are quite tacked on and you can tell where the meat of the URL is and where the fluff is. Is there any thoughts of google coming down on this in the future? Kind of related, is google even going to reindex my new URLs (with the 302s and sitemap) when it is essentially the same as the old URL with just the relevant item data in the URL? To understand what I'm talking about, my test site is here: http://test-11.badgercomics.com/
  3. So my store is a heavily modified osc install. The backend has been reworked dramatically to accomodate for our products. Thus the problem is that there is no SEO solution out there (aside from a mod_rewrite) that we will simply be able to drop in without tremendous work. So here's my question. Has anyone just tried modifying tep_href_link() to simply "add-on" product name information as a query string using the builtin simple SEO capabilities? keep product_id in the SEO query string (i.e. catalog/product_info.php/this_is_my_product/xx/products_id/1234). It seems like it would be simple enough and would need virtually no extra coding except for tep_href_link() calls to generate product_info.php links. My titles are good, my pages have as much info as the distributor and publishers provide, so at this point I am just looking at that last push with truly SEO urls. Any thoughts are appreciated.
  4. I am working on a private contribution that creates labels with DHL's ShipIT API and works somewhat the same way it sounds like. If you are supposed to be getting a pdf back and it is base64 encoded, simply grab the relevant data, put it into base64_decode(data), then say header('Content-Type: application/pdf'), then echo it out: header('Content-Type: application/pdf'); echo base64_decode(data); make sure you are doing this without outputting anything to the screen (no <html> or <?xml>, etc) and don't output anything after. the only thing the server should be sending back is the header and the echo.
  5. oh, I wanted to comment on this post also.. in the before_process() function, simply add x_delim_char => ',', somewhere in the passed data. this will override whatever you actually have set on auth.net actually IMHO this should be set by default in the module. that way customers with existing auth.net accounts using a non-comme delimiter don't have to worry about the module not working out of the box as the module will automatically set comma as the delimiter.
  6. so, as I've been working on credit card storage and using some of this module as a basis for my work (I need to authorize the card the first time to verify the cvv value being as I'm not allowed to store it), I noticed a glaring, well not glaring, but somewhat significant flaw in this module. Everything is fine except for the process_button function, where you write as a hidden form field the entire credit card number. Technically you should not be writing the cvv value either as a hidden form field (which you are) or as a plain text display to the customer. Unfortunately my personal fix involves a custom mcrypt-based encryption class, but to outline essentially what can be done to get around this is: in confirmation() remove the cvv display. in process_button(): I am concatenating the card number and cvv value and delimiting them with a | I then 3des encrypt this (using my mycrypt-based class), base64 encode that (so it won't have problems in the html) and write that to the hidden cc_num input field. in before_process(): base64 decode $_POST['cc_num'] decrypt the field and list ($cc_num,$cc_cvv) explode('|',$decoded_cc_num) and I now have a cc_number (and cvv if applicable), all the while never having them in plain text. I only bring this up relating mainly to either someone leaving the checkout confirmation screen on their computer unattended, in which even when their session timed-out someone could still view source and grab the credit card number, or if the page is cached and if they could view source on the cached page and grab it from there. anyway, this post really explains how to do it, you just need to figure out the encryption part. I created my own mcrypt class but if you do a search for mcrypt you will find a few already made classes out there that can handle the encrypting. sure a static in the source isn't the utmost in security either, but at least a lot more secure than the plain text credit card number in the html source itself.
  7. I have already looked at the visa pci self assessment. to answer questions fro section 3: 3.1 Is sensitive cardholder data securely disposed of when no longer needed? Yes. All data will be removed immediately when a customer chooses to terminate their subscription status. 3.2 Is it prohibited to store the full contents of any track from the magnetic stripe (on the back of the card, in a chip, etc.) in the database, log files, or point-of-sale products? Not doing any card present transactions so not a problem. 3.3 Is it prohibited to store the card-validation code (three-digit value printed on the signature panel of a card) in the database, log files, or point-of-sale products? Yes. It will never be stored, even temorarily. 3.4 Are all but the last four digits of the account number masked when displaying cardholder data? Yes, the full number will never be displayed, either to me or the customer. 3.5 Are account numbers (in databases, logs, files, backup media, etc.) stored securely? for example, by means of encryption or truncation? As I said in the first post, numbers will be fully 3DES encrypted with the initialization vector not being stored on the network. 3.6 Are account numbers sanitized before being logged in the audit log? No account numbers are being logged. Furthermore the each key for each card number is also now being randomly generated as a 128byte string using random ascii chars 31-255 giving 1.325083269986333e+474 possibilities and again, not being stored with the initialization vector, and neither being stored on the shared hosting service. so the only thing being stored on the shared service is the actual 3DES encrypted card data itself. as I said before, the bottom line is that I WILL have to store the card data, either online or offline. Offline presents a whole new host of problems, such as how to get the card number from the customer to myself securely, and of course again creates an even bigger single point of failure. any other thoughts?
  8. uggh.. so I NEED to store credit card details in certain instances in the database. I could store them offline on, say, my workstation at home, but it would be a tremendous pain to go back and forth to "link" the details with the "online" users when it came time to charging them in these particular instances. besides that, I can actually setup an automated method to charge them (long story, not part of the default oscommerce setup. this is seperate charging done on a particular and exclusive basis). So anywho, I wrote my own method of storing the encrypted credit card. essentially what I'm doing (and I'm not worried about mentioning this being that the lock and key are never stored in the same place) is tripledes encrypting the modified credit card string. I am then adding the basic customer viewable info (last 4 digits and date) and then base64 encoding that. so the customer will have easy access to the last 4 and date to know what card they have on file. now the trick to this is that the initialization vector is being emailed to me base64 encoded. so the only way to decrypt the string is to get ahold of the initialization vector which won't be located anywhere near the actual encrypted string (physically and theoretically). so when I want to charge the customer, I can create a simple ssl encrypted page that will lookup the customer_id I pass, take the base64 encoded initialization vector I received in the email as input, add like a dollar amount field to charge against the customers card in realtime over auth.net, and all is good. the only chance a hacker would ever have in "breaking" the system as far as I see is either sniffing the original email as it is sent or breaking into my box and getting it off of there (which of course it is also encrypted on). if anyone sees a problem with this I would LOVE for you to point it out. I am going to go live with this pending any unknown dangers and would certainly love the input.
  9. sorry. I thought you meant offering photos for download. yes, if you are offering them for sale printed, then imagemagic is certainly able to handle things. just have both filename encryption and watermarking turned on. they will still have unlimited access to the watermarked pictures (unless you have inventory browsing turned off for unregistered users) but at least they won't have any access to the non-watermarked pics.
  10. thank you steve. this is EXACTLY what I was looking for. so I could do something like: on VALIDATED/Completed: process the order fully, clear their SQL shopping cart completely, apply their voucher credit and discount code. on VALIDATED/Pending: keep everything as is BUT STILL apply their voucher credit and discount code immediately. on VALIDATED/Rejected: keep everything as is AND refund their voucher credit and reset their discount code status for the discount. this should stop any sort of exploits from occurring with customers not coming back to the site. then customers who do come back to the site I'll just rework before_process() in the paypal module so that it tidys up all tep_session variables so they match with the current session SQL data, and generates the email and the "congratulations" screens. sound good? and thanks again for the answer.
  11. trax - that is what "encrypted" filenames are for under admin. HOWEVER, it should be noted that as far as I can tell imagemagic is NOT a suitable replacement for a real download management package. it is basing everything off of an image that is free and in the clear. you can turn on filename encryption and even modify the package so it leaves filename encryption on and watermarking off for logged in users, however there is no real way to "distribute" the file with image magic. if I were you I would leave watermarking turned on at all times (as well as filename encryption if protecting the pictures is required). I would then have the picture stored in two different places. One place where image magic can find it for display, and another place where a real downloadable content manager will be able to package up a non-watermarked copy for download by customers. this is IMHO the only way to truly protect your content as you are describing. to further protect things I would have your originals that image magic is using in kind of a dense directory structure and/or have different names than their downloadable counterparts. if they had the same names and, say, were all located in /images/ some unscrupulous person could just download a few pictures, get your naming structure under order, and then just try to bulk download using sequencing from /images/.
  12. any thoughts by anyone on moving the before_process() inventory reduction/order management/etc stuff to the ipn.php file as opposed to the paypal_ipn.php file? Would really like some input on this. at the very least, does anyone have practical information on the typical time it takes paypal to send out the ipn notification? are a few seconds typical? a few minutes? is it possible for it to go to hours and/or days in some instances? things I am wondering most about are people that use a bank account linked to paypal where paypal holds the funds. does the ipn still go through immediately? paypal is definitely something I want to offer, but this is a pretty big hole involving gift vouchers and coupon codes with a per customer limit. any thoughts?
  13. hmm.. not sure what file you are talking about? checkout_process.php is unfortunately never called in what I'm referring to. paypal ipn has the checkout button post a form directly to paypal. checkout_process.php is only called if/when the customer comes back to your site from paypal. ideally the customer will come back, but all it takes is for someone to realize that they don't have to return for the credit to never be applied. and I was double checking and the same is also true for coupon codes being cashed in. if you have a coupon code that has a per customer limit, if they don't return back to the site they can just use the coupon code over and over. sticking everything in ipn.php seems like the way to go, however I have to first find out exactly how instant IPN is, or more specifically what is the worst case common scenario.
  14. one question here. I posted it in the CCGV thread (because that IS where it belongs) but I'll post it here as well because it directly affects the paypal IPN mod (no other mod). Essentially if a person uses the remainder of a gift voucher when they checkout at paypal, but then doesn't return to the site afterwards (for checkout process), the voucher is never deducted from their total. does anyone have a fix around this already? I have a few ideas (basically moving apply_credit() to ipn.php and passing some variables in the custom variable of the IPN API) but don't want to reinvent the wheel if I don't have to.
  15. Ok, I came across one more minor bug. Again I've searched but haven't found anything. rather than spending another 8 hours on this (which I'll have to do without an answer anyway) I figured I would shoot it off in here. Currently with paypal available, a person with a gift voucher balance can avoid getting their balance reduced by not returning to the site. the order goes through just fine, but as is the case with paypal IPN not reducing inventory or anything, the voucher balance is not reduced either. is there an answer already out there for this? now technically I am thinking that I can just remove the apply_credit() call from before_process() and instead just stick it in the ipn.php file itself... I mean if someone uses a voucher and still goes out to paypal they used up their voucher balance. I can stick a variable in "custom" when I send the customer to paypal and when I get the response back just reduce their voucher balance by that much.. so "otgv35.68" will reduce their account balance by 35.68. the only problem I have with this is if their is a noticeable lag between them finishing their order on paypal and when paypal responds with the IPN (granted it would have to be at least a few minutes) this would allow the person time to see the voucher balance in their account and try spending it again before paypal's IPN response was received. uggh.. I don't know. any thoughts on this are welcome.
  16. shoot.. typo in the above fix for the second issue. It should read: // ############ Added CCGV Contribution ########## $GLOBALS[$post_var] = $HTTP_POST_VARS[$post_var]; // ############ End Added CCGV Contribution ########## if (!tep_session_is_registered($post_var)) tep_session_register($post_var); the difference is in the post_var located in $GLOBALS[]. it should be $post_var. it isn't in the original post.
  17. ok, before I go into my original post, I'll edit this for J B: You have to make gift certificates available in the store. To do this create an item (can be any name, price, etc) and make the model GIFT[something]. So you can do GIFT25, GIFT_25, GIFTtwentyfive, GIFThopethisworks.. as long as the first part of the model number is GIFT. Then assign a price to it and put it in your store. Users can then buy it at cover value and it will be added to their balance. At that point they can send all or part of their balance to an email address. k, ran into a few problems I would like to share with people. don't know if this relates to using REGISTER_GLOBALS = off or what, but CCGV has been the biggest headache to install. I think I got most of it worked out now though. the biggest problem I've had is when doing like if(!tep_session_is_registered('cot_gv')) tep_session_register('cot_gv'); $cot_gv = true; this is not a literal example (well, not exactly) but is an example of what I was dealing with. particularly around line 146 of ot_coupon.php. by moving the assignment ahead of the session registration it fixed having to enter in a coupon code twice to get the coupon (which was shown elsewhere in this thread. I searched for reducion to find it). the second problem, to similar effect, was with gift vouchers. it was harder to nail down because even though the effect was the same it wasn't readily apparent. if I went through and didn't apply a credit, everything was fine. however if I went through and applied a credit, it wouldn't show up. I go through and apply the credit again and it was fine (as in check the checkbox with a balance). the reason it was so hard to nail down was because if I went through with the credit applied but not showing up and then DIDN'T apply the credit, I would still get the credit, until I "didn't apply it" again. the problem is that in collect_post() in order_total.php the section looks like this: if (!tep_session_is_registered($post_var)) tep_session_register($post_var); // ############ Added CCGV Contribution ########## $post_var = $HTTP_POST_VARS[$post_var]; // ############ End Added CCGV Contribution ########## now how this actually works is beyond me. it looks pretty typical, however unlike the normal assignment which essentially says tep_session_register('something') $something = $value this essentially says tep_session_register('something') $variable = $value so $something never gets registered. luckily the entire point of the tep_session_register() anyway is to link $_SESSION['test'] to $GLOBALS['test'] which in turn is the same as globals $test. so I was able to turn the above into: // ############ Added CCGV Contribution ########## $GLOBALS[post_var] = $HTTP_POST_VARS[$post_var]; // ############ End Added CCGV Contribution ########## if (!tep_session_is_registered($post_var)) tep_session_register($post_var); which works perfectly. whew.. ok, final bug I have found so far. with all of these changes I've made, I found out (the hard way) that $credit_covers (essentially $GLOBALS['credit_covers']) is checked for NO MATTER WHAT. The problem with this is in the CCGV modded part of payment.php where during each payment method in pre_confirmation_check() it checks to see is $credit_covers is true or not. if it is true it nullifies that payment module. Unfortunately once the payment module is nullified, the order went through successfully without ever going for payment, AND without deducting the credit from their voucher value. The answer is in pre_confirmation_check() in order_total.php (around line 244). here, $credit_covers is checked for EVERY TIME an order_total module is processed. This means $credit_covers will be true as long as the user has credit enough to cover his order, even if he isn't doing it. the answer is to change: $gv_query=tep_db_query("select amount from " . TABLE_COUPON_GV_CUSTOMER . " where customer_id = '" . $customer_id . "'"); $gv_result=tep_db_fetch_array($gv_query); $gv_payment_amount = $gv_result['amount']; // if ($order->info['total'] - $total_deductions <= 0 ) { if ($order->info['total'] - $gv_payment_amount <= 0 ) { $credit_covers = true; if(!tep_session_is_registered('credit_covers')) tep_session_register('credit_covers'); } else{ // belts and suspenders to get rid of credit_covers variable if it gets set once and they put something else in the cart if(tep_session_is_registered('credit_covers')) tep_session_unregister('credit_covers'); } by enclosing a if ($cot_gv) {} around it. this way someone has to specifically say they want to apply their credit for $credit_covers to even be solved for. I really hope this helps someone out. It has taken me the better part of 8 hours to just figure out these three things. The first one was covered in this thread already, but I didn't see the other two touched on. any questions let me know.. again (and to help people searching for this) these fixes are for your coupon code not being accepted the first time, or having to enter it twice to get it accepted, your gift voucher usage status not changing the first time, and having to apply the change twice to get it changed, and people choosing not to use their gift voucher balance to pay for their items when the voucher would cover the entire order but still having the order go through without a request for payment. whew.. the only thing I have left now is that I want to use the shopping cart method with paypal IPN instead of aggregate total. Does anyone know real quick if I can submit a negative value item to paypal as a shopping cart? that way I could just do item_x=Coupon XXXX price_x=-11.95 item_x=Gift Voucher Balance price_x=-25.97.. here goes nothing.
  18. I tried searching the thread but couldn't find the answer. Everything is working fine actually, my question is about the methodology of the module. Why is _cart set to not work with EWP? If it a size/POST limit or something? I like the functionality of EWP, just for knowing that my POST data WILL NOT be manipulated at all, but would prefer the customer to be able to see the contents of their cart on paypal also.. I've already converted the code to do _cart over EWP, but just wondering if anyone else has tried this and experienced problems with it. It seems to be working, but horror stories are welcome also. Oh, one other thing I did change about my install is the way tax and shipping were done for the _cart method. Shipping was correct, but looked kind of odd with the tax already added in (it didn't jive with what the customer saw on my checkout screen, even though it was correct). But the actual tax on the items was wrong and unfortunately doing it the way paypal requires you to do it per item will frequently yield incorrect results. the problem is that paypal requires tax per item per single quantity. So (real life example): Item is $1.75 tax at 5.6% is $.098 if I bought 10 of these items, my tax would be $.98 unfortunately paypal requires a 2 decimal tax (I already triple checked this). so you would have to round up for paypal ($.10). So now if I order 10 units, tax would be $1.00, not $.98. luckily paypal has the tax_cart field which will override tax_x for the entire cart. so I simply stick tax in tax_cart and everything is fine on paypal.
  19. just wanted to clear a few things up... first off, open source sort of does mean free. to truly be called open source, the source for a project has to be freely available. yes, the source has to be FREE, or else it is not open source. now you can technically have open source that in fact is not allowed to be free, such as the case with most open source MPEG-4 implementations, but the source is still free. it is just the compiled versions that are not freely redistributable. second, any modified modules out there that were originally released under GNU or a similar open source license, most definitely have to be freely available. You can not modify a GNU licensed module and then rerelease it as pay only. that is a violation of the license itself and open to legal action by the origial copyright holder of the original module. now of course modules don't have to be free for oscommerce (unless of course they are modified version of modules originally released under GNU and the original copyright holder hasn't given permission), but there is definitely a big part of me who finds it kind of a d*ck move to take so much from the osc community freely, and then charge to give back to it. I know I have openly shared all of my modifications where applicable, simply because I definitely owe it for everything I have taken from the community. Really, the next time you (generally speaking) want to charge for doing something related to an open source project, think carefully about how much you have taken away from the project, and what would happen if all of those contributors responsible for those projects would have charged you. That's how I look at it. now back on topic, I am definitely willing to contribute to a module that is already started. I have read over the level 2 api enough to really have a great understanding of how to connect it with osc.. if there is one already ahead in progress I could jump in on it.. if not I am actually interested in looking at starting my own, simply because the more payment options available means the more sales potential.
  20. hmm.. I think I've come across a minor bug with image magick. so I am running jpegs primarily, and they can get pretty large (for a store). I set my jpeg quality to 60 in the configuration page and loaded up my page then a full size popup image. no problem, it went from 89KB down to 18KB. However everytime after the first load I would do a full refresh (CTRL+SHIFT+R on firefox) the image that would then load would again be >80KB. So I looked at every other image on the site.... and noticed the exact same thing. every time I would load an image the first time (with server caching) it would be super small, and then every time after that it would jump back up in filesize. I finally narrowed it down one by one to find it was the server caching. with server caching turned off, the file sizes always remained the same. with server caching turned on, it would jump down for the first load, then jump back up for subsequent loads. this is happening on jpegs only and I found the problem. around line 178 in catalog/imagemagic.php you have the conditional if you are cached and either a jpeg or gif_as_jpeg. the problem is in this conditional, it basically creates a whole new jpeg out of your cache image at 100 quality. now if you know how JPEG works, you know that 100 quality on a heavily compressed jpeg will increase the size substantially. this doesn't affect the GIF or PNG sections because they are lossless, but with jpeg it creates a larger file. so what I did was I deleted out the imagecreatefromjpeg and imagejpeg calls and after the header() call I put in the following: $push_file = fopen($filename,'r'); while (!feof($push_file)) { print(fread($push_file, 1024)); flush(); @ob_flush(); } fclose($push_file); this reads in the actual cached file and outputs it directly to the browser. now technically this is what should happen in the other two conditionals as well. the file stays the same as is in those conditionals, but there is still some processing power involved in reprocessing the images. If this seems off let me know, but this was the only way I could get it to stop processing cached files over and over again. I have left the rest of the module alone and it has worked great. this was the only area that I needed to adjust.
  21. I believe I posted it elsewhere, but to mod cc_validation just look at the main check at the beginning of the validate function. let it go through and determine what kind of card it is and if it's valid. then at the bottom of the "if"s ad an if for something like if ($card->cc_type != 'Master Card' && $card->cc_type != 'Visa') return -6; then in your credit card module under the validation section add a case for -6 and have it throw an error message and break; I also added a CVV validation right above it in cc_validation. mine basically says if ((strlen($card->cc_cvv) != 4 && $card->cc_type == 'American Express') || strlen($card->cc_cvv) != 3) return -5; and then case -5: in the auth.net module is "please enter a valid card security code"
  22. arrghh.. couldn't get my edit in fast enough as for how you can edit that file, the quick way as they already said is to delete the validations you won't accept. so if you only took Visa/MC then you would have: if (ereg('^4[0-9]{12}([0-9]{3})?$', $this->cc_number)) { $this->cc_type = 'Visa'; } elseif (ereg('^5[1-5][0-9]{14}$', $this->cc_number)) { $this->cc_type = 'Master Card'; } else { return -1; } that is the sloppy way, as they will just get a "Please enter a valid credit card number" error. The cleaner way is to leave that conditional alone and then add after: if ($expiry_y == $current_year) { if ($expiry_m < date('n')) { return -4; } } something like if ($this->cc_type != 'Visa' && $this->cc_type != 'Master Card') return -5; then in your cc file (whatever module you are using) put a case -5: $error = "We currently only accept Visa or Mastercard."; break; right before case false:
  23. yes, I actually edited two files, both the cc_validation.php class file as well as the auth.net AIM file. I added CVV validation and error code to both files, and then esentially added a "valid cards" validation and error code to each file. then if/when I accept more than just Visa/MC, I can add those cards into the validation file and it will automatically accept it.
  24. my store will basically be selling a majority of very lightweight stuff. as a common incentive of course I will offer free shipping at a certain price point. pretty basic stuff. however, there are some items that I not only want to not qualify for free shipping, but will actually negate free shipping on an order. there are two ways this could be done. the first and easiest way is to just negate free shipping if such a flagged product is included. easiest but then the customer will be forced to either pay all shipping costs or splitting things between two orders manually. this leads me to the second way, which will essentially still give free shipping for freely shipped items, but then generate shipping charges for the items with the no_fee_ship flag set. first question from a business standpoint is which option do you think is better? the one is clearly letting the customer know that these items do not qualify and letting the customer make the choice. the other is simplifying it for the customers who will want the item anyway without free shipping, but could be very confusing. second, are any contributions out like this or am I looking at doing this on my own? I can easily write something up in a few days time for this, but would certainly look at an existing mod if one already existed.
  25. for those wondering, this is definitely possible with auth.net. I was just looking through the API docs and here is what would be required: submit the transaction as AUTH_ONLY. in the Gateway response grab the resultant Transaction ID number and store that in the database (it could probably be one field in the order table). add a button or form element of some sort on the admin interface that allows you to process an order. when you press the button, it would format a new request for auth.net for PRIOR_AUTH_CAPTURE using the stored transaction ID in x_trans_id and capture the transaction. the only two problems I see to overcome (which are likely very small) are that you NEED to delcare CC or ECHECK for x_method to auth.net, and by declaring CC you are then required to provide values for x_card_num and x_exp_date. If you are ommiting or masking these values in the database then I am not sure. Although from the Virtual Terminal interface Auth.net only requires trans_id and last 4 digits for a credit... something that could probably be resolved with a call to developer support. anywho, there you have it. if anyone wants to work on it have at it. if no one does I might throw something together when I have the time, but getting my store up and running is definitely first priority.
×
×
  • Create New...