Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.


  • Content count

  • Joined

  • Last visited

  1. I changed my site to work only in an 800 x 600 window. As a result, all product listings that have three additional images using this contribution causes the page to go way off by pushing it beyond the 800 width as it is displaying 3 images per row when there is only room for 2 images. I don't want to change the alignment to vertical. If anyone else is experiencing the same problem, here is a quick fix to reduce the images from 3 per row to 2 per row. Open additional_images.php and find: $col ++; if ($col > 2) { $col = 0; $row ++; Replace it with: $col ++; if ($col > 1) { $col = 0; $row ++;
  2. secretuser

    Seperate Pricing Per Customer v3.5

    I am thinking about installing this contribution and have some initial questions. I was wondering whether or not the issue of minimum orders has been addressed. I've searched this entire forum and could only find this briefly mentioned back in April of 2004. In particular, a retail customer on my site should be able to purchase one item whereas a wholesale customer should not be allowed to purchase just one item, but should be forced to either buy a set minium number of items or a minimum dollar amount. Based on the April 2004 post, the only advice given was to change the settings in the admin to create a minimum order, but this would end up stopping all retail orders as it is global and doesn't make the distinction between retail and wholesale customer. The other question is whether or not I can set one of my shipping modules for just the wholesale customer, one in which there is no handling charge. Your responses would be greatly appreciated.
  3. secretuser

    [Contribution]Paypal IPN - Devosc

    I get the lock using the other module and that is with a free shared SSL from my IPS :D .
  4. secretuser

    [Contribution]Paypal IPN - Devosc

    This module is giving me problems to. I messed around for 4 hours tonight and think I might have figured it out. I don't know exactly what I am doing, but this is what I have tried and it seems to work so far. I will test it more tomorrow. Most importantly, this doesn't seem to work in the test mode. I think this can be done in the test mode by following all the steps and doing it in the developers account at developer.paypal.com. If you do this there, you setup a bogus premiere account and do all the steps below. Just realize, you will have to do them again when you do your real account. I did this all in my real PayPal account, not my development account, so I can't test it all the way through. When changing from testing to live, I got all the way to the order page with the correct information, but I can't order because I can't pay and send to the same account. 1) Logged into PayPal. 2) Under My Account, I went to Profile 3) Under Account Information, I click API access 4) I created an API certificate and downloaded it 5) It appears the certificate contains two parts in a text document, a RSA key and a certificate. 6) I made two copies of this and edited them in notepad. One file I kept the top half which is the RSA key and deleted the bottom half. I saved this file under a name I chose and used a pem extension (must change notepads default from *.txt to *.*). For instance, you can use aaa.pem. 7) I opened the second file and deleted the top half and kept the bottom half which is the certificate. I then saved it with a pem extension like bbb.pem. 8) Go back to PayPal, in my account, profile, I went to the column in selling preferences. I clicked encrypted payment settings. 9) I scrolled down to the part in which it asked for my public certificate and I clicked add. I then added the certificate file I did using notepad, in this example it would be bbb.pem. Once loaded, you will see its good and it will give you information on it. 10) I scrolled up in the same area and downloaded the PayPal public certificate. 11) I changed the name of the PayPal certificate from a .txt file to a .pem file using notepads saveas feature and I shortened the name, like ccc.pem. 12) I went back to my account, profile, and went to the first column, account information. I clicked API access, and clicked view API certificate (as I already created it) 13) I Wrote down the API account name. 14a) I opened my FTP program and created a new sub-directory in my catalog directory, for instance, certkeys. I FTP'd the 3 files I created to this subdirectory, in this example, it is aaa.pem, bbb.pem, and ccc.pem. 14b) I created a new subdirectory in my catalog directory for my temporary files, we will call it temporary. 15) I went into my OSCommerce admin area, under modules, payment, and went into the new PayPal module. 16) I enabled encrypted web payments 17) Under the private key, I gave it the route to the file which starts with a forward slash /. So for instance, /mycompany/certkeys/aaa.pem 18) Under the public certificate, I gave it the route to the file which starts with a forward slash /. So for instance, /mycompany/certkeys/bbb.pem 19) Under the paypal public certificate, I gave it the route to the file which starts with a forward slash /. So for instance, /mycompany/certkeys/ccc.pem 20) Under your paypal public certificate ID, I entered in the exact API account name I got from paypal in step 13. 21) Under working directory, I gave it the path for the directory I created in step 14 b starting with a forward slash /. In this case, /mycompany/temporary 22) Under open SSL location, I gave it the same SSL as was in my configuration files which can be found in catalog/includes/configure.php. In this case, it could be https://mycompany.com 23) I clicked update 24) I tested it out and I got through to PayPal with no errors but I am too tired to test it more. Please share your experiences.
  5. secretuser

    Paypal Problems!

    Same Here using the test server. My company name shows up if I use aggregate or shopping cart shows up if I use by item.
  6. secretuser

    Bidpay - How to add module

    Just so that all of you are aware of BidPays terms of use, their payment system is designed to be used for auction payments. I think it is OK to have BidPay on your website only if it is in relation to current auctions sold elsewhere. Under BidPay's Frequently Asked Questions Section: Sending Payment and Using the Service 6. Does BidPay handle transactions that are not auction related? No. The BidPay service is intended only for online auction payments. I just don't want anyone to lose their BidPay account over this.
  7. I have been having the same darn problem :( . This contribution worked great, even with the Admin Access contribution, but starting in December, it stopped working and I kept getting sent back to the login page. No matter how many times I relog in, I kept getting sent right back to login when trying to view the customer section.
  8. secretuser

    CC module | More cards, issue number, ccv

    This is an excellent post and I agree with some of your points. 1) There is a risk no matter what you do that information gets compromised. 2) I like to control the purchase before charging the card. I want to do various forms of verification including IP address checking and other items which a payment gateway might not do as I am ultimately responsible for fraud, not the payment gateway. Once I do this, I will manually run the card with AVS and other checking through my merchant account gateway. 3) I agree that it is bad business practice to hold someones credit information on your email, database, and in hard copy. I wouldn't want someone else to do this, and I wont do this to anyone else either. 4) I strongly recommend using two separate servers, one for your email account and one for OS Commerce if you do this to add an extra level of protection (still no guarantees). 5) Once I get an email, I charge the card immediately and delete the email, the CVV number, and the credit card number. 6) I use a manual encrypted payment gateway in which my merchant account company keeps all records of the CVV, credit card number and everything else, so I don't need to keep a hard copy. 7) Once charged, everything pretty much gets wiped out with respect to the credit card, there are no hard copies maintained by me. If I want to refund the person, I must log into my manual gateway and order a refund. The merchant company has the information on file, I just click on the transaction I am refunding and it is refunded. 8) If my site gets hacked, which it very well can be (I trust no software), it is unlikely to have any credit card information. If my office gets burglarized, there will be no credit card information as nothing is kept in digital or hard copy by my company once the charge is made. 9) It is against the merchant agreement to keep the CVV number for more than a day or two. No matter what you do, you must destroy this number, you may not keep it. 10) I totally agree with you that if you are using this method, YOU MUST DISCLOSE this to your customer. My payment FAQ section completely discloses how my company maintains data security and the risks involved including the fact that transactions are done off-line, portions of information are sent in unsecure email, and portions are kept on a more secure database. I have always disclosed this in the FAQ section on data security. The points I had made several months ago were for those who were intent on using the OSCommerce credit card module. If one is going to use it, then I have tried to offer the best suggestions I could think of to keep the information as secure as possible.
  9. secretuser

    CC module | More cards, issue number, ccv

    Before you paste that into your PHP program, you should make a backup first. To do this, do the following: 1) Open the appropriate database. 2) Select the Export tab (third tab over) 3) Select data and structure 4) Click select all 5) Check the box for add drop table 6) Check the box for complete inserts 7) Check the box for enclose table and field names with backquotes 8) Check save as file and check zipped 9) Click go 10) Select save and pick a location on your hard drive
  10. secretuser

    CC module | More cards, issue number, ccv

    I suspect you are the cool person that wrote the MaxMind contribution :D. It was through your forum I learned how important it was to obtain the IP of the buyer. One of your contribution users had a purchase for a U.S. delivery but the IP was from Vietnam. In spite of this, his merchant account fraud protection approved the charge even though it clearly deserves further inquiry. I myself am interested in your contribution. Right now my sales are slow, so I will manually check the IP addresses. If sales pick up, I will seriously consider your fine contribution. I know it is very popular among those that accept credit cards directly and should be given a serious consideration for adding it for those that process many credit card numbers.
  11. secretuser

    CC module | More cards, issue number, ccv

    I am not familiar with the other CVV, but if it works for you, that is great. I have just added another contribution today that I think you should give serious consideration to. The name of the contribution is: Order IP Recorder v1.0 This is a very good contribution because what it does is it records the IP address of every order that is made in your store and includes it in the OsCommerce administration section for that order. Why have this. Will, if you are manually processing credit cards (which you are based on this topic thread), you need to know where your customer is placing an order. Sometimes an order might look legitimate when it is really a fraud. For instance, you might have an order with a PO Box in New York, name, phone number, and valid credit card information. Everything looks great until you do a quick check on the IP address and find that the order was placed in Nigeria. To check the IP address, you go to an IP checking website like: http://www.geobytes.com/IpLocator.htm which gives you lots of information or http://www.webmaster-toolkit.com/ip-address-locator.shtml which just gives you the country There is another contribution that does this automatically to a certain extent called MaxMind, but I have not used it as I am concerned about sending bits of credit card numbers to a third unknown party and the disclosures I might have to make on my site for using MaxMind. I decided it is just as easy to check the order IP myself. The contribution has 2 install text files, use the one inside the folder as it is dated 8/30/04 when you select properties and the contribution was fixed so that the checkout confirmation page tells the user the IP has been recorded. There is one very outdated section of instructions for installing on OsCommerce 2.2 Milestone 2, the July 2003 edition. Under step 4, it says to find the following in catalog/checkout_confirmation.php: <td align="right"><?php echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER); ?></td> </tr> This code is no longer there. Instead look for: echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n"; ?> Insert the new text on the line below the ?> and you will be fine.
  12. secretuser

    On The Fly Watermark Enhanced 1.1

    I checked and GD library is enabled. The setup is so simple that I am puzzled as to why it isn't working. I did the following: 1) I uncompressed the zip file 2) I edited the watermark.htaccess file to read RewriteEngine on RewriteRule ^(.*)\.jpg /images/image.php?%{REQUEST_FILENAME} I later tried this: RewriteEngine on RewriteRule ^(.*)\.jpg /catalog/images/image.php?%{REQUEST_FILENAME} 3) I saved all 4 files (except the readme) to my images directory. 4) I renamed watermark.htaccess to just .htaccess (permission 644) 5) I checked permissions on 4 files which are 644, later tried changing to watermark files to 777 6) I opened my shopping cart to see if I could see the sample watermarks on my images, but no luck Editing Post to add the following: I am using OsCommerce Milestone 2 Ver. 2.2 from June 2003
  13. secretuser

    On The Fly Watermark Enhanced 1.1

    What is a GD library and how do I enable it as I am not able to get this contribution to work either. Thanks.
  14. secretuser

    CC module | More cards, issue number, ccv

    One more thing, I sell only in the United States. I do not know anything about Switch and Solo cards and this is the first time I have heard about them. In the United States, everyone pays by either MasterCard, VISA, American Express, or Discover card. All card companies work together to keep them nearly identical for processing purposes so all you need is name, card number, expiration date, and CVV. In the United States it doesn't matter whether you have a debit card or a credit card. VISA and MasterCard work the exact same way for debit VISA or credit VISA. I find it puzzling why the UK took a different approach for debit cards by creating an entirely different system when it would have been much easier for everyone if it was incorporated with the credit card business.
  15. secretuser

    CC module | More cards, issue number, ccv

    A member of OsCommerce private messaged me regarding how to best secure the credit card module. I will post my reply here: I was able to get my credit card module to work flawlessly. Security is of the utmost importance. If you use the credit card module, you should make every effort to reduce the possibility that your site gets hacked. If you do all of the following, I think your site will be very secure and you will have a great credit card module. While I have little programming knowledge, I have tested many contributions and found that certain contributions work with no detectible bugs which I have listed below. Keep in mind that there are hundreds of sloppy contributions out there and that more recent versions may be worse than prior versions as newer versions might be written by someone other than the original writer who is either careless or doesn?t know what they are doing. I am therefore providing you with good version numbers. All contributions listed below will work on OsCommerce 2.2 Milestone 2 July 12, 2003 release. 1) Rename your admin directory to something other than admin and don't tell anyone what it is. 2) Add the following contribution: Administration Access Level Accounts 2.0 Version: 2.3: 9/5/03 This will lock down your admin so that others can't get access to it. As an added layer of protection, you can also have your web host lock down that directory with a password. 3) Install an index.html file in all directories and subdirectories except for the catalog directory and the admin subdirectory. This should take less than 15 minutes to do using a good FTP program. The html should be an automatic link back to your catalog index page without a delay. The code is short and simple. This will reduce the possibility of people hacking into your software by typing in a known subdirectory by name and viewing your files. 4) Install the following contribution: EZ" Secure Order & Customer Viewing for osCommerce Version: July 18, 04 This contribution will encrypt the data for customer information and order information so that it can't be intercepted while being transferred from your server to your computer. The developers of OsCommerce failed to secure the admin side of OsCommerce with encryption even though they made the effort to encrypt important information on the customer side. This contribution addresses this. Everything other than the order and customer information is not encrypted. Using this contribution is a much better choice than changing your OsCommerce settings to secure the entire admin as it will not give you script errors when uploading pictures and it will not give you secured and unsecured information notices. Also, this contribution works with admin_23 so that your admin login now becomes secure which is very important. Why encrypt the order and customer if you don't encrypt the password to get into the admin in the first place? This real simple contribution does all of this and is an ABSOLUTE MUST if you are going to use the credit card module. 5) Install the following contribution: CVV for cc.php version: CVV1.24. Jan 8, 04 This will add CVV's to your credit card module, with a button that will delete the CVV from the customer database after you charge the card. This is an absolute requirement to comply with any merchant account as you may not keep CVV numbers on record. As an added bonus, this module includes an awesome help feature for users with a very clean popup image showing exactly where they can find the CVV for all types of credit cards. 6) Install the following contribution: Clear CC number from orders version: May 7, 03 This is a great contribution that will automatically delete the credit card information from the customer account when you change the order from pending to processing or from processing to delivered. You should set the credit card module to email you half the numbers by providing your email address (preferably from an email server that is not shared with your web hosting server). Print out the email. Go into the client account, write down the remaining numbers on the printout, but don't write the CVV number. Process the card, when done, update the status in OsCommerce and the credit card number will be deleted from the database automatically. Then push the clear CVV number button and the CVV number will be erased from the database. The database will still keep the expiration date on file. Keep the printout for your records in case you have to do a chargeback. This way, your database will have virtually no credit card numbers in it (partial or whole) as you delete them as you go along but you should always maintain a paper copy in case of a future chargeback. 7) You might want to add credit card images to your credit card module like I did. It is very easy to do with simple html or php. Store them in your image directory. When you write the code informing the software where the little credit card images are, use the address of your secured server. By doing this, the credit card images will be displayed in the payment module and the customer will not see a secured unsecured warning. 8) If your merchant account sends a confirmation with the last four or first 4 numbers via email, you will need to reverse the order in the programming so that OsCommerce emails you the first and last 4 and keeps the middle in the database. I explained how to do this in one of my posts under the name secretuser. There is no absolute security, but I think this is pretty good. If you decide to follow these instruction, you do so at your own risk.