Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

[Contribution] Grab_Order_Details

dailce

By dailce
in General Add-Ons Support

 Share

Recommended Posts

dailce

dailce

Posted
Posted

Grab_Order_Details

 

A customer can enter their email and order number on your site and view the order details without logging in.

 

I think this will work well if you have PWA or No Account installed.

 

Enjoy :)

 

Hope I didn't make any errors in this guide.

 

Feel free to improve this if you can - thanks.

 

================================

 

I will try my best to help out with this contribution, but I hope the community can help out more. I'm no expert in php, well at least I don't think I am :blush:

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

This seems like a good idea but surely there is someway it could be abused???

 

Maybe I am just talking rubbish but I just have an awfull feeling that something could go wrong because this is the type of personal data that is locked away behind a login routine for a purpose.

 

Maybe others could also share their points of view on this.

Link to comment
Share on other sites
dailce

dailce

Posted
  • Author
Posted (edited)

Good point, but I don't think it can get abused. I've seen this done before on some big sites. You will need 2 pieces of information to view an order's details: order number and email. Without that you will not get any information. I'm sure you can guess the order number if you wanted to go through consecutive numbers, but you will still need to know the email.

 

One way to make it a bit secure would probably be to make your order number more complex like adding random letters to it i.e. 1353ADS5486X

 

Maybe there is a way to make it more secure, but I think it's ok. If anyone does have some insight then please share.

Edited by dailce
Link to comment
Share on other sites
  • 2 weeks later...
Snoboreders

Snoboreders

Posted
Posted

I was just about to install this contribution until I realized that you're right....there is a chance it could be abused. In my store, the last order number was 93. It doesn't take too much creativity to figure out what the rest of the numbers were. Now all that's needed are some email addresses.

 

Is there a way to add something to this contrib to make the order number more complex? For example, I was looking at an order I placed with a company, and my order number was this: R4167123. Compare that to 93.

 

I think if the order number was more randomized that would put people more at ease.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
I was just about to install this contribution until I realized that you're right....there is a chance it could be abused. In my store, the last order number was 93. It doesn't take too much creativity to figure out what the rest of the numbers were. Now all that's needed are some email addresses.

 

Is there a way to add something to this contrib to make the order number more complex? For example, I was looking at an order I placed with a company, and my order number was this: R4167123. Compare that to 93.

 

I think if the order number was more randomized that would put people more at ease.

The email address still has to be guessed. You can step the last order up in phpmyadmin to make it a higher number.

Link to comment
Share on other sites
  • 3 months later...
danta67

danta67

Posted
Posted

Hi there

 

Installed this contri but do we need ssl for this to work

 

i made a link in the order email so the customer can click the link from there email but when i fill in the email adres and the order number it says order nr not exist in our data base

what am i doing wrong

danta67

Link to comment
Share on other sites
  • 5 months later...
JSR

JSR

Posted
Posted

When I use a non existing order id or email it does show the error warnings, however the page just keeps refreshing itself with each valid request....

Anyone using this contribution? I really like it a lot, but it's just not working the way it's supposed to...

Link to comment
Share on other sites
  • 4 months later...
  • 4 months later...
deanfromoz

deanfromoz

Posted
Posted

@Dalice

 

Firstly great contribution.

 

Have installed but it seems it won't work with PWA as it pulls data from CUSTOMERS table thus it won't identify any orders that have PWA.

 

Hopefully there is an easy solution to this problem.....

Link to comment
Share on other sites
  • 5 months later...
nevergiveup

nevergiveup

Posted
Posted

I can't get Grab Order Details contrib to work.

I have tried everything. Looks like it needs to be updated. Hope someone will work on a new update.

People that have installed PWA and/or No Account contribution really need this to work so the customer can look up order status without Account.

Link to comment
Share on other sites
  • 4 months later...
  • 3 months later...
ardee00

ardee00

Posted
Posted

Can somebody confirm?

 

To use this, one must also add a menu item (or other navigation) that takes the user to a new page (also needs to be created) where the user can input the order number and e-mail address ... which THEN invokes this new code?

 

I.e., this contribution is one piece of what you need. You also need navigation and a new screen (form).

 

Right?

 

Thanks!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...