Jump to content
Latest News: (loading..)

Recommended Posts

I am not agree with that 

  • customers_street_address
  • customers_suburb
  • customers_city
  • customers_postcode
  • customers_state

because If we delete that, the address become dynamic or if a customer change this address, it change all the invoice if I understand your solution.


Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

Tuto for 2.4 :
- How to Display a new page with app
- How to make Header Tags under app APP
- How to make a
boostrap modal with external element

Share this post


Link to post
Share on other sites

@@Gergely you're probably right, these can be drastic changes. I usually prefer drastic changes over surface fixes, but that's my personal taste. I was suggesting because if the next version will break addon compatibility it could be a good time to do it and when order list grows there's a significant amount of redundant data on the databases; but in the other hand as you say it won't hurt to leave them there.

 

Most of the green fields will just need a couple of simple functions and some changes on checkout process files, so I'll start workin on this as soon as I can have a free day.

 

But others (like shipping method or specially billing method) that could need their own classes and are widely used are more difficult to work with, so I'll just add the new fields and once the rest is okay we'll see what to do with them, don't you think so?

 

@@Gyakutsuki there are usually just one or maybe two addresses in one purchase. Shipping address (where the products must be sent, for individuals is usually their postal address and for companies is usually the address of their warehouse, factory or wherever they use the goods). And billing address (where the invoice must be sent, usually the tax domicile of a company and in most cases same as shipping for individuals). Both of them should be shown on the invoice.

 

But in oscommerce we have three addresses on each order: shipping, billing and customer address. Only shipping and billing are useful, and I can't imagine why the third one was added. By removing this third addres (not shown on invoice or packingslip) you don't loose any relevant information. Both needed addresses will still remain on the orders database table.

 

I'm currently not sure if that 'customers address' is taken from main address or from billing address, but in any case the info isn't needed.

 

 

It would be nice to hear what you think about some fields like the proposed customers_uid. Do you think it would be useful to have it into the orders table?  I already have a similar field for VAT numbers and even if validity checks are done outside the class I see useful to have a standard field where to store and search for that kind of information.

Share this post


Link to post
Share on other sites

Ok I understand better what do you mean.


Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

Tuto for 2.4 :
- How to Display a new page with app
- How to make Header Tags under app APP
- How to make a
boostrap modal with external element

Share this post


Link to post
Share on other sites

i think one day, you go regret it if delete it.

 

Removing is easy!

 

Making new and better is more complicated.

Especially with the new EU tax rules it could become handy to have that customers address.

I also think your approach is not correct, sorry.

 

To run a 100% LEGAL ordering database it is very important you keep the OLD order data..... please keep that in mind.

It is also the last time i go mention this  (there where other people mentioning to make it able to edit the orders db).

 

Store edited orders as a "version", but keep the original order.

 

Original order id 1,  (parent_id 0)

Edited order order_id 22 (parent_id 1).

After you just switch the order_id's... and all is done and with much much lesser changes to the core.

For the language issues, i understand your points, but for that to solve i would just store the constant's like : define(MODULE_PAYPAL , 'Paypal') , then simply store MODULE_PAYPAL to db.

 

 

The orders db looks BIG for some people.... but it is nothing.

Trust me.... there are much more complex db's table's out there..... and they really scare you.

Edited by wHiTeHaT

Share this post


Link to post
Share on other sites

and why:

 

it is nice you put a reference to a site, but.... where on that reference i can read why cc_expires should be deleted, can you be more direct?

 

So.... if i not behind my machine... you place an order, and i not see your card is expired (but somehow the order went  true), i can take caution before send you the product....no?

Share this post


Link to post
Share on other sites

i think one day, you go regret it if delete it.

 

Removing is easy!

 

Making new and better is more complicated.

Especially with the new EU tax rules it could become handy to have that customers address.

I also think your approach is not correct, sorry.

 

To run a 100% LEGAL ordering database it is very important you keep the OLD order data..... please keep that in mind.

It is also the last time i go mention this  (there where other people mentioning to make it able to edit the orders db).

 

Store edited orders as a "version", but keep the original order.

 

Original order id 1,  (parent_id 0)

Edited order order_id 22 (parent_id 1).

After you just switch the order_id's... and all is done and with much much lesser changes to the core.

For the language issues, i understand your points, but for that to solve i would just store the constant's like : define(MODULE_PAYPAL , 'Paypal') , then simply store MODULE_PAYPAL to db.

 

 

The orders db looks BIG for some people.... but it is nothing.

Trust me.... there are much more complex db's table's out there..... and they really scare you.

 

I'm not saying the database is complex; it's easy as using a nipple. I'm saying it is storing completely uselless duplicate data, just that.

 

You have billing address (the legal address for invoicing and taxing) and shipping address. What does represent customer address? I don't see handy to store useless data.

 

When the customer places an order he is only asked for shipping and billing address. Where does the payment process asks him to specify that "customer address"?

 

BTW I've done a quick test and an SQL dump for a 4,000 orders table is 22% heavier than one that does not includes that duplicated information.

 

This topic is not about order editing but about class optimization so the rest of your comments should be covered on another thread.

 

 

and why:

 

it is nice you put a reference to a site, but.... where on that reference i can read why cc_expires should be deleted, can you be more direct?

 

So.... if i not behind my machine... you place an order, and i not see your card is expired (but somehow the order went  true), i can take caution before send you the product....no?

 

 

I think you should read the link I posted above. Oscommerce does not comply PA-DSS so if you use the credit card feature in Oscommerce your business is not PCI DSS compliant. That single reason should be enough to remove those fields because it can only lead to legal troubles if you use them 'as is'.

Share this post


Link to post
Share on other sites

@@wHiTeHaT I don't know if you manage an online store or just are an oscommerce programmer, but if you can do it run this SQL query to see what I'm trying to explain:

SELECT `customers_id` , `customers_name` , `customers_street_address` , `delivery_street_address` , `billing_street_address`
FROM `orders`
WHERE `delivery_street_address` <> `customers_street_address`
AND `billing_street_address` <> `customers_street_address`

It would be really useful if other store managers could do the saame and post results here. I've found so far 12 results from this query, and in all cases it was caused from costomers who put incomplete data on the orders and I had to edit the addresses, and for customers who has relocated and kept their old address as primary addres instead of deleting it. So those fields can, in best case, be redundant and in worse led to errors.

Edited by piernas

Share this post


Link to post
Share on other sites

no no my friend, like that it not work (for me):

https://www.pcisecur...s.org/index.php  Say's nothing to me... i (and other readers) want a explanation for what you say, i not go try to FIND what you try to say.

 

you read it on that site.... but WHERE? (be precise).

 

That "sample" query means nothing to me.... it does not say anything.

Concern in that case more for HOW data is inserted.

Consider to prevent mismatch results a auto-complete/address lookup API.

 

But i leave you now to your orders class....Goodluck!

 

 

BTW: i took time to read more about the subject regarding the CC data........

And i can tell you......you are mis informed.

There is nothing wrong with storing the CC data as IS in osCommerce.

Edited by wHiTeHaT

Share this post


Link to post
Share on other sites

no no my friend, like that it not work (for me):

https://www.pcisecur...s.org/index.php  Say's nothing to me... i (and other readers) want a explanation for what you say, i not go try to FIND what you try to say.

 

you read it on that site.... but WHERE? (be precise).

 

That "sample" query means nothing to me.... it does not say anything.

Concern in that case more for HOW data is inserted.

Consider to prevent mismatch results a auto-complete/address lookup API.

 

But i leave you now to your orders class....Goodluck!

 

Explanation of PCI DSS rules is not easy, but basically every merchand and programmer that works with CC data has to follow the rules of PCI DDS (Payment Card Industry Data Security Standard). Perhaps wikipedia has a more simple view of the rules so you can take a look at: http://en.wikipedia.org/wiki/PA-DSS

 

There are several points oscommerce 'as is' doesn't comply with, but there's one that's crucial (see it on wikipedia link above):

 

9- Cardholder data must never be stored on a server connected to the internet

 

Do you understand it now? Don't you think it's enough to remove those fields?

If you don't understand it just go to your bank or tell you CC provider you're currently using oscommerce for permanently storing CC data on its database and see what they have to tell...

Share this post


Link to post
Share on other sites

THAT DATA is SEND BACK (IF it is send back)  from your PSP.................. for THAT PSP, these RULES APPLY.

 

osCommerce DOES NOT: PROCESS/STORE/TRANSMIT ANY CC DATA.....................READ READ READDDDDDDDDDDDDDDDDDDDDDDDD

Edited by wHiTeHaT

Share this post


Link to post
Share on other sites

dude.......i give up on you.

 

you pointing people to read stuff you not understand yourself.

 

i go explain it very simple :

 

- the "rules/compliancy" you refer to are for when YOU process/transmit/store CC data. .....ok?

 

in case of osCommerce .... YOU... not store/transmit/process any DATA, the users/buyers FILL on the PSP (paypal,braintree,sagepay etc etc ...all OFFICIALY COMPLIANT).......

 

Now it COULD be that one of these PSP send back to YOU the LAST 3 or 4.... or the first 4 or 5 (what is the EXACT allowed amount of digits i am unknown of).

 

THAT IS ALLOWED.

 

It is USED as REFERENCE for the BUYER.... to KNOW (if he has more as 1 CC)... with WHAT CC he payed............COMPRENDE it now?

Share this post


Link to post
Share on other sites

We just don't share the same concept of storing, for sure. For me a customer fills the data and your software stores it instead of . It's a clear concept for me.

 

There's a lot of other requirements also when using the credit card module supplied with it. Just to mention some of them, Oscommerce does not encrypt those stored data fields nor does have an admin access control system that allows those stored data to be hidden from certain employees or grant access to others, admin side allows you to see CC data under a non secure connection and so on.

 

There's a lot of threads in this forum discussing this matter, and if you look at them you will find many opinions like mine.

 

And take it easy, man. It's not a competition and nobody has to have the absolute truth, you don't have to shout continuously. we're just discussing about an interesting matter.

Share this post


Link to post
Share on other sites
There's a lot of other requirements also when using the credit card module supplied with it.

 

 

osCommerce does not come with a build-in Credit-card module :

 

https://github.com/osCommerce/oscommerce2/tree/master/catalog/includes/modules/payment

 

The ones listed are all PSP (Payement Service Providers).

 

Now....once again..... osCommerce DOES NOT STORE CC DATA.

 

 

I caught you several times as you refer often to your "experience as shop owner" and manager of what ever sort.... so as your Grade.

So... yes i am pissed of if people "mention"  there quality's.... and then me as an unqualified person in terms of education/school must "correct" such persons given information to the public.

 

It all leads to miss-understanding if no one replies back.

What would others think if i just let you post all the crap you talk about for PCI compliance guideline etc etc....

When that have nothing to do with how osCommerce handles customers payments.

 

People would consider using other e-commerce software, or start asking questions.... just because you spreading wrong information.

 

It would be the same if i now would go write here in the forum (without knowing anything about your shop) .... that the products you sell, all suck.

So ... yes... I POST IN CAPS sometimes.

Edited by wHiTeHaT

Share this post


Link to post
Share on other sites

@@wHiTeHaT I'm sorry, you're right about the cc module. I was remembering about cc.php module on oscommerce 2 RC2 as is the version I¡ve been using for years.

 

About storing the data I'm completely lost with your affirmations:

 

 

There is nothing wrong with storing the CC data as IS in osCommerce.

 

 


Now....once again..... osCommerce DOES NOT STORE CC DATA.

 

So what's the correct one? Does oscommerce use the order table data about cc or not?

 

I'm currently trying to comprehend how this data is used (if it is at all) in oscommerce.

 

You're misunderstanding me. I don't use my experience as a grade, in fact I couldn't find where I said that???? Experience for me is not a grade, but a way to learn and understand things. I don't consider at all myself an expert if that's what you think. I have no studies about programming and all of my little knowledge about php comes from experimenting with oscommerce and reading this and other online sites so the only knowledge I can mention is experience.

 

About shouting constantly for me it's not a matter of education in school but a matter of aquired respect. I try to treat everyone with respect including you. It's you who are saying about me talking crap and suggesting I'm not qualified to do anything related to this software.

 

For the rest of those who doesn't consider offensive to oscommerce asking questions: I'll be posting a topic later to see if someone else can help me with how cc database fields are used in oscommerce because these doesn't fit well in this topic; I'm currently reading the code but still didn't find an answer. For now I presume those fields are legacy code that was left there over the years from the time the credit card module was in oscommerce, but I'm still not 100% sure. We'll see what we can find :)

Share this post


Link to post
Share on other sites

Ok steep forward pls. cc is not as important than you are taking attentions in it. :)

How could be it closer? What would be the solution?


:blink:

Share this post


Link to post
Share on other sites

Thanks @@Gergely I got distracted with the discussion. I'm just attempting to add the values to the class and all other relevant files.

 

I'm not good at github but will try to use a new branch to upload the changes proposed.

Share this post


Link to post
Share on other sites

1 more and last time :

 

oscommerce does not store CC data (USERS INPUTTED SENSITIVE DATA)

 

oscommerce CAN store RETURNED DATA from PSP, as it is ALLOWED to store and X amount of digits from a CC number (if i am correct it is also called PAN number), keep in mind this is RETURNED data from PSP, like paypal ipn... yes.

 

see the differences... user inputs DATA on PSP..... PSP sends back to you "partial SECURE/ALLOWED data"....The user NEVER entered that ON YOURS.

 

When you would allow that..... yes THEN... then you must follow compliance rules.... and i can assure you, you not want that.As it is a pain... and an impossible task for the "regular e-commerce webshop owner".

It is also useless to make osCommerce compliant to these rules, as ironically you already pointed it out :

 

9- Cardholder data must never be stored on a server connected to the internet.  Now.... just read that red text you posted yourself.especially "connected to the Internet", as you can already determine... oscommerce is not made to be not connected to the Internet.

 

 

Now... since i am getting some sort of tired of this topic, i still need to point out a few things.

 

You referred previously

" This topic is not about order editing but about class optimization so the rest of your comments should be covered on another thread."

 

But you not see you actually somehow manipulate/edit the orders table... once again... if any legal actions taken to you from a buyer... you loosing.

Just a simple example:

 

customers address, you state it is not used in the orders, so you think you can take it out and use the "current address".

 

Now what if you printed out on the first day of the order the customers address, and the users change his address on the 3th day, then prints it out.

 

You goto court... you both give your printed "proof" ...BAM!!! there you go.

 

It is what i trying to say since the beginning.... do not mess with the orders.

 

Now... after rethinking i sayed... i understood for the languages.... but now i thought again of it.... and i think you are all wrong.

 

If a german user chooses "sofort uberweising" (means direct transfer).... and you as a shop owner cannot understand what it means... why you offer German language to your shop?

 

What if that customers calls you... he expect you speak german... you offer it on your site.

 

 

For the "I caught you several times as you refer often to your "experience as shop owner" and manager of what ever sort.... so as your Grade."

 

 

Yes you do that and did that.... in fact right here in this topic in an arrogant tone:

 

-I don't know if you manage an online store or just are an oscommerce programmer, but if you can do it run this SQL query to see what I'm trying to explain:

-This topic is not about order editing but about class optimization so the rest of your comments should be covered on another thread.

 

There was an other post, i not go try to find them.

It can be me misinterpreting you... if so. Sorry for that.

 

 

Some things discussed on this forum.... you can simply get sick and tired of it... in fact.... just the responding to you caused me a headache already (seriously).

Share this post


Link to post
Share on other sites

@@wHiTeHaT it's difficult for me to follow your comments. Latest reply clarifies a lot because I didn't understand what you were saying. Now it's much clearer.

 

If the data is not stored/collected by oscommerce but by a module then personally I don't see the point of having those fields, independently of legal or contractual implications. If I understood you well the fields are not used by any piece of code of oscommerce and does not store any user input, right? So for me these are empty fields, useless, superfluous stuff left there forgotten when the cc module was removed. It's my opinion, and as a personal opinion I shared it in this post.

 

I don't store any CC data on my site, not just because rules, but because I believe it's not a good practice. It's a risk with no benefits. As I told before I've suffered a fraud because one online shop where I usually buy was hacked and my credit card data, along with the data from other customers was stolen. As a resul one day I received a credit card statement where I had supposedly purchased four cinema tickets in Sheffield, UK while I was in Valencia, Spain. So I've learned the lesson: I will never enter CC information on a cart system that stores or asks for CC data without a PSP.

 

About the language you use weird assumptions when arguing. To be clear: I speak decently two languages, spanish (my native one) and english, and understand a bit a couple of them more. May I have your permission to have a multilingual shop that offers both languages and manages them on a reasonably useful way or will you oppose because I could add a third language that I don't speak?

 

About the so-called customer address in orders table: I suggest you to re-read my previous explanation calmly and without prejudices (just in case you want to, I will not force you in any way), because you didn't understand it at all. In no way I speak about using a 'current address' or putting on the order some address the customer hasn't put there. I'm talking about the completely opposite thing; not using a field that oscommece does not take from the current user input. Just use the two addresses the useer inputs (billing and shipping) and completely remove the third one, that only shows AFAIK on the admin order details file orders.php and nowhere else.

 

Thank you for your excuses and please accept my apologies if I've said something that looks arrogant as I didn't have the intention to. I'm sorry for your headache; all I can tell you about it, again, is 'take it easy'.

 

 

Share this post


Link to post
Share on other sites

Again into the topic, I spent two hours today trying to get apache 2.4 and php 5.5 working thogether as the latest version of oscommerce refuses to install over PHP 5.3 on my local system. I'll publish a modified class as soon as I get it working.

Share this post


Link to post
Share on other sites

 

currency_value  Is it really useful?

 

 

For multi currency shops...yes

Share this post


Link to post
Share on other sites

yes... exactly... that address is used on the orders page, so no... i would NOT remove it.

And there are very good reasons to do not do that, as i pointed out.

 

And there you go again.....seems i not misunderstood at all

 

May I have your permission to have a multilingual shop...........

 

I go do my best to just ignore you.

 

you have my permission to have a nice day.

Share this post


Link to post
Share on other sites

@@piernas

 

https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

 

This shows what is allowed (and what is not allowed) to be stored.  


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

A bit of a me too on this topic. Not so much with multiple languages, but with the text changing.

 

When sending orders over interfaces to other systems, the paid shipping method has to be derived from the language-specific text on an order total record - which is the same text presented to the user when choosing shipping method. This text seems to change more often than you would imagine (at least once a year!) so I implemented a lookup table to save rework.


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce here: https://github.com/gburton/osCommerce-234-bootstrap/archive/master.zip

 

For Github users: Bootstrap addons - one per branch - https://github.com/BrockleyJohn/Responsive-osCommerce/wiki/Overview-of-Branches

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×