Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

How do offline orders reach me with osCommerce?

Slindo

By Slindo
in General Support

Recommended Posts

Slindo

Slindo

Posted
Posted

I want to be able to process orders paid for by CC off line. After poking about this and other sites I haven't been able to find anything that tells me in just how this would happen - does it send them email, hold them on the server, or not do them at all? I know there are lot of payment modules, but offline?

 

Also I would be very interested, whatever the form, of seeing an actual sample of what the order would look like - this is important because I want to be able to do a script that would automatically tranfer the necessary info into a database or CC processing program. Some carts I've tried are unusable for this because the info is all lumped together with no labels or tags that would help sort it.

danadd

danadd

Posted
Posted

I don't have a full answer to your question, but here's a start. Maybe someone else will add on.

1.Email notifications for orders are sent to the address specified

The email notification lists the products, the individual's name, the billing address and the shipping address. The email address is specified in Admin/Configuration/My Store.

 

2. if you go into the Admin/Modules/Payment - click on Credit Card and edit. You can choose to have the middle number of the credit card sent to an email address you specify.

 

I haven't yet figured out how to get the other credit card information other than looking in the database table "order" - the middle number is xx'ed out in that table; hence, #2 above.

 

Let me know if you want to see an order notification email - I can forward a dummy to you. Sometimes a visual helps, although there isn't anything on it other than what I mentioned.

- Dana

danadd

danadd

Posted
Posted

okay just found how you retrieve order information:

admin/orders.php

 

you click on a pending order, then choose "edit". You'll see the whole order on the page.

 

If you change the credit card info in #2 in my above post, then on the admin/orders page the middle numbers are xxx'ed out. If you don't do #2, then the credit card information shows in full in admin/orders.

 

- Dana

Jan0815

Jan0815

Posted
Posted
If you change the credit card info in #2 in my above post, then on the admin/orders page the middle numbers are xxx'ed out. If you don't do #2, then the credit card information shows in full in admin/orders.

 

The CC-module was always meant as an example module and should not be used in real life. Only when the email option is activated there is a slight chance of security. Without the email option enabled the full CC-number is stored in the database. On a shared host where many users have access to the database server this is a very dangerous situation.

 

Storing the CC-details with the CC-module WITHOUT enabling the email option will for sure be a violation of the usage terms of your credit card company.

 

Result: Use the CC-payment module only as absolute final resort when there is no other payment option possible. Use it ONLY when the email function is activated.

 

General rule: NEVER stote CC-numbers in a database.

You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Slindo

Slindo

Posted
  • Author
Posted

When I got my first ebiz site going I was taking orders, CC#s included, via an email form on a nonsecure server. I called up the security dept of my CC provider and asked if they had an rules regarding how CC#s be sent over the inet. "No", he told me. Despite what you hear, we've never had an actaul instance of anyone having an CC# stolenove the net - statistically just about all CC#'s get swiped at the point of sale, by one of the people handling them. Restauants are the very worst place, because you give the waiter your card for minutes at a time, and the waiter is often an undocumented alien, working for cash, not a regular employee, and the restaurant doesn't even know his real name!"

While my more paranoid friends like to talk about packet sniffters and such, since then I notice that when there have been inet CC thefts, it always seems to be from a secure server that is keeping a database of numbers, and never plain old email.

 

 

 

Storing the CC-details with the CC-module WITHOUT enabling the email option will for sure be a violation of the usage terms of your credit card company.

 

Result: Use the CC-payment module only as absolute final resort when there is no other payment option possible. Use it ONLY when the email function is activated.

 

General rule: NEVER stote CC-numbers in a database.

mattice

mattice

Posted
Posted
When I got my first ebiz site going I was taking orders, CC#s included, via an email form on a nonsecure server. I called up the security dept of my CC provider and asked if they had an rules regarding how CC#s be sent over the inet. "No", he told me. Despite what you hear, we've never had an actaul instance of anyone having an CC# stolenove the net - statistically just about all CC#'s get swiped at the point of sale, by one of the people handling them. Restauants are the very worst place, because you give the waiter your card for minutes at a time, and the waiter is often an undocumented alien, working for cash, not a regular employee, and the restaurant doesn't even know his real name!"

While my more paranoid friends like to talk about packet sniffters and such, since then I notice that when there have been inet CC thefts, it always seems to be from a secure server that is keeping a database of numbers, and never plain old email.  

 

This is so true. And yet all those nice creditcard companies charge us more provision then any IRL point of sale. Go figure.

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Slindo

Slindo

Posted
  • Author
Posted
Let me know if you want to see an order notification email - I can forward a dummy to you.  Sometimes a visual helps, although there isn't anything on it other than what I mentioned.

- Dana

 

Yes please do. Can't beat seeing the real thing.

you can email it to [email protected]

merlin

merlin

Posted
Posted

I'm actually sorta having the same problem. I would like to process CCs offline as I have a merchant account from my banc and I'm certainly not willing to share my low profit with an online cc processing service provider.It's just not worth it man. Anyways, I was really hoping that one of you guys could point to me the right way to do this. The problem I'm having consist on the fact that when I try to purchase something from my store, it doesn't ask for the credit card info and so the purchase is made without giving any choice in the method of payement section.

Anybody knows what I can do to fix this??

Any help would be very very aprecciated.

Thanks.

Will.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...