NOP Design

[Anastasiya]

Hello,
The http://jlisandra.com website just captures credit card info, but it should then to be processed manually. I would like to make this process automatically. I uploaded .pem file (that does this processing) to a Web server. Also, I configured .pl file that suppose to tie everything together. As I understand, this .pl script should be included into the chekout.pl script.
Where I should insert this script in the chekout.pl file?
Thanks,

[Koibito]

A PEM file is nothing but a mail security certificate. Some secure websites may ask users to upload a PEM file to authenticate their identity. I would stay away from dealing with credit card numbers. It makes you responsible when something goes wrong. Credit card fraud is on the rise. If you don't know what you are doing, and store credit card numbers in a CSV file on the server, or transmit them by unencrypted e-mail, you're asking for trouble. Practices like these give small-scale e-commerce a bad reputation. I wouldn't buy anything on a web site with NOP Cart if they also take credit card numbers. NOP Cart was never designed to handle credit card numbers. The idea is that you take the order, and let the payment processor (Authorize, WorldPay, LinkPoint, PayPal, Google, etc.) deal with the credit card payments. These large professional companies know what they are doing, and they have physical, electronic, and managerial procedures in place to safeguard the information and prevent fraud.

Some people use a combination of NOP Cart and the checkout scripts to send complete and unencrypted credit card numbers to themselves through insecure e-mail connections. They also store the unencrypted credit card numbers in the CSV file on the server. For several of us it wouldn't be too hard to get hold of that CSV file. Imagine what you could do with 50 names and addresses, and the corresponding credit card numbers? I think that you shouldn't use NOP Cart like that. If you really want to deal with credit card numbers, you need at least a database (like Oracle), encryption algorithms and SSL connections.

[Anastasiya]

Thank you for the important advice!

[Anastasiya]

Hello,
I am trying to process orders through FirstData.com. To charge a credit card they need a Total sum of purchase to appear in a particular field. Now it charges a sample price of $1.00. How to make the real Total to appear in that field?
Thanks,
Anastasiya

[Stefko]

First Data (aka LinkPoint):

In nopcart.js, checkout function, near the end of that you will find this

Code: Select all

if(PaymentProcessor=='lp'){;
strOutput+="<input type=hidden name=\""+OutputOrderSubtotal+"\" value=\""+MonetarySymbol+strTotal+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderShipping+"\" value=\""+MonetarySymbol+strShipping+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderWeight+"\"   value=\""+strWeight+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderMethod+"\"   value=\""+strMethod+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderFst+"\"      value=\""+MonetarySymbol+strFst+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderTax+"\"      value=\""+MonetarySymbol+strTax+"\">";
strOutput+="<input type=hidden name=\""+OutputOrderTotal+"\"    value=\""+MonetarySymbol+moneyFormat((fTotal+fShipping+fTax))+"\">";
}

Add these lines:

Code: Select all

strOutput+="<input type=hidden name=\"mode\" value=\"PayPlus\">";
strOutput+="<input type=hidden name=\"chargetotal\" value=\""+moneyFormat((fTotal+fShipping+fTax))+"\">";
strOutput+="<input type=hidden name=\"tax\" value=\""+strTax+"\">";
strOutput+="<input type=hidden name=\"subtotal\" value=\""+strTotal+"\">";
strOutput+="<input type=hidden name=\"shipping\" value=\""+strShipping+"\">";

The sum of item total, shipping and tax must equal the chargetotal
+MonetarySymbol+ should not be used when sending to a payment processor

Hope that helps

[Anastasiya]

It works. Thank you very much!

[Anastasiya]

Hello,
Could you please help me with two more problems linking to the FirstData.com?
The way we connected the http://www.jlisandra.com to the FirstData.com allows processing the credit card, but the order information does not go to the website owner, only to a customer.
That is what the FirstData's tech support told:
1) To make an entire order appear in a particular text field.
2) How to make a static URL that will include all variations of the shopping cart (product quantities and shipping methods). Right now a dynamic URL is placed on the FirstData.com. They told it affects the checkout.pl script, so it does not send emails properly ($csvfilename and $youremail do not work).
Is it possible to resolve these issues?
Thanks,

[lesliekirk]

If you change your form action from the checkout.pl

<form action="/cgi-bin/checkout.pl" method="POST" onSubmit="return CheckForm(this)">

to the credit card processor

<FORM ACTION="https://secure.linkpt.net/lpcentral/servlet/lppay" METHOD="POST" onSubmit="return CheckForm(this)">

wouldn't that completely by-pass the checkout.pl there by rendering it useless?

Is there any way to post back to the checkout.pl?

[unimatrix]

We use first data on about 50 some odd stores. Here is our First Data Payment script. Now we have Nopcart output all fields and then post them to a script called process.php which saves everything to the database and then calls this file as an include. Everything is there for full AVS authentication.

[unimatrix]

Also, all transactions to the first data global gateway has to be from an SSL connection (https) else it will be rejected and your server has to meet PCI compliance. If you use Cpanel or Plesk to connect to your account, chances are you aren't compliant. You'll get a phone call one of these days from Security Metrics to set up quarterly PCI scans. That's what the $79 yearly fee is for and then you'll have to fill out a questionnaire else face an extra $20 a month in PCI-Compliance costs.

If you're confused, just PM me and I can explain more in detail. I've spent more time in the last year learning about PCI and PA-DSS compliance than I ever wanted to know. Both as a developer and as a First Data Independent Sales Agent. Agent #119458.

[lesliekirk]

Thanks for the PHP file. I had been considering converting this site to use PHP instead of the PL. The site does have a secure cert in place.

As for the PCI Compliance, it's good to hear that someone is working with this free script to insure the PCI Compliance standards that will be implemented in June. I have kept my ear to ground about them for quite some time now regarding PCI Compliance. The primary ecommerce application that I work with is Miva Merchant and they started helping their users become aware of these standards over a year ago. As for this site owners server being compliant, I will pass the info along to them to check with their host to see if it offers any sort of scanning along with the hosting package.

Many thanks!
Leslie

[unimatrix]

Aren't you in luck. Attached is everything you'd need for either PHP or Perl. The next version of our infrastructure is moving from PHP to Perl.

[lesliekirk]

Many thanks, I will definitely play around with this.

Leslie

[Anastasiya]

I uploaded files from the fdapi-nopcart.zip folder and from the firstdata.php folder to the server. How I should link them correctly to the website? I tryed to include the firstdata.php file instead of the checkout.pl and it shows this error:
"Parse error: syntax error, unexpected T_VARIABLE in /homepages/7/d129256211/htdocs/JLisandra/firstdata.php on line 14"
May it be a type error somewhere in the line 14?
Also, I connected to the FirstData using connect settings and was unable to connect using API settings. May this cause the problem?
Thanks,

[unimatrix]

You need to edit firstdata.php. You'll need to change the pem file path and fill out your information, like your merchant account number. It will be the same number as the PEM file. It's either 6 or 10 digits depending on whether your on the Omaha or Nashville platform.

Constants will need to look like this:

Code: Select all

   # constants
   $myorder["host"]       = "secure.linkpt.net";
   $myorder["port"]       = "1129";
   $myorder["keyfile"]    = "../path/to/file.pem" # Change this to the name and location of your certificate file
   $myorder["configfile"] = '#########'; #replace this with your 6 or 10 digit merchant id number. 
# form data
   $myorder["cardnumber"]    = $myCCNUMBER;
   $myorder["cardexpmonth"]  = $myExpMonth;
   $myorder["cardexpyear"]   = $myExpYear;
   $myorder["cvmindicator"]  = "provided";
   $myorder["cvmvalue"]      = $myCVN;
   $myorder["subtotal"]        = $dbSubTotal;
   $myorder["tax"]           = $dbTax;
   $myorder["shipping"]      = $dbDelivery;
   $myorder["chargetotal"]   = $dbTotal;
   $myorder["ordertype"]     = 'SALE'; # This needs to be set to SALE. 
    $myorder["debugging"]   = "false";