[pmwiki-users] WikiSh Shopping Cart recipe
marcus
prima at wordit.com
Wed Apr 16 12:40:45 CDT 2008
Success! The WikiSh shop code is working. The redirects both work now.
Forms and order page are correct. Thanks Peter, great work. WikiSh
achieves a lot with a small amount of code.
I still have to solve my "auth admin" write access problem. We can track
that issue in a separate post, it may be my set up or a pmwiki/WikiSh
security thing.
One minor gotcha. Make sure there is no blank line in Shop.Items or you
get a blank extra field which duplicates the last actual field, and
could cause a miscalculation of the total in Shop.Order. Maybe we should
use a termination line such as "%%", just to prevent this going
unnoticed by an admin, and causing price over-calculation and abandoned
orders?
Back to the design. I will work on shipping and payment gateways once we
have the basics figured out. There are two things still needed for a
basic order page.
- Sessions for each order, as we began discussing. However, that is
linked to another design feature...saving orders.
- Order storage, editing, status tracking, invoices
I've been wrestling with whether it is necessary to store each order
because after all you could just use the data the payment processor
provides. You could scrape by with that if you only sell single fixed
price items without variables or accessories.
However, that doesn't allow for editing orders, which happens when
customers change an order. (Say they upgrade from 512MB to 1GB when
purchasing RAM, or an item is not in stock.) You cannot create custom
invoices, and the data format (CSV records) is different for each
payment processor. AND, you cannot offer bank transfers which are
becoming more popular and cost less.
So I think any but the simplest and smallest shop needs to record
orders. That requires.
The easy part:
- Storing order info
- Storing customer delivery info (The two are linked by a customer
number or email address)
The tricky part:
- Needs to be unique per order and customer
- Customer info should be encrypted
> I could create capability of having all files in a certain group
> (i.e., "Session.PageA") be created as virtual pages saved in your session.
> Would either of those be of interest? I would think much better from a
> security perspective...
>
I would say whatever is most secure. This is the only sensitive area. I
think customer details should be encrypted. I would not store credit
card details, since the payment processors (Paypal etc) take care of
that, but we don't want addresses and phone numbers being cracked.
I intend on making all pages write protected on the file system side,
except for the orders section. So the orders should be encrypted. I
experienced some nasty break-ins recently, on my hosting. They linked to
an EXE file, so Google flagged my site as potentially harmful. It takes
a week each time for them to review the site after you've cleaned it.
Hence, site security is definitely top priority now.
Marcus
More information about the pmwiki-users
mailing list