10 Replies - 663 Views - Last Post: 22 June 2009 - 07:56 AM

#1 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,604
  • Joined: 20-January 09

SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 12:25 PM

Hey Guys,

I have always used Pay Pal for its ease of use, but living in a dynamic world I have a question before I begin. I need to collect information from the client, then when they click on the purchase button (basically they will be registering for a permit) their cc is charged. Is there a simple shopping cart solution out there to work easily with PHP so that I can store their data in a database as well as make a purchase?

--

Greg

Is This A Good Question/Topic? 0
  • +

Replies To: SIMPLE PURCHASING SOLUTION?

#2 CamoDeveloper  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 20
  • View blog
  • Posts: 250
  • Joined: 12-June 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 01:17 PM

There are services out there that do the charging for you. Our company uses Authorize.NET and alot of our clients use 2Co. Most of them come with an API that you can use from behind the scenes and sends a response back that you can use to handle. I'm pretty sure Authorize.NET has a PHP code. You will also have to make sure you have an SSL certificate so people know they are entering their information securely.

~Camo
Was This Post Helpful? 0
  • +
  • -

#3 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,604
  • Joined: 20-January 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 02:02 PM

Thanks. Yeah - I knew about the SSL - and what not - I just didn't know how to make the connection.

--

Greg

This post has been edited by gregwhitworth: 18 June 2009 - 02:16 PM

Was This Post Helpful? 0
  • +
  • -

#4 CamoDeveloper  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 20
  • View blog
  • Posts: 250
  • Joined: 12-June 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 03:55 PM

Connection for what? The SSL or the purchasing?

~Camo
Was This Post Helpful? 0
  • +
  • -

#5 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,604
  • Joined: 20-January 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 07:15 PM

The connection to someone that knew whether or not the information given was correct and valid, so purchasing.

--

Greg
Was This Post Helpful? 0
  • +
  • -

#6 no2pencil  Icon User is online

  • Toubabo Koomi
  • member icon

Reputation: 5182
  • View blog
  • Posts: 26,890
  • Joined: 10-May 07

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 07:25 PM

You can use the PayPal API for a shopping cart.

The xlick value would be _cart rather than... whatever it normally is.

** Edit **

It's normally _xclick, & the shopping cart stuff can be referenced here

Hrm... I suppose this information really isn't answering your question. So I will follow up with two more questions :

1.) How do you intend to pre-charge the customer?
2.) Why would you even think about storing credit card files on your database?!

For security sake, I wouldn't store credit cards ... anywhere. I would mod 10 & make sure that it's a valid number, & then pass it off to PayPal.
Was This Post Helpful? 0
  • +
  • -

#7 CamoDeveloper  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 20
  • View blog
  • Posts: 250
  • Joined: 12-June 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 08:34 PM

View Postno2pencil, on 18 Jun, 2009 - 06:25 PM, said:

2.) Why would you even think about storing credit card files on your database?!

For security sake, I wouldn't store credit cards ... anywhere. I would mod 10 & make sure that it's a valid number, & then pass it off to PayPal.

It's not as bad as you think. If you do it correctly storing Credit Card numbers isn't bad. If you have an SSL connection and then encrypt the card number before storing the number it, you're set. Then, if you ever need the number, use another SSL connection and decrypt it. I would recommend writing your own encryption function.

As for your question, you're going to need to us an API.

~Camo
Was This Post Helpful? 0
  • +
  • -

#8 no2pencil  Icon User is online

  • Toubabo Koomi
  • member icon

Reputation: 5182
  • View blog
  • Posts: 26,890
  • Joined: 10-May 07

Re: SIMPLE PURCHASING SOLUTION?

Posted 18 June 2009 - 08:46 PM

View PostCamoDeveloper, on 18 Jun, 2009 - 09:34 PM, said:

I would recommend writing your own encryption function.

Wow. Now I advice against storing the values into the database in the 1st place, but on top of that you are even suggesting writing your own encryption function? There are guidelines that a business must adhere by in order to accept credit cards. I'm pretty sure that my own (or anyone's own) encryption doesn't match those requirements, especially when there is pre-existing encryption that fit the bill.

& what does a websites SSL have to do with a Database? The SSL only protects the transfer of the data.

I strongly suggest that if you are going to write software that accepts credit cards, to have a look over the PCI security standards, or use PayPal.

If you choose not to follow the standards & your database, or credit card jackpot as it will become, finds itself compromised, then you had better be prepared for a major lawsuit from the credit card companies, of whom customers accounts were compromised. If you ask me, PayPal's 2% is so very worth it's weight in gold, just so I don't have worry over any of that security stuff. Send them to PayPal, check the API for success, & I'm done!
Was This Post Helpful? 0
  • +
  • -

#9 CamoDeveloper  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 20
  • View blog
  • Posts: 250
  • Joined: 12-June 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 19 June 2009 - 12:04 AM

View Postno2pencil, on 18 Jun, 2009 - 07:46 PM, said:

View PostCamoDeveloper, on 18 Jun, 2009 - 09:34 PM, said:

I would recommend writing your own encryption function.

Wow. Now I advice against storing the values into the database in the 1st place, but on top of that you are even suggesting writing your own encryption function? There are guidelines that a business must adhere by in order to accept credit cards. I'm pretty sure that my own (or anyone's own) encryption doesn't match those requirements, especially when there is pre-existing encryption that fit the bill.

& what does a websites SSL have to do with a Database? The SSL only protects the transfer of the data.

I strongly suggest that if you are going to write software that accepts credit cards, to have a look over the PCI security standards, or use PayPal.

If you choose not to follow the standards & your database, or credit card jackpot as it will become, finds itself compromised, then you had better be prepared for a major lawsuit from the credit card companies, of whom customers accounts were compromised. If you ask me, PayPal's 2% is so very worth it's weight in gold, just so I don't have worry over any of that security stuff. Send them to PayPal, check the API for success, & I'm done!

You're right, when I said write your own encryption, I was thinking about our Toolkit we have written that utilizes the System.Security.Cryptography. It's just modified, my mistake on the choice of words.

As for the SSL, I'm assuming that he is using a website to do this since it is in the Web Development section. So, with working with personal data (CC#'s, SSN's, etc) on a website, SSL is a must especially if you don't want the information being hijacked as it's being sent or received. Using SSL while encrypting and decrypting personal data just ensures a level of security.

Also, we do follow the standards as it is our business and we wouldn't want to risk our clients business' nor our own. You don't know how our business is run so please don't say what the outcome of our business will be.

As I stated earlier, Authorize.NET has a great API that is very easy to setup (I just set up three client sites to use it this week) I haven't worked with the API from PayPal but I'm sure it's just as simple.

~Camo
Was This Post Helpful? 0
  • +
  • -

#10 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,604
  • Joined: 20-January 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 19 June 2009 - 10:58 AM

Wow. Take the subject and run you two. Interesting reading although. No - I don't intend on storing the credit card information. I wanted to store everything else but what would be on the card.

I just want when the user clicks the button it sends a request, the merchant checks to see if the information checks out and the amount of money is in the account, then sends back an ok - I then take that 'ok' and update the database with a code so that they continue to be able to log in or something. Basically a yearly subscription.

That's all. Nothing more.

--

Greg
Was This Post Helpful? 0
  • +
  • -

#11 RudiVisser  Icon User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1002
  • View blog
  • Posts: 3,562
  • Joined: 05-June 09

Re: SIMPLE PURCHASING SOLUTION?

Posted 22 June 2009 - 07:56 AM

Greg, our top selling product does exactly what you want.

http://www.mageuk.co...integration.php

Protx / Sage Pay is basically the credit card processor, our class makes development with it extremely easy. So easy infact that today I had a customer call up wondering if it was actually working because he was always getting successful transactions and copied the example code exactly whilst changing the vendor specifics.

If you want I can help you out with any aspect of online payment. It's what I (and my other developer) do best, take a look at a sneak peak of our online store too :D
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1