[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] Credit card LUHN checking - why we don't want it

To: interchange-users@developer.akopia.com
Subject: Re: [ic] Credit card LUHN checking - why we don't want it
From: Mark Johnson <markj@redhat.com>
Date: Fri Jul 6 09:08:02 2001
List-Archive: <http://lists.akopia.com/pipermail/interchange-users/>
List-Help: <mailto:interchange-users-request@lists.akopia.com?subject=help>
List-Id: Interchange Users (high volume) <interchange-users.lists.akopia.com>
List-Post: <mailto:interchange-users@lists.akopia.com>
List-Subscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=subscribe>
List-Unsubscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=unsubscribe>
Organization: Red Hat E-Business Solutions
References: <EOECKKLFPDFEBABJPEHJGEDCCOAA.martin@trymedia.com>
Reply-To: interchange-users@lists.akopia.com
Sender: interchange-users-admin@lists.akopia.com

For all the concerns about form variables: make a list of all the form
vars you do not want a client to be able to manipulate, and add them to
the FormIgnore directive in catalog.cfg.

FormIgnore  mv_credit_card_force mv_payment_mode mv_whatever_else

If all the same values are going to be set in stone, you can add them at
start-up with

ValuesDefault  mv_credit_card_force  1
ValuesDefault  mv_payment_mode      charge
..

If you have vars that you want to change but not allow users to
manipulate, you will have to set them programmatically.

Javier Martin wrote:
> 
> Steffen Dettmer said:
> 
> > * Mike Heins wrote on Thu, Jul 05, 2001 at 16:45 -0400:
> > > Quoting Martin Dabb (jmdabb@paradise.net.nz):
> > > > LUHN checking doesn't work for cards from all countries, including New
> > > > Zealand where my client's business is - hence I''ll need to
> > find a way to
> > > > turn it off.
> > >
> > > That is easy enough - set
> > >
> > >     <INPUT TYPE=hidden NAME=mv_credit_card_force VALUE=1>
> > >
> > > which forces the LUHN-10 check good.
> >
> > Huh? The Shop trusts the browser?! Why that? Are there other such
> > things? Is there a field called mv_price_check_disable or
> > similar? I cannot understand how a database driven system could
> > be confiugrable and fakeable by some client/browser? Or did I
> > missed something?
> 
> This is a good question.
> 
> Place an
> 
>   <input type=hidden name=mv_payment_mode value="CREDIT">
> 
> in the checkout page of some interchange storefront that uses the
> 'authorizenet' module as it comes out-of-box, and you'll be credited instead
> of charged!! (unless I'm also missing something).
> 
> Javier
> 
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users

-- 
Mark Johnson
Senior Systems Architect - Professional Services
Red Hat, Inc.
E-Business Solutions
markj@redhat.com
703-456-2912

Follow-Ups:
- Re: [ic] Credit card LUHN checking - why we don't want it
  - From: "Zack Johnson" <zack@office.standardprinting.net>

References:
- RE: [ic] Credit card LUHN checking - why we don't want it
  - From: "Javier Martin" <martin@trymedia.com>

Prev by Date: [ic] mysql conection problem
Next by Date: Re: [ic] Submit [total-cost]
Prev by thread: RE: [ic] Credit card LUHN checking - why we don't want it
Next by thread: Re: [ic] Credit card LUHN checking - why we don't want it
Index(es):
- Date
- Thread