Forum Moderators: buckworks
I have a customer that provides seminors for physicians. I am currently redesigning their site. They want for physicians to be able to send their information and payment through the site. The way they have it now concerns me, because they have it done in a basic form, which does not secure the credit card information. I am confused as to how to go about this. Can anyone here recommend any ideas on how to go about this? I'm an amateur, so I really need some help.
Thanks.
Or I have also created a standard form without the payment info then used a backend cart like Mals E-Commerce to take the results of the form. Mals lets you post directly to the payments page so that the buyer just gets asked for there credit card info on the secure site to complete the purchase. It is quick and easy if you have experience configuring the third party cart and the client doesn't have SSL on their site. The first is a more professional look though.
First you'll need an SSL certificate for their domain. It should be installed on the web server. If their hosting doesn't have their own dedicated IP address, they'll need to upgrade their hosting to an account that does since you can only have an SSL certificate per IP address - it won't work with a shared IP type of account. The host will have information about this.
Second: are they sending this information via e-mail? That's not secure at all, e-mail is plain text, you probably don't want to send a credit card or other sensitive info that way. :)
As to whether you need a cart - it might make sense: a cart would include functions to generate receipts, do the credit card processing securely, and keep a record of the transactions... There's many choices that are good, your choice will depend on your level of comfort in installing scripts...
Hope this helps.
LisaB
How can I just add the SSL to that one page where the form is placed?
Link to the form page with https:// and make sure the form is posting to the https:// as well - make all the other links in the site regular http:// - unless the host has something odd - that should do it.
LisaB
Currently they have a form requesting the physcian's name, address, email, etc. Then they have a choice listed which are two different seminards (two different prices) After that it requests the form of payment and is requesting the card number. I told them that the way they were doing it was not safe.
I need to find an easy configurable cart and if it's free even better. I think their server has one, but just looking at it, confuses the heck out of me.
So with the info I just provided, you think a cart is a better solution?
When I go into the control panel and enable the SSL it only gives me the choice for the domain name. It doesn't allow me to enter a specific page.
LisaB
So adding a form and making sure the SSL is installed would be a good way to go?
But where does the form go? If it still goes to an e-mail the SSL on the page doesn't secure the e-mail at all.
Either you need a script on the server side to capture that data, like RedWolf suggested or you need a cart script to do it for you.
hen a viewer visits any page, they will get that certificate pop up
They shouldn't get a certificate pop-up at all, if the SSL is installed correctly, they should just get the little lock icon in the browser. Does the SSL certificate match the domain name - www.yourdomain.com or is it issued to the hosting company - *.hostingcompany.com?
If it's to the hosting company, you'll get a warning unless you use something [youraccount.hostingcompany.com...] - (the hosting company should have instructions re: this) and that means you do not have your own SSL certificate.
LisaB
