Forum Moderators: buckworks
First post so hello all :)
Wondering if anyone can offer some help on a simple form ive done.
We are currently in the process of building a shopping cart that goes to Worldpay, and have temporarily done a form in a secure area that will just submit the details to us and we can manually put the card number in a PDQ machine.
The form updates a database with the info submitted and sends an email to us telling us a new sale has gone through and to the user saying their order is successful.
What i want to do though, is just use some simple validation to make sure the card info they put in is right, such as expiry date being after the start, right card number etc.
Ive looked round for something like this on the web and cant really find something that is tailored to what we need.
I need to validate the following cards:
Visa
Switch
Solo
Mastercard
Visa Electron
JCB
Can anyone help at all with this?
Thanks in advance
Ash
Thanks for the reply, ive since be warned off doing this as the database wouldnt be secure on the server. I spoke to our isp and they said that the only way of accessing it would be through ftp.
Has anyone else done anything similar to this as I need a solution quick!
Im currently configuring worldpay but I dont think that it will be ready in time for when the want the site to launch so ive got to have something else to fall back on.
Thanks
Ash
edit > Oh, and welcome to webmasterworld :)
Can anyone offer any advice on how to set this up, unfortunately im not really a coder and have done all the database stuff using DreamweaverMX.
All we need is to just submit the form to worldpay as there is only 1 item that we are selling.
However, we need to send some further customer information with this and then once the payment has been done request it back and then store the info in a database.
Worldpay have unfortunately been pretty useless in helping out as they just speak to us like we know what we are doing even though we are speaking to tech support in the first place.
Im starting to get worried now, can anyone help? The secure server thing we did first of all actually works by the way, ive just had conflicting advice as to how secure this is and that we could get creamed for doing it if someone accessed the info and nicked the card numbers.
Storing the data in a database is only "secure" if it's encrypted in the database. Otherwise, any hacker who gets into your web site will have a nice database chock full of card numbers and names.
If you can get data into the database via a web page, you can write a web page to pull the data back out and show it to you (i.e., a "backoffice" web site for your administrative tasks).
But if all this sounds too confusing and complicated, you probably shouldn't be trying to do it yourself. Consider one of the third-party shopping cart solutions. Possibly even Miva Merchant, though it's not free.
The credit card validation part is pretty easy - you want to do an LUHN-10 checksum on the card number; search the web and you'll find lots of routines for doing that.
when the user submits the card info just goes straight into a db. how would i go about encrypting the info before it goes into a db?
when the user submits the card info just goes straight into a db. how would i go about encrypting the info before it goes into a db?
Not sure what type of WorldPay account you have, but with Select Junior there is a callback facility that will return the order details to a specified URL (usually on your own server) via http or https requests. Search through the WorldPay KnowledgeBase for 'payment response'.
However, if like me you are not a programmer then you really should get expert help on this. WorldPay will not do it for you. I used elance to find a good (reasonable cost) programmer who also warrantied his work. Good luck!
We have decided its best like said here, to outsource the shopping cart bit and then ill try and learn how to make one in the background as im more a web/flash designer at the moment. Still getting my head round doing the programming stuff :p
