search

wp-e-commerce / WP-e-Commerce

WP eCommerce - The most popular independent eCommerce platform for WordPress
https://wpecommerce.org
GNU General Public License v2.0
216 stars 216 forks source link

Credit card merchants validation #321

Open mihaijoldis opened 11 years ago

mihaijoldis commented 11 years ago

Hey guys. This is more of a questions.

Are there any functions that can be used to validate Credit card fields for gateways that capture the card info on the website directly ? like linkpoint, paypal express(i think). I saw something in checkout.class.php but not sure what and how to use them

wpsc_the_checkout_CC_validation wpsc_the_checkout_CC_validation_class

etc..

mihaijoldis commented 11 years ago

Another issue is if the fields are left empty and page sent it just refreshes and no valdation messages that the card info fields are empty.

Problem is the data is not "sent" to the gateway at all i tested..it just refreshes the page

mihaijoldis commented 11 years ago

I really do suggest we removed all the "credit card" validations from the core of WPEC. For example at the moment i cant build any kind of validation into payment gateways because the core validations of wpec are "used" first and those fail because the checkout forms for credit cards are different for each gateway than the core fields set in wpc. It is an issue right now that i see many posts on forums asking for card validations

leewillis77 commented 11 years ago

I'm a bit confused about this - my Paymill gateway works just fine without tripping on anything in core - can you explain the exact issue?

mihaijoldis commented 11 years ago

Well for example with gold cart plugin enabled, trying to checkout and leaving the credit card fields blank it returns to the checkout page with no error message at all

mihaijoldis commented 11 years ago

I did some debugging and even if i add field validations to the linkpoint file the core wpec bypasses that

leewillis77 commented 11 years ago

If your gateway needs different validation, then you shouldn't be using core's fields - create and add your own by adding them to $gateway_checkout_form_fields ?

JustinSainton commented 11 years ago

Marking this for 3.8.12. Not so much for the original post (as @leewillis77's suggestions are valid) - but more to consider how and where we handle validation at all. I would argue that the checkout class and validate_forms() isn't the right place to do it.

JustinSainton commented 11 years ago

Punting for 3.9 and assigning to @garyc40. I think he may have some time to work on the Payment Gateway API for that, and this will fit in nicely.

mihaijoldis commented 11 years ago

Ok so i just bumped in the same issue again. all the gateways i tested withing gold cart package that take card data on the checkout page have the same issue if the field is left blank. page is just reloading and its not sending to the gateway file..

i tested on the linkpoint gateway. by removing the following lines from function validate_forms() inside checkout.class.php will solve the issue since there will be no more card field validations upon the submit of the form

        // Credit Card Number Validation for PayPal Pro and maybe others soon
        if ( isset( $_POST['card_number'] ) ) {
            //should do some php CC validation here~
        } else {
            $wpsc_gateway_error_messages['card_number'] = '';
        }
        if ( isset( $_POST['card_number1'] ) && isset( $_POST['card_number2'] ) && isset( $_POST['card_number3'] ) && isset( $_POST['card_number4'] ) ) {
            if ( $_POST['card_number1'] != '' && $_POST['card_number2'] != '' && $_POST['card_number3'] != '' && $_POST['card_number4'] != '' && is_numeric( $_POST['card_number1'] ) && is_numeric( $_POST['card_number2'] ) && is_numeric( $_POST['card_number3'] ) && is_numeric( $_POST['card_number4'] ) ) {
                $wpsc_gateway_error_messages['card_number'] = '';
            } else {

                $any_bad_inputs = true;
                $bad_input = true;
                $wpsc_gateway_error_messages['card_number'] = __( 'Please enter a valid card number.', 'wpsc' );
                $wpsc_customer_checkout_details['card_number'] = '';
            }
        }
        if ( isset( $_POST['expiry'] ) ) {
            if ( !empty($_POST['expiry']['month']) && !empty($_POST['expiry']['month']) && is_numeric( $_POST['expiry']['month'] ) && is_numeric( $_POST['expiry']['year'] ) ) {
                $wpsc_gateway_error_messages['expdate'] = '';
            } else {
                $any_bad_inputs = true;
                $bad_input = true;
                $wpsc_gateway_error_messages['expdate'] = __( 'Please enter a valid expiry date.', 'wpsc' );
                $wpsc_customer_checkout_details['expdate'] = '';
            }
        }
        if ( isset( $_POST['card_code'] ) ) {
            if ( empty($_POST['card_code']) || (!is_numeric( $_POST['card_code'] )) ) {
                $any_bad_inputs = true;
                $bad_input = true;
                $wpsc_gateway_error_messages['card_code'] = __( 'Please enter a valid CVV.', 'wpsc' );
                $wpsc_customer_checkout_details['card_code'] = '';
            } else {
                $wpsc_gateway_error_messages['card_code'] = '';
            }
        }
        if ( isset( $_POST['cctype'] ) ) {
            if ( $_POST['cctype'] == '' ) {
                $any_bad_inputs = true;
                $bad_input = true;
                $wpsc_gateway_error_messages['cctype'] = __( 'Please enter a valid CVV.', 'wpsc' );
                $wpsc_customer_checkout_details['cctype'] = '';
            } else {
                $wpsc_gateway_error_messages['cctype'] = '';
            }
        }

issue is i can "alter the core" of a store to remove this code and add proper card field validation to the card fields but i`m worried that it will stop working once we release a new version