Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Is the credit card number parsed? Does not give an error

Is the credit card number parsed? Does not give an error 17 years 5 months ago #138

  • conticreative
  • conticreative's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
  • Posts: 20
  • Thank you received: 0
I am testing DtDonate and when I try to trigger the javascript validation I now get all the proper alerts. However, when I am asked for a credit card number I can enter any gibberish I want and it will still process it (after entering gibberish for the expiration date) and it will not ask me to enter any 3 or 4 digit validation code at all. When I submit the donation in this manner, instead of an error I get a blank page. The behavior should be as follows: Missing CVV - should produce an alert If the card is not valid, load an error message (or alert) on the same page without deleting entered data If the card does not clear Authorize.net, produce error message with custom alert. A blank page is not very helpful and users are very likely to miss a number in transcribing their credit card number, CVV or expiration. The CVV in addition should be in the form of a preformatted select box. Is there a way to produce an error message if the transaction fails? I tried to insert one in the php code but it showed up in the regular page so I took it out.

Please Log in or Create an account to join the conversation.

Is the credit card number parsed? Does not give an error 17 years 3 months ago #139

  • alanmoor
  • alanmoor's Avatar
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 1
  • Thank you received: 0
Looking in the code, no, there's nothing. This component is pretty much a hack. It works, but is not in the least what any self-respecting software engineer would call production ready. Looks like it was written by a couple high school students on a weekend. Then again, I was stupid enough to pay $20 for it, so who's the bigger fool? I'm going to take what they started and finish it. Make it sql injection safe (it is not even close - try entering a comment with a single quote in it and watch it crash ;) ). Do proper validation on the backend, not just in javascript. Turn off javascript and you can put whatever you want in the fields, or nothing at all. I'm also going to tie it in to my community builder fields so my users don't have to enter data twice. Done venting. Back to work. Cheers all.

Please Log in or Create an account to join the conversation.

Is the credit card number parsed? Does not give an error 17 years 3 months ago #140

  • dthadmin
  • dthadmin's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 5470
  • Thank you received: 3
Thank you for your "constructive criticism" (not so much). Yes, the code is a mess which is why it is being completely rewritten for the new release. The new release will be within a couple of days and will be multiple times better than the existing component.

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Time to create page: 0.225 seconds