Copyright
Support
TroubleShooting
Cart Files
Cart Structure
Configuration
Catalog Pages
Cart Page
Checkout Page
Insecure Order

Back
Home

Insecure Form Order
When the customer chooses to use the insecure form option, they are routed to the form order page (defined by the COform variable in the settings file) so they can enter their credit card information and finalize/submit their order.

It is interesting to note that the insecure form order page can not only post data to an email handling form, but to any script that can handle a form post. The possibilities for back-end scripting is virtually endless! To get an idea of the many kinds of scripts that can be utilized, check out the CGI Resource Index. We suggest that you experiment with different scripts as a back-end to the NebuCart system. If you find a nice script that can be used as another back-end, please let us know!

Configuration Notes
In the NC_settings file, there are several variables geared specifically towards form posting. The following info should help you get your form order working quickly.

unsecurePostAction
Set the unsecurePostAction variable to a valid URL of a script that can handle a form post. NebuCart comes configured to post data to the Matt's Script Archive script, formmail.cgi since it is so widely used (and probably already installed on your account!). If you point to your installation of the script, you should be able to submit orders via email. A good example is:

var unsecurePostAction = 'http://www.yourdomain.com/cgi-bin/formmail.cgi';

extraFormTags
This variable is an array that can hold any fields that may be required by your script to operate. For instance, formmail.cgi requires the fields recipient, subject, redirect, and return_link_title in order to function properly. Since the NC_buildform.js script is built to create generalized forms, it's better to leave specialized, non cart related form fields out of the script and add them when the time comes.

When the buildform.js file is executed, it creates the form tag with the action equal to the value of unsecurePostAction, then immediately writes all the tags in the extraFormTags array. After that, it creates all the form tags relavent to the NebuCart system. An example of a formmail.cgi specific extraFromTags array is below:

var extraFormTags = new Array(
'<input type="hidden" name="recipient" value="sales@yourdomain.com">',
'<input type="hidden" name="subject" value="YourStore Sample Order">',
'<input type="hidden" name="redirect" value="http://www.yourdomain.com/thanks.html">',
'<input type="hidden" name="return_link_title" value="Back to YourStore.com">
' );

If your script doesn't require any special tags, then you can leave this array empty and no extra tags will get rendered.

cgiMailField
This is the last of the form order specific fields. the variable cgiMailField holds the name of the field that form handling script uses as the recipient of the emailed order, you.

Form handling scripts can email a form to more than one person if the recipient field contains more than one email address. cgiMailField is used by the NC_buildform script to insert the customer's email address into that field so that they can receive a copy of their order.

The formmail.cgi script uses a field called recipient from which to harvest the target email address. So the proper use of cgiMailField in this case would be:

var cgiMailField = 'recipient';

Of course, if you're using a different back-end, won't be copying the customer on the email, or are using gateway processing, you can set cgiMailField = ''

Form Order Page
Once you've configured your settings for form posting to your particular script, the form order page will handle passing the order information to your script. Below is the basic code for a form order page:

<HTML>
<HEAD>
<!-- include the NebuCart Settings -->
<script language=javascript src="path/to/js_files/NC_settings.js">

<!-- include the NebuCart Engine -->
<script language=javascript src="path/to/Js_files/NebuCart.js">

<!-- include the NebuCart Formatting Functions-->
<script language=javascript src="path/to/Js_files/NC_formatting.js">
</HEAD>

<BODY>

<!-- include the Form Builder script-->
<script language=javascript src="path/to/Js_files/NC_buildform.js">

<!-- include the Customer Information script-->
<script language=javascript src="path/to/Js_files/NC_buildcustomer.js">

<!-- include the Cart View script-->
<script language=javascript src="path/to/Js_files/NC_viewcart.js">

<!-- include the Credit Card Entry script-->
<script language=javascript src="path/to/Js_files/NC_buildcredit.js">
</BODY>
</HTML>

The NC_buildform script, as mentioned before, handles the creation of all the hiden form fields that will be used to send all the order information - ordered items, options, quantities, etc, customer shipping/billing info, and of course the credit card data, to your form handling script.

The scripts NC_buildcustomer and NC_viewcart are simply used to display all the final information and cart totals to the customer for verifictaion.

NC_buildcredit actually handles creating the Card Type radio button set as defined by cardOption variable, as well as the input fields for Name on Card, Card Number, and Expiration Date. It also renders the button for submitting the order to your script should the card info be entered correctly.

Security, AGAIN
We can't stress enough the sensitivity that people have over giving their credit information over the web, even when the connection is secure. You really should think about that full version...

Printable Form
Insecure Form
Insecure Gateway
Back
Main