the customer chooses to use the insecure form option, they are routed
to the form order page (defined by the COform variable in
the settings file) so they can enter their credit card information
and finalize/submit their order.
It is interesting to note that the insecure form order page can
not only post data to an email handling form, but to any script
that can handle a form post. The possibilities for back-end scripting
is virtually endless! To get an idea of the many kinds of scripts
that can be utilized, check out the CGI
Resource Index. We suggest that you experiment with different
scripts as a back-end to the NebuCart system. If you find a nice
script that can be used as another back-end, please let
In the NC_settings file, there are several variables
geared specifically towards form posting. The following info should
help you get your form order working quickly.
Set the unsecurePostAction variable to a valid URL
of a script that can handle a form post. NebuCart
comes configured to post data to the Matt's
Script Archive script, formmail.cgi since it is so widely
used (and probably already installed on your account!). If
you point to your installation of the script, you should be able
to submit orders via email. A good example is:
variable is an array that can hold any fields that may be required
by your script to operate. For instance, formmail.cgi requires the
fields recipient, subject, redirect, and return_link_title
in order to function properly. Since the NC_buildform.js
script is built to create generalized forms, it's better to leave
specialized, non cart related form fields out of the script and
add them when the time comes.
When the buildform.js file is executed, it creates the form tag
with the action equal to the value of unsecurePostAction,
then immediately writes all the tags in the extraFormTags array.
After that, it creates all the form tags relavent to the NebuCart
system. An example of a formmail.cgi specific extraFromTags
array is below:
= new Array(
'<input type="hidden" name="recipient" value="firstname.lastname@example.org">',
'<input type="hidden" name="subject" value="YourStore Sample
'<input type="hidden" name="redirect" value="http://www.yourdomain.com/thanks.html">',
'<input type="hidden" name="return_link_title" value="Back to
If your script doesn't require any special tags, then you can leave
this array empty and no extra tags will get rendered.
This is the last of the form order specific fields. the variable
cgiMailField holds the name of the field that form handling
script uses as the recipient of the emailed order, you.
Form handling scripts can email a form to more than one person if
the recipient field contains more than one email address. cgiMailField
is used by the NC_buildform script to insert the customer's
email address into that field so that they can receive a copy of
The formmail.cgi script uses a field called recipient from
which to harvest the target email address. So the proper use of
cgiMailField in this case would be:
var cgiMailField =
Of course, if you're using a different back-end, won't be copying
the customer on the email, or are using gateway processing, you
can set cgiMailField = ''
Once you've configured your settings for form posting to your particular
script, the form order page will handle passing the order information
to your script. Below is the basic code for a form order page:
<!-- include the NebuCart Settings -->
<!-- include the NebuCart Engine -->
<!-- include the NebuCart Formatting Functions-->
include the Form Builder script-->
include the Customer Information script-->
include the Cart View script-->
include the Credit Card Entry script-->
The NC_buildform script, as mentioned before, handles the
creation of all the hiden form fields that will be used to send
all the order information - ordered items, options, quantities,
etc, customer shipping/billing info, and of course the credit card
data, to your form handling script.
The scripts NC_buildcustomer
and NC_viewcart are simply used to display
all the final information and cart totals to the customer for verifictaion.
NC_buildcredit actually handles creating the Card Type radio
button set as defined by cardOption variable, as well as
the input fields for Name on Card, Card Number, and Expiration Date.
It also renders the button for submitting the order to your script
should the card info be entered correctly.
We can't stress enough the sensitivity that people have over giving
their credit information over the web, even when the connection
is secure. You really should think about that full version...