home  ECOMMERCE NETSHOP  : VII Ordering 

netShop
VII . Ordering

Once they've browsed the products in your catalog pages and selected and reviewed the products they want to order, your customers will be taken to your order form. Only one page is used to create this order form, but depending on how you choose to collect your orders, there may be other pages involved with this process.

This document will cover the structure of the netShop's order form and the default method of posting and collecting orders as well as how to incorporate Secure Sockets Layer (SSL) for the encryption of your customer's sensitive information.

This document also briefly touches on the use of third-party credit card verification and/or processing services. But, as there are many services available for this purpose, it's difficult to provide an encompassing guide to incorporating these services into your netShop.

Order Form Page Structure

Examining the source of order.shtml, you see that the page is nothing but a standard form page:

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<html>
<head>
<title>order.shtml - Product ordering page for netShop.</title>
</head>
<body>
<h1>Please enter your Order Information</h1>
<form action="save-file.cgi?mycart" method="post">
Your Name: <input type="text" name="Name"><br>
Email: <input type="text" name="Email"><br>
Mailing Address: <input type="text" name="MailingAddress"><br>
City: <input type="text" name="City"><br>
State: <input type="text" size="4" name="State"><br>
Postal/Zip Code: <input type="text" name="Zip/PostalCode"><br>
Country: <input type="text" name="Country"><br>
Payment Type:<br> 
<select name="PaymentMethod">
<option value="Check/MO">Check/Money Order
<option value="COD">COD
<option value="CreditCard">Credit Card
</select><br>
Card Type:<br>
<select name="CardType">
<option value="AmericanExpress">American Express
<option value="Discover">Discover
<option value="MasterCard">Mastercard
<option value="Visa">Visa
</select><br>
Name on Card: <input type="text" name="CardName"><br>
Account Number: <input type="text" name="CardNumber"><br>
Card Expiration: <input type="text" name="CardExpiration"><br>
<p>center><input type="submit" value="Order"> or <input type="reset" value="Reset Form"></center></p>
</form>
</body>
</html>

Although it contains only a minimal set of fields for collecting your customer's information, this page can be modified however you see fit.

The Default Order Process - save-file.cgi

When installed, the default order form uses a Perl script, save-file.cgi, to post the information gathered from your customer into a directory on your server. Before it's first use however, this script requires you to set a few variables and create the directory you want the orders to be stored in. When you create this directory it should be given 700 permissions. These permissions allow only the owner of the directory (you) the ability to read, write and execute the directory's contents. If your directory does not have the correct permissions the script will display an error message and the order form will not submit correctly.

Configuring save-file.cgi

To edit the script, retrieve it from your account via FTP, make the changes listed below and upload the modified script, in ASCII format, to your server. You can also choose to edit this file directly on the server using an SSH client and Vi.

As for the variables that need to be set, these are all found within the first 43 lines of the script:

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/perl

require 'cart.pl';
use vars qw(	$config_order $config_thankyou $config_error
		$config_webmaster $config_email $config_wait);

# ATTN: configure these items here

# this is the orders directory; your home directory prefaces it.
# you MUST create this directory before using this script, it MUST
# have mode 0700 so that other users cannot see the contents.
$config_orders = '/orders';

# this is the "thankyou" page. users will be redirected to it after
# the order-file has been saved.
$config_thankyou = 'thankyou.shtml';

# this is a list of required fields. fill this with the fields you
# label as "required" on the order page
@config_required = qw(name email address city zip country payment);

# this is the "error" page. users will be redirected to it if there
# is an error submitting the form.
$config_error = 'error.shtml';

# this is the webmasters email address. this person will be contacted
# if there is a problem with this script
$config_webmaster = 'webmaster@_ENTER_YOUR_DOMAIN_.COM';

# this is the sales-email address. this person will be contacted when
# a new order is submitted. this is optional; by using an empty string
# you disable this feature.
$config_email = 'sales@_ENTER_YOUR_DOMAIN_.COM';

# this flag is optional; if you get a large number of orders, this flag
# can help you from getting bombarded with order notification emails.
# N is the number of hours (from the time the last order was received)
# to wait before sending an email. M is the number or orders that will
# override this. Example: $config_wait = [ 1, 3 ];
# waits 1 hour from when you received your last order or until you have
# 3 new orders before sending you any new email.
#
# simply fill out N and M, and remove the comment-mark ('#')
# to use this feature
#$config_wait = [ N, M ];

# ATTN: do not edit below this line

The first variable that needs to be set can be found on line 12. This variable, "config_orders", sets the location of the directory that will store your orders. As you can see, the directory set by default would reside in the root of your account.

The second variable that needs to be set, "config_thankyou", is on line 16. This variable allows to you set a page the customer will be redirected to after they've submitted your order form. You can use a relative path, i.e. /webshare/cart/thanks.html or a URL, i.e. http://YOUR-DOMAIN-NAME/PAGE.HTML.

The third variable, "config_required", which is found on line 20, allows you to specify required fields in your form. If these fields are not supplied, the form will not submit and the customer will be taken to a "form error" type page which you specify on line 24.

If you've specified the "config_required" variable on line 20, you should also specify an error page to let the customer know that they've made a mistake on the order form. This page is specified on line 24 and, like "config_thankyou", can either be in a relative path or in a URL.

The next two variables, on lines 28 and 33, are both email addresses. The variable "config_webmaster", on line 28, is the email address displayed on the pages the customer will see if this script is not configured properly. The variable "config_email", on line 33, is the email address that will receive notification if an order is received.

The final variable is optional and disabled by default. To enable this feature, simply remove the "#" (Perl's commenting character) fom the beginning of the line. The "config_wait" function of the script is meant to prevent busy netShop owners from getting too many order notification emails. You can set a time period (from the time the last order was received) which is represented by N, in which the cart will wait before dispatching another email. To ensure you don't fall behind in processing your orders, this time value can be overridden should get a certain number of orders, represented by M. Here's an example of this in use:

$config_wait = [ 1, 5 ];

With this configuration, you will not get another order notification email for 1 hour unless you receive an additional 5 orders.

Retrieving Your Orders

As discussed above, save-file.cgi stores your orders in a directory on your server. Because of the permissions associated with this directory, you cannot access it with a web browser. Instead, you can access your orders via FTP. You can also use a custom script to retrieve and process the orders if you wish.

SSL-enabled Order Process 

Even though the ordering process offered by the save-file.cgi is more secure than sending the orders via email, it is still not the best option for gathering your orders. To provide a better ordering process for your netShop, you should integrate the free SSL account you receive with your Internet Connection hosting account. SSL provides you not only with a secure method for collecting your customers information, but it also makes customers feel more at-ease when ordering from you.

Preparing your form to use SSL actually starts on the cart checkout page, checkout.shtml. To read about the modifications that need to be made to this page, please see the Setting Up For SSL section of the IC Tech. Ref. Document: netShop IV. Cart Checkout.

As for the changes that need to be made to your actual order form, the IC Tech. Ref. Document: Secure Sockets Layer (SSL) goes over much of the information you'll need. The only thing not covered in that document is how to include the contents of your customer's shopping cart in their order form. To do that, you need to create a new HTML file that will function as the list.html and list-checkout.html for main.shtml and checkout.shtml, respectively. This new file will be parsed by the cart.cgi and does not need to include any HTML page elements (<head>, <title>, <body> etc.). In it's simplest form, this file needs only to contain one line:

<input type="hidden" name ="{id} : {name}" value="QTY: {qty} Price: {price}">

The above is just an example and you can choose to modify it to omit or include more information for each product ordered. You can even choose to add formatting to this information and display it on order.shtml. Here's an example of that:

	<tr>
		<input type="hidden" name ="{id} : {name}" value="QTY: {qty} Price: {price}">
		<td>{qty}</td>
		<td>{name}</td>
		<td>{tags}</td>
		<td>{&format ".price" price}</td>
		<td>{&format ".price" total}</td>
	</tr>

To actually include this information in your order form, just add the following line to order.shtml:

<!--#exec cgi="cart.cgi?catalog-cart:mycart=NAME-OF-FILE.HTML" -->

It's not that important where this line appears as long as it's between your form tags. Here's some sample source for order.shtml using SSL encryption:

<html>
<head>
<title>order.shtml - Product ordering page for netShop.</title>
</head>
<body>
<h1>Please enter your Order Information</h1>
<form action="https://sslserver.com/submit/YourDomainName"" method="post">
<input type="hidden" name="_subject" value="Order Form">
<input type="hidden" name="_success" value="https://sslserver.com/YourDomainName/thankyou.html">
<input type="hidden" name="_sort" value="Name,Email,MailingAddress,City,
State,Zip,Country,PaymentMethod,CardType,CardName,CardNumber,CardExpiration">
<input type="hidden" name="_required" value="Name,Email">
<input type="hidden" name="_success" value="https://sslserver.com/YourDomainName/error.shtml">
<input type="hidden" name="_mailto" value="You@YourDomainName">
<input type="hidden" name ="{id} : {name}" value="QTY: {qty} Price: {price}">
Your Name: <input type="text" name="Name"><br>
Email: <input type="text" name="Email"><br>
Mailing Address: <input type="text" name="MailingAddress"><br>
City: <input type="text" name="City"><br>
State: <input type="text" size="4" name="State"><br>
Postal/Zip Code: <input type="text" name="Zip/PostalCode"><br>
Country: <input type="text" name="Country"><br>
Payment Type:<br> 
<select name="PaymentMethod">
<option value="Check/MO">Check/Money Order
<option value="COD">COD
<option value="CreditCard">Credit Card
</select><br>
Card Type:<br>
<select name="CardType">
<option value="AmericanExpress">American Express
<option value="Discover">Discover
<option value="MasterCard">Mastercard
<option value="Visa">Visa
</select><br>
Name on Card: <input type="text" name="CardName"><br>
Account Number: <input type="text" name="CardNumber"><br>
Card Expiration: <input type="text" name="CardExpiration"><br>
<p>center><input type="submit" value="Order"> or <input type="reset" value="Reset Form"></center></p>
</form>
</body>
</html>

Retrieving Your SSL Orders

To retrieve your encrypted orders, simply point your browser to https://sslserve r.com/secure/. You will then be prompted for your login name (in the form of User@DomainName) and password. Enter those and hit "OK". When the page loads you can view and/or print your current orders, download them to your local machine or reset your order file. Please view your orders before resetting, as there is no way to get them back.

Credit Card Validation/Processing Services

Besides the default save-file.cgi and the SSL account you receive with your Internet Connection hosting account, there is another order processing option you can choose to employ: a third party credit card validation/processing service. There are many different services available that provide you with real-time credit card verification and or processing and you should be able to find a number of them in your favorite search engine.

Because of the sheer number of companies offering these services, it is almost impossible to cover how to make your order form work with each one. However, the company you choose should provide you with documentation on how to integrate their service with your site.

Related Items

Email and Web Hosting by Internet Connection 2004-2009 ©
Contact Us