radical hacks WebStore Making the Order Form Secure sent in the following clearly written and useful hack!
I just did a small "work around" for the Web Store that might interest a few people. I'm one of those people who know just enough about cgi scripts to cause a lot of problems for myself. When I somehow (almost miraculously) manage to install a script, it is fair to say that I am generally the last person who could explain how I did it. So, this little tid bit is for people like myself who have a real hard time making any "cool hack" work and fear the outrageously long hours we will be forced to spend trying to figure out what went wrong when we screw it all up.
What I did is so simple I'm a little embarrassed to even write about it. However, it seems to be a decent solution for the problem of having an "insecure" page where visitors fill out there order information. The basic, "un-hacked", Web Store, only goes into secure mode when the user actually submits their personal data. Basically this requires a measure of trust that most visitors would rather not give. In fact, a major credit card company nearly refused to extend a merchant account to us because they believed our connection was not secure.
Here's the way I "solved" the problem. The first thing to do is to get rid of the checkout button on all of the html pages. Doing this is easy by downloading the ./Library/web_store_html_lib.pl file and deleting a few lines. Of course, make sure you have a backup of this file before you start to mess with it.
Then find the following lines of script and delete it everywhere you see it.
<INPUT TYPE = "submit" NAME = "order_form_button" VALUE = "Checkout Stand">
The next two parts are just as easy because it involves nothing more than common html.
Open up your ./Html/frames_frontpage.html file and edit the frameset to your liking. I did it the following way:
<frameset cols="19%, 85%" rows="100%"> <FRAME NAME="Frame 1" FRAME SRC = "http://www.mydomain.com/cgi-bin/web_store.cgi?page=../toc.html&cart_id=" SCROLLING = "auto"> <FRAME NAME = "Frame 2" FRAME SRC = "http://www.mydomain.com/cgi-bin/web_store.cgi?page=../outlet_frontpage_db.h tml&cart_id=" SCROLLING="auto" MARGINWIDTH=0> </FRAMESET>
Lastly open up the ./Html/toc.html and edit it pretty much any way you please.
BUT, here's the most important part, THIS is where you will add the checkout button. So make sure you keep things simple so that button is easy to find. Now use a plain old <a href tag to direct the link for the order form through your secure server location. As an example, here's the way I did mine. Of course, I may change it later to something a tad fancier.
<FONT size="3" face="arial, geneva"> Want to check out?<BR></FONT> <FONT size="2" face="arial, geneva"> <LI><B><A HREF = "https://ssl.mysecureservername/cgi-bin/web_store.cgi?order_form_button=yes& cart_id=" TARGET = "main">Click Here</A></B> </FONT>
That's all there is to it.
Now, when a visitor adds items to the cart (on the right side) they use the checkout button on the left side of the page to get to the order form. Another minor plus is that the checkout button stays in view all the time rather than at the bottom of a scrolling page. And when they click the checkout button (or link), a new page opens with the order page busted out of frames in it's own secure page.
I have been wrestling with this problem for a long time and feel really stupid that I never thought to do something so simple. It may be too simplified for a site such as yours but I decided to offer it in honor of the many hours slain in the line of duty for such an easy "fix." It's not radical but it works.