Storing or emailing credit card data

“Does Cartweaver support storing or emailing the customer credit card information so we can process their payment manually?”

With all the attention that PCI compliance, and the liability associated with customer identity theft is getting,  it amazes me that we still get asked this question, but some clients can be really insistent about wanting to do this, in spite of the risks involved.

In short, the answer is an emphatic no!

We used to say, that you could modify your site to allow this but be sure to get a “hold harmless” agreement from your client before doing so. - We no longer say that!!!  - Reason is, a good attorney can walk right through a hold harmless and still successful hold you liable!

View this topic as the “third rail” of ecommerce development. You touch it, you die!  Don’t do it, ever. If the client absolutely insists, walk away from the project. Let some other developer enter the food chain for the hungry lawyers out there looking for such cases.  This is where you must put on your consultant’s hat and educate you client on the gravity of what they are contemplating and help them see that this is just to dangerous and could cost them their business.

As developers, out number one priority should be, like doctors… to “do no harm” and to protect our clients, even in spite of them selves if necessary. Making sure that every possible effort is taken to protect the customer data is the only way to go.  Offering our clients the ability to join the vast opportunities of ecommerce is a very valuable service, one that should be taken seriously, protecting our clients and their customers is the foremost concern in offering this service.

Simply put: Secure your site, Secure your server, secure your data.

Use every means at your disposal to do so… SSL, Secure Payment Gateway Provider, reputable merchant account, top quality, knowledgeable host. Make the effort and take the time to do the “due diligence” to secure customer data!

You, and your clients will be much better for it!

Overriding or Duplicating Application Variables in CW4

A question was asked on the Cartweaver Forum, about adding new application variables that would allow two sites to run from a single database, with separate settings:

CW 4 seems to set many admin parameters in the DB itself… can 2 stores share the same db but not all admin setup variables?

In other words, can you user a single database and admin, but display things one way under a specific url (e.g. server1.com/product.cfm), and another way in a store in another location (e.g. server2.com/product.cfm). The answer, of course, is yes… with several options.

There are a few ways you can handle this, so I’m going to outline a few options.  The user proposes this example, as a setting that should vary depending on the page being looked at:

Let’s take the “Cart Display Settings > add to cart action” as an example of an admin setting stored in the Database. In the public online store, I may want to set it to go to cart but in my local intranet store, I would like to overide this to the detail page. (Just an example)…

Note: this was asked on the ColdFusion forum, so the examples here are in CF. But the same general principles apply to Cartweaver 4 php, though the request/application scopes aren’t quite the same behind the scenes, since those are native to CFML.

Application vs. Request Variables

The first thing to understand is the way that this setting is applied to the page via the ‘request’ scope, even though it is initially stored along with all of the other admin variables in the ‘application’ scope.

Any value saved into the request scope is available at any point in that page’s processing, after the point where it is set, even inside of includes. So you could put this anywhere in your code:
<cfset request.cw.color = ‘blue’>
and then at any point after that, in any part of your code, you could display the value like:
<cfoutput>#request.cwpage.color#</cfoutput>.

This is a crude example, but… that’s how the request scope works. Set it anywhere, use it anywhere else, and unlike application variables which are stored in the system memory, the request scope only exists for each page request.

Using the Request Scope

So, for our example setting, the ‘add to cart’ action, near the top of the code in cw-product.cfm, you will see this line:

<cfparam name=”request.cwpage.cartAction” default=”#application.cw.appActionAddToCart#”>

This takes the value you have set in the admin, “appActionAddToCart”, and puts it into the request scope for that page.
However, note the use of “cfparam” here, instead of “cfset”. This means, if the value does not already exist, set the default. Otherwise, this code is ignored.
 
So, that line is where the setting from your admin gets transferred to your actual page. As for how it is actually used, we look at the value of the add to cart action, to set a different value, which is the URL for the page shown after an item is added. Further down in that file you will see this block:<!— redirect after cart action —>
<cfif request.cwpage.cartAction eq ‘goTo’ and not len(trim(request.cwpage.addToCartUrl))>
<cfset request.cwpage.addToCartUrl = trim(request.cwpage.urlShowCart)>
</cfif>

Note the line in bold. If your cartAction is “goTo”… we take the customer to the cart. Otherwise, the default value is left in place, and the customer stays on the page they are on. 
 
 
Changing the Default Values aka Overriding Admin Settings
 
Now for the potential solutions to the problem at hand.

1) Quick ‘n Dirty … Hard Code it in the Page
Right above that first example ‘cfparam’ line, you could set the value of the cart action variable like so:
<cfset request.cwpage.addToCartAction = ‘confirm’>
This would override the cfparam by putting an actual value in place, and your page would use this setting instead of the admin value for the Add To Cart Action. Taking this one step further, if you were trying to set that value only for a specific server location or directory, you could wrap it in a conditional cfif, like so:
 

<cfif cgi.server_name contains ‘server1.com’>
<cfset request.cwpage.addToCartAction = ‘confirm’>
</cfif>

This way, your page would use the default value unless you are on ‘server1.com’, at which point your hardcoded setting would apply instead.

2) Setting a Global Request Value

The method above will work just fine… but only for the one page you are editing. If you wanted to override this setting for the entire site, you would want to put the <cfif> code into a global location.

A good spot for this is in cw4/cwapp/func/cw-func-init.cfm. The “init” file sets all of the global settings for every page, and for the Application itself. Your code (the cfif block above) can be inserted at the end of the func-init file, just before the closing </cffunction> tag for the cwInitRequest function. Anything set into the ‘request’ scope in this file will be available to every page of your site.

3) Creating Your Own Application Variables

One of the most powerful but least-known features of the Cartweaver admin is the way the config variables (aka Admin Settings) are created in the first place. Logged in at the developer level to your store admin, click the option in the menu for
Site Setup > Configuration Variables.
This is where Cartweaver’s global settings are created and stored… and where you can add your own.

For the sake of this example, let’s say you wanted to add a new setting called “appActionAddToOtherCart“.
From the Configuration Variables page, click on the little pencil icon next to the “Cart Display Settings” group. Then, click the button for “Add New Config Item”. Fill in the form that appears, and voila, there is your new custom application variable. (Since the CF application is refreshed automatically when you change or add any config setting, the variable you created is available right away).

So now you have a variable called
application.cw.appActionAddToOtherCart, with a value of “confirm”.

Going back to product.cfm, you could alter the cfparam to use a cfif, just like we did for the request value.

<cfif cgi.server_name contains ‘server1.com’>
<cfparam name=”request.cwpage.cartAction” default=”#application.cw.appActionAddToOtherCart#”>
<cfelse>
 <cfparam name=”request.cwpage.cartAction” default=”#application.cw.appActionAddToCart#”>
</cfif>

This is a little bit of a stretch in terms of actual application, but you can see how you could use an ‘either/or’ setting in this way, based on a value you create and control in the admin. With this type of setup, you could then change the action of the ‘other cart’ at any point in the future, without affecting the default behavior on your primary domain.
This also demonstrates how easy it is to create your own global settings, for anything. You can even create a new “config group” such as “other site settings”, and then put all of your new values in there, so they are on their own page in the admin altogether.

4) Custom Cart URL
Lastly, specific to this particular setting, you will see that we are actually using this ‘goto’ value to set a different setting, which is then applied to the Add To Cart logic.

<cfmodule
template=”cwapp/mod/cw-mod-cartweaver.cfm”
product_id = “#form.productID#”
form_values=”#formstruct#”
redirect=”#request.cwpage.addToCartUrl#”
sku_custom_info=”#form.customInfo#”
>

So, you could also intervene at this level, setting the value of “request.cwpage.addToCartUrl” in any of these locations, rather than in that page. And of course, your <cfif> doesn’t have to just use the server name, you could switch this setting based on the Customer Type, the contents of the user’s cart, or just about anything else.

There are even more ways you could accomplish the goal of setting custom variables in your CW store, without breaking the default behavior, but the examples above use the primary principles for modifying Cartweaver with custom variables per page, or per request, or at the global level. Cartweaver 4 is built in the principle of “maximum insertion points”… in both the php and CF versions, there are always multiple ways to inject your own code or logic.

As always *remember to mark your changes to any Cartweaver file* with a custom comment, or some text string you can find later!

Handling sales tax can be a real pain for eCommerce some sites!

It used to be so simple, and for many places it still is… You only charge sales tax to customers that live in the same state in which you have a physical company presence, and you charge sales tax based on the county or city you are located in.  Simple right?  Well that’s beginning to change. Some US states are adopting very complex tax laws, and when you look at the EU and Australia, things get even more complicated.

Cartweaver 4 has two “tax systems” to choose from. One is the internal tax system, and the other off-loads the handling of sales tax calculation to a third party system – Cartweaver 4 supports AvaTax by Avalara.

Which tax system should you choose? The answer depends on the complexity of your tax system.

Internal Tax System

The internal tax system in Cartweaver 4 is very robust and handles most sales tax requirements, including more complex Canadian sales tax and European VAT tax, so you should take time to familiarize yourself with the system and see if it will meet your needs.

When Things Get Complicated

Certified Avalara PartnerThere are however some states or regions with sales tax laws or structures that are simply too complex for a stand alone solution to reasonably support. A few US states, such as Washington State for example, have begun charging sales taxes based on the location of the buyer rather than the seller. They have divided the state into “tax districts” that are not based on city, county or postal code, but on a separate tax districting map. To be able to comply with such complex requirements, Cartweaver 4 PHP and ColdFusion support AvaTax by Avalara. AvaTax calculates sales tax based on whatever criteria the state/province requires, and passes this back to your cart to be added to the order total. It also keeps a record of the transaction and prepares the necessary tax reports for you.

Here’s a little blurb from their marketing deportment.

AvaTax Calc – Fully integrated. Always accurate.
The AvaTax Calc tax decision engine determines rates based on 100,000+ taxability rules in 11,000+ jurisdictions and instantly applies them to each transaction. Geo-location provides the basis for precise identification of tax jurisdictions and associated taxability and sourcing rules, ensuring the most complete and accurate tax rate.

Sales tax is hard. AvaTax™ makes it easy. Avalara’s AvaTax is the fastest, easiest, most accurate and affordable way to handle sales and use tax compliance. AvaTax determines rates based on 100,000+ taxability rules in 11,000+ jurisdictions, and provides seamless integration with 100+ ERP, accounting, e-commerce and retail POS systems.

Learn more at www.avalara.com

New Video Training Course For Lynda.com


Lynda.com Cartweaver eCommerce Training Lynda.com has just released my latest training course Building an Ecommerce Web Site Using Dreamweaver with PHP.  This course focuses on two approaches to implementing eCommerce functionality in Dreamweaver: introducing basic eCommerce functions to an existing site and creating a stand-alone eCommerce solution with PHP and MySQL. The course explores choosing a payment vendor, creating a simple buy button with PayPal, configuring a store with the Cartweaver 4 extension for Adobe Dreamweaver, adding products and discounts, and managing inventory. The course also provides guidance on securing an eCommerce site, preparing for the site’s launch, and effectively promoting a store.

Lynda.com is the leading online trained for the web  developer/designer community for good reason. From the author/trainer standpoint they are an absolute joy to work with, their professionalism and quality of work is unparalleled. From student perspective, the experience is the same. If you are looking for a video course that looks at adding eCommerce to to your skill set, be sure to look at my new course at Lynda.com, and while you are there, take a look around at their amazing training library. this site is an invaluable resource. You can  sign up for $25 bucks a month, with no term commitment, which is about the best deal I have ever seen.

Cartweaver 4 mobile and other presentations.

We recently had a question on the Cartweaver Community Forum asking if we will be providing a mobile app for Cartweaver 4.  For a web application such as a Cartweaver 4 shopping cart, it’s not really a matter of developing an app, but more a matter of adapting the presentation to the smaller devises and different settings. That being said we have a number of device or alternate  presentation add-ons planned. Like the following;

A small screen presentation – (this would be mobile) where the presentation is scaled down and different, smaller images are used

Another one is – we have already tested this one and it is very exciting – an “all-in-one-page” Cartweaver store – so all the various “states” of your store – search, product list, details, add to cart, are all presented from a single page. What’s this for?   It will work perfect to put your store on Facebook! It will also make adding a Cartweaver store to a WordPress site very easy! We already do this for the CF version in the forthcoming Mura plug in.

When we built Cartweaver 4 we developed it with today’s web in mind.  The web is no longer just collections of standalone web sites, the web is an ever changing and increasing collection of devises and and different ways to present content. We built Cartweaver 4 to live and thrive in the new web.

Now that the core app is out, we can focus on doing all the other cool things that this new Cartweaver is capable of….   Should be an exiting year ahead!  Check back here or on our Facebook page for the latest developments.

URL rewriting = “SEO friendly URLs”

I had an interesting “conversation” on LinkedIn about URL rewriting.  It amazes me how this topic persists!  The content of this thread, I thought, was valuable enough to share here, so…

This was a response I got to an announcement I made Cartweaver 4 being released

Looks interesting. On the demo, I saw URLs like
“product.cfm?product=110″.
Does it support URL rewriting out-of-the-box?
Thanks.

After this post there was the inevitable “yeah what the …” sort of post that I wont quote because it adds little to the value of the conversation, except to dive home how some still have a zealot’s view of this tiopic.

After that post this comment was made… (Name removed)

Name:  I read a post once where Lawrence said he did not believe in the need for url rewriting. He is probably right – I don’t think url “friendliness” has much (if anything) to do with search engine rank. But, legions of developers and merchants have been convinced otherwise so it’s probably an important feature if you actually want to sell your e-commerce software.

So here was my responce to the thread…

Hi NAME, I’m glad you commented. This is one of those issues, like Mac vs PC where belief and facts have little to do with each other. The fact is Google doesn’t care. It indexes the database generated or variable passing versions of the URL just the same as it does the more visually appealing re-written ones.

There are a couple of things about rewritten URLs -
1. they are in fact more visually appealing to human users, and admittedly that can be a plus – and
2. from an SEO stand point, they do expose additional key search terms to search engines – So I’m not saying they are entirely useless. But they are not the holy grail of SEO some make them out to be. They can have, in reality, an very small measurable impact on SEO – but keep in mind that well written content, title tags, descriptions and so forth have immensely more impact.

With all that being said, we will most likely do a little add on or how too artificial that provides this functionality for those who what it. Now that Cartweaver 4 is released we have a platform that we and users can continue to grow and extend – and having that platform was priority #1, now we can start adding the icing to this cake!

So there you have it. In a nutshell this is a perfect example of the continuing virtual urban legend that is  “SEO friendly URLs”.  Like I said we will likely provide this because it does have some benefit, and providing it will serve our user community, and that’s what it’s all about.

When we have this available I’ll post here, in our forums and on Facebook to let you know.

Sunday Feb 26th 2012 – That’s the day!

Yep – Sunday is the day. We will release Cartweaver 4 on Sunday Feb 26th.
It may be 11:59 pm west coast time Sunday, but it will be Sunday!

Cartweaver 4 - Ecommerce for web developers of all levels!We can’t wait to get our new creation into the hands of developers and see all the cool things they will do with it.  It’s so hard to explain just how far we have advanced Cartweaver 4.
It IS easier, by far, for even a novice to dynamic web development to install and set up Cartweaver 4, but that’s only part of the story!  In Cartweaver 4 we have built a platform or a framework that con go so much farther, and so much bigger, than previous versions were ever capable of.

When a designer using Dreamweaver installs and sets up Cartweaver 4 for the first time they will go “holy cow, that was easy!”  When  a code developer opens it up and looks “under the covers” for the first time they will have the same “holy cow” moment – they will see just how modular, customizable, and extendable this thing is!  In case you can’t tell – our little, dedicated, development team feels like parents feel seeing their 4.0 g.p.a. student child finally graduating! “Look out world here it comes!”

A question about properly charging sales tax for your eCommerce site.

Q: So what about multiple tax locations. For example, we have plants in two states with different tax rates. What’s going to be the best solution for this?

A: The built in tax system allows you to enter your sales tax into whatever state you have a physical presence in so when a customer buys from one of those states you will charge them the tax for that sate.  This is the way most ecommerce sites have worked for a long time, and for the most part this is still adequate and Cartweaver 4 supports this.

Now if you find yourself is a situation with a product category or in a state where sales taxes gets far more complex, such as the requirement to charge sales tax based on the “tax zone” or county or whatever. of the customer, this can get too complex for any standalone ecommerce site to handle. In the past there have been two options – custom modify your application to try to fit the requirements, which could get very expensive, and still not be right, or fly under the radar because most states are having a terrible time trying to enforce this mess.  Neither one of these choices are good ones.

Complex tax requirements

Cartweaver 4 solves this dilemma by supporting AvaTax – a third party sales tax service by Avalara that works much the same way as connection to a third party shipper for shipping rates. This system is designs to offload all of the complexities of calculating, tracking, and reporting sales taxes in whatever state you tell them to, and your Cartweaver 4 site simply pulls the sales tax total from them and adds it to the order.

This is a huge relief!  Frankly, at this point in time, for the vast majority of Cartweaver 4 users the standard built in system will still be fine. But it’s good to know if it’s not fine you have a solid and safe – from a tax law perspective – solution to the problem!

A question about Cartweaver 4 updates and WordPress: Part 2

We received an email form a former user of Cartweaver 2 and Cartweaver 3. The question and comments really struck home at what this Cartweaver 4 is all about. Both Michael and I answered and there was some really good information shared in the replies so I thought I’d share the email and our answers here.
This get’s a bit long, so I’ll break it into two posts – Here’s part 2

The Email: continued…

Hi, we used Cartweaver 2 and then 3 …..
For the first part of this email and answers to the question see my previous post

My second question has to do with WordPress. Most of the sites we build use WordPress as a CMS. I haven’t found a reliable WordPress shopping cart system. It would be exciting if I could use CW with WP. Is there any documentation on working with the two together? I assume there isn’t a plug in for WP that will allow admin management of a CW store within the WordPress admin? I’m mainly concerned with code conflicts, and what the best approach might be to merging the systems (ie, just convert each CW page to a WP template page?). I look forward to hearing your response!

My answer to the second question:

For WordPress – This is one of our top priorities!When redeveloping Cartweaver we specifically developed it to be able to integrate with other application frameworks because we know this is where a majority of web development is headed. Were we successful? Yes! We already have integration with Mura the leading CMS on the ColdFusion side. This development was an excellent proof of concept, and going through the process helped us understand what we needed to do to interchange and share sates and variables between programs to make one framework work with another. The PHP version is built in exactly the same way, using php conventions of course, so the next step is to begin the same process with it. We have selected WordPress as our focus application for our first php integration. So is this available today? No, Will it be? Yes! Once we are done with the final development and prep of Cartweaver 4 php and it is released for download on February 26th, our next priority on the php side is to zero in on WordPress integration.

Michael’s answer to the second question:

With this version of CW PHP or ColdFusion, it is easier than ever to put what you want, where you want it, by setting a few variables and putting the correct include on your page – any php page – either by hand or, if your CMS lets you insert <?php executable code, or add blocks of functionality through other means, via the cms. We have already integrated CW4 with MuraCMS for ColdFusion, and are finding more and more ways to extend the connections between the two. The entire CW admin drops into the Mura admin as a menu option, so there’s no need to alter anything other than the login and a few asset paths, admin-wise. On the front end, the entire CW site runs in a single Mura page – that’s right, an _entire_ cw application in a single page of your site! Lots of options there. Then we have functions that let you call in a product, or a list of results, or any other CF element right in the wysiwyg editor. As you might guess we’re all a bit busy (and dizzy) right now, but a WordPress integration is on our hot list for add-ons after release. In the mean time, I expect any semi-advanced WP developer could find his way around enough to put the right stuff in the right places.

A question about Cartweaver 4 updates and WordPress: Part 1

We received an email form a former user of Cartweaver 2 and Cartweaver 3. The question and comments really struck home at what this Cartweaver 4 is all about. Both Michael and I answered and there was some really good information shared in the replies so I thought I’d share the email and our answers here.
This get’s a bit long, so I’ll break it into two posts – Here’s part 1

The Email:

Hi, we used Cartweaver 2 and then 3 for a while. We have since stopped using them for a variety of reasons. Cartweaver 4 seems like it is competitive again and we are thinking about purchasing. I have two main questions right now. In the past upgrading a shopping cart to a new version of Cartweaver (maybe to fix a security hole or something) has been somewhat tedious, especially if a version or two has been skipped. What is the upgrade process like in Cartweaver 4, is it the same as in the past (going through lines of code comparing and making sure they haven’t been edited, maybe going through the same page a few times when doing upgrades from a version .2 to a version .6 or something)?

 -     For the second part of this email and an answer to the questions about WordPress. see my next post.

My answer to the first question:

Good news on both these fronts. First, the update process…

You are so right, CW2 & 3 were difficult to update, especially if you have modified the core presentation files, which most anyone wanted a unique site did. Cartweaver 4 makes this incredibly easier ALL of the data and functions have been pulled from the presentation layer, and with the exception of the table on the actual show cart page where the selected line items are displayed, all formatting and design is table-less and handled by CSS. All of the actual Cartweaver files are in a separate folder and the files simply call these functions via includes, much like the Cartweaver 3 front end files used to do. What separating this out better and moving ALL of the queries and functions “up” one level does is makes it really easy to update your site. When an update is released, you leave all your design changes alone and simply swap out a folder named cw4\cwapp – this will update the functionality of your installation, but not touch your design.
Of course if a developer modifies what is in the cwapp folder, then updating becomes a more complex task, but the files in this folder have nothing to do with the design and presentation of your site and are likely to be touched only by code developers wishing to modify the core functionality of the program, at that point the developer is used to dealing with the line by line stuff anyway. So, the point of this is for 98% of Cartweaver users, updating Cartweaver should an update be released will be a simple matter of swapping out the cw4/cwapp folder and possibly the cw4/admin folder!

Michael’s Answer to the first question

“Cartweaver seems to be competitive again” That is exactly what we want to hear!CW4 is a *new* application, based on familiar concepts and data relationships. We tried to keep the best parts of CW and rewire the rest. Good question! We have put a few methods in place to make this easier including:

  • *separation of presentation and query logic (like, total, 100% no mixing at all separation) which means when things are updated or changed, it is SO much easier!
  • *file dating, each file is stamped with the last change date right in the code comments for easy comparison
  • *upgrade of our release notes – we’ll be looking at how to streamline things from previous methods but in general, if we fix a function, or a single item, it will just be ‘replace this file’.

THE MAIN THING YOU CAN DO (I’m going to write a how-to on this for sure) is to COMMENT ALL OF YOUR CHANGES NO MATTER WHAT

If you change something, get in the habit of making a special code comment mine, for CF, looks like <!— MyCustom: edit … —> and then eclipse snippets let me add the date and some variable text with a keyboard shortcut If you come up with some string that is not likely to appear in the usual code, it makes it a foolproof process to update. We are using this same format in our digital downloads, and other add-ons, which are based on the CW core code. Just search your files for that string (i.e. MyCustom) and if it is not found, the entire file is safe to replace. And if it does have your comments in it, if you are very diligent and “pay it forward” with any modifications, it should be pretty painless to bring the mods over. I can’t stress enough how much *cleaner* and simpler the code is this time around. Excited for you to see it!

For our answers to the second part of the question see my next post.

1 2  Scroll to top