Zane

Not hardly. Care to elaborate some more?

screenshot? or link?

I decided that instead of paginating, I would use a fixed position filter. Since they are selling nation-wide, I figured it would be easiest. Thoughts? http://reallycheapfloors.com

you need to set it for both body and html body, html { margin: 0px; padding: 0px; width:100%; }

The client is teeter-tottering on the credit card transaction fee percentage. Paypal and Google Checkout have a 2.9% + $0.30 fee, while their Merchant is (somehow?) hooking them up with a 1.58% fee. I went ahead and set up a sandbox account and used the SIM integration method just to check it out. There are still a few variables I need to figure out, but it seems I may be able to get away with no getting an SSL. The form action posts to a https address hosted on Authorize.net, which is exactly what I need. Now I just need to make sure I meet the requirements.

There wouldn't be any committing of fraud. To me, having this landing page for a customer to enter his/her credit card info is no different than the customer calling and giving the info over the phone. Well, the actual difference would be that the online payment is secured. This is a very simple concept with Paypal, I don't understand why it cannot be done through Authorize.net in the same way. I found somewhat of a demo here that does near exactly what I want. http://www.authorizenetdemo.com/simplecheckout/ The price would be variable though. I would just like to skip directly to the payment page.. without clicking a buy now button. It's more of a Pay Now concept.

Ok. I'm pulling my hair out talking to this Merchant Service Provider agent and trying to understand their requirements. Allow me to explain the environment and perhaps that will help a lot more. I probably should have done this to begin with. My client is a retail flooring warehouse. The client already accepts credit card payments through a terminal, much like a convenience store does. The client uses a Merchant Service Provider known as Capital Bankcard to get the money from the card to their bank. Now that the client wants to accept payments online, they have called their merchant service provider agent to discuss, with me, the best way to implement online credit card payments. This website does not act as a normal "shopping cart" website. If a customer wants a certain product, they must call my client (or email) telling them how many feet of which product they want. When that is done, my client then writes an invoice, scans it, and emails it the customer. At this point, no payment is made... rather, the client then calls the dealer and makes sure that amount of footage is available.... at which point he asks that the product be put on hold.... As of right now, the customers call-in to make their credit card payment over the phone. Once the customer's payment is accepted, they are emailed another copy of the invoice which says "Paid in full" or something along those lines......making it a receipt. They are also emailed a reference number telling them where to pickup their product. The customer is responsible for picking it up IT IS NOT SHIPPED TO THEM WHATSOEVER. The obvious problem right now, which I am trying to alleviate, is that most customers do not feel comfortable giving their CC info over the phone. They would much rather enter it on a secure page. My client refuses to use Paypal because it would charge a fee for handling the credit cards... while they already have a merchant that makes them happier. I mentioned to the agent that Paypal would most likely be the best option, but saying that was no different than asking a Linux user to create something with an Adobe product......without a virtualbox. The solution in my head right now is to have some sort of gateway that "acts" like a donation page. This way, there would be no need for SSL bullshit. The client could simply email them a link to a "donate" page with a fixed amount. The closest thing to this idea is something called Simple Checkout from Authorize.net. http://developer.authorize.net/api/simplecheckout I suppose here in a few minutes I will call Authorize.net and ask them some questions as well. I hope I explained everything in detail, if not, don't hesitate to ask. I need all of the guidance I can get.

I believe this is solved now. Thank you all for your contributions.

Sorry if I made my question unclear. My sole question is, to accept credit card payments, using Authorize.net, do I simply need to include a library provided from the bank... or AuthorizeNet? So, if I am not redirecting to a third party "shopping cart" then I will need an SSL certificate? I was under the impression that I could use my current page, with the API included, and have the user successfully pay simply by hitting the "Make Payment" button... without a Secure Connection. To put this into context, which I hope helps more in understanding my question.. My client does not want his customers to be redirected off of his site.

DevilsAdvocate > TOA

Ok. That's what I needed to know. So I don't need to worry about VeriSign or using the HTTPS protocol. In other words, my url doesn't need to be https://pay.reallycheapfloors.com That's a load off. Are there any precautions whatsoever I need to worry about? Or is my next step with Authorize.net..

So, from what I understand from the replies, connecting with Authorize.net is as easy as using their API? Does that mean that I do not need SSL? Currently, I have something like this. http://pay.reallycheapfloors.com A user will be given an invoice number via e-mail and then they will use that page. Without an invoice number, and error will occur and nothing is sent to Authorize.net. As of right now though, I am not connected to Authorize and this page is yet to be implemented. Currently, all transactions are done over the phone and email.

[note] There's no point in beating a dead horse. I am already aware that using a third party alternative would be much much better. I simply want to know how it would be done.[/note] I just finished speaking with my client's credit card agent for their bank. The most information I could get out of her was that a link would be provided to me for the submission of a credit card number. Where I am drawing a blank is how to go about sending a CC Number securely. Supposedly, I would set up an HTML form asking for all the credentials: Name, Address, CC#, etc... and send that form information to the authorize.net link I would be given. If my understanding is correct though, this information would not go straight to authorize.net. By looking at the output of a trace route (which I have yet to do), I could see every server it goes through to get to authorize.net. Are all of those servers in between PCI compliant? Most likely not. I image I would need an SSL certificate or something that would encrypt the data sent to authorize.net. Does anyone have any background on how this actually works? I would love to know just for the sake of knowledge.

all of that information should already be stored in your apache log files. With the exception of hostname though. I do agree with xyph though. Google Analytics is where it's at. They even have a feature now that will show you a live feed of who is doing what on your website... live!

I'll have to ponder of that for a second. You need a counting variable to show that you've reached the end of an array, I'm just not entirely sure where it should go at the moment. :?:

Yep, Ideally, you'd use a foreach loop. and a string variable ... as well as a recursive function UNTESTED $multdimarray = array(); $stringVar = null; function createString($arr, &$str) { foreach($arr $k => $v) { if(is_array($v)) { $str .= $k . "/"; createString($v, $str); } else { $str .= $v; } } } // Then call it $mystring($multidimarray, $stringVar); // $stringVar will have your stuff.

I was thinking the same thing. Though, I'd like to implement one of those infinite scrolling pagination techniques. Yeah, that's worth a try. The sundries have the oddest way of inputting their data. My client asked if he could just copy and paste from excel.. and do multiplication with the numbers at the end to generate a total price. Unfortunately, the client seems to copy and paste more than is needed causing the prices to be ridiculous. I may end up posting a thread on that since I've been having difficulties figuring out how to deal with new lines/returns, what have you... some in of CR/LF things I'm not used to working with. Yeah. I suppose I could put a background color on that. Preciate' the feedback.

Here's the result of the advice given to me. http://reallycheapfloors.com

gemmerz > Gem

You could very easily set $_SESSION = null ... destroying the session.

+1

I never said it was easier, just more..."global"

Why not, instead of autoincrement, you just use an MD5 substring, using the current time and the users username as the parameters to be hashed. When you insert a new row, check for errors of duplication, and if there is a duplicate, hash it again with a salt... repeat. Because seeing as you want this "global" id within the scope of your database, checking for duplication is the secret.

That's it! Thanks Phillip, now I have a good idea of what to do. I don't know how I didn't think of it before.

I know it looks stuck together like duct tape and band-aids, but my main problem here is that I have way too much information to show. I have spoken with the client already and he wants to keep all of that information on one page, yet he also wants me to make the page more user-friendly. Also, I plan on integrating payment processing with credit cards, without the use of a third party payment gateway. I need some help. Some advice. I already have an idea of what a critique may look like, but feel free to critique away; you won't hurt my feelings. Also, I have already mentioned to the client that he needs a better logo, but he already has business cards with that plain sans-serif font. Without further ado, here it is http://www.reallycheapfloors.com Thank you