|
Authorization code in email notification to orders department
I need to include the credit cart (CC) authorization code in the email notifications that are sent to the orders department. Can anyone help me or point me in the right direction on how to do this?
Thanks, Jed X-Cart Pro 4.2.1 |
Re: Authorization code in email notification to orders department
I think the code is in the $cart[details] (among other things).
|
Re: Authorization code in email notification to orders department
I think you are right, it may be $cart['advinfo']. However The $cart variable/info does not seem to be "available" to this email tpl and I am not sure how to change that. The tpl mainly uses the $order variable but that does not include cc auth data.
Any suggestions? Thanks, Jed |
Re: Authorization code in email notification to orders department
Ok, To make this happen I plan on adding a section to skin1/mail/html/order_notification_admin.tpl. But this template would need the variable $order['extra']['advinfo'].
This variable is set in include/func/func.order.php In the function func_select_order() ~line 119. It is not available for this template because the area type is not right. Hence it does not satisfy this if() statement: if (defined('AREA_TYPE') && AREA_TYPE != 'C' && isset($order['extra']['advinfo'])) Any suggestions on what I should do? I could: 1) directly query the database and and decrypt this information. But doing this type of php in a TPL is not ideal. 2) I could remove or modify this if() statement. Removing the if statement is easiest but seems, at first, like a security risk. But how sensitive is this data to begin with? I do not store cc numbers and this if() statement does not return cc numbers, only authorization codes. Even if a malicious person figured out a way to access this exemption (which won't be straight forward) I don't think they could do anything harmful with the information. The data in this variable is something like: --- Advanced info --- Reason: Approved: AuthCode: 010101; PNRef: E19E3A285702 AVS info: International AVS result: N; AVS result: Street match: Match; Zip match: No Match CAVV info: No Match I appreciate any opinions Jed xcart 4.2.x |
Re: Authorization code in email notification to orders department
I could also make an additional query in func_process_order() where the admin notification are trigger ~line 1200
With in the if() statement if ($config['Email_Note']['eml_order_p_notif_admin'] == 'Y'){ I could add: $orderForAdvInfo = func_query_first("select *, $o_date from $sql_tbl[orders] where $sql_tbl[orders].orderid='$orderid'"); And pass $orderForAdvInfo['extra']['advinfo']; to the tpl. I am still modifying the core code but this exception would be limited to when orders are processed and admin notifications are set. Just another idea |
Re: Authorization code in email notification to orders department
I ended up implementing my ideas in comment #5 but the code I had in that comment was not exactly right. If anyone cares I have my implementation below. I am still curious your opinions on best practices and security.
in include/func/func.order.php in function func_process_order() on around line~1200 I changed: if ($config['Email_Note']['eml_order_p_notif_admin'] == 'Y') { $to_customer = $config['default_admin_language']; func_send_mail($config["Company"]["orders_department"], "mail/order_notification_subj.tpl", "mail/order_notification_admin.tpl", $config["Company"]["orders_department"], true, true); } TO: if ($config['Email_Note']['eml_order_p_notif_admin'] == 'Y') { //query xcart for CC details $orderForAdvInfo = func_query("SELECT khash, value FROM $sql_tbl[order_extras] WHERE orderid = '$orderid'"); if (!empty($orderForAdvInfo)) { foreach($orderForAdvInfo as $v) $orderForAdvInfo[$v["khash"]] = $v["value"]; } $orderForAdvInfo = text_decrypt($orderForAdvInfo['advinfo']); $mail_smarty->assign("advOrder", $orderForAdvInfo); $to_customer = $config['default_admin_language']; func_send_mail($config["Company"]["orders_department"], "mail/order_notification_subj.tpl", "mail/order_notification_admin.tpl", $config["Company"]["orders_department"], true, true); } I then changed /skin1/mail/order_notification_admin.tpl and /skin1/mail/html/order_notification_admin.tpl from: {include file="mail/order_invoice.tpl"} To: {include file="mail/order_invoice.tpl"} Authorization Number is {$advOrder} As far as security, implementing it in this way should only expose that variable while admin notifications are sent. Hence a minimal risk. Thanks, Jed |
Re: Authorization code in email notification to orders department
Hi Jed,
I'm wondering how I can add this Authorization Code in main/orders_list.tpl (Orders History - just below each order line or in an additional column) . I appreciate your opinion. Thanks. |
| All times are GMT -8. The time now is 09:42 AM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.