NEUBER-WEB-SOLUTIONS :: We support your ECommerce |

OpenOffice Base and your Inventory control

admin — Sat, 12 Jun 2010 15:51:32 +0000

Lets imagine this: you are using the inventory control of our themes. You are actually too lazy to login online and navigate to your “Manage inventory” section to update quickly some item quantities. What then? Under certain circumstances you could do the job also with OpenOffice Base.

What you need:
- OpenOffice Base (surprise,surprise)
- your host allows you external access to the online MySQL data base

Here we show you step-by-step how to connect to your Inventory and change the amounts via OpenOffice Base:

1) What MySql database is your WordPress using? In case its possible to give this database “external access” then please do so. You find this possibility usually in the backend of your host under “databases”. If this is definitely not possible – sorry! It will not work for you.

2) Get the newest version of OpenOffice at http://download.openoffice.org/

3) Get the newest version of the OpenOffice addon “MySql Connector”
…at http://extensions.services.openoffice.org/de/project/mysql_connector

4) Connect to the external web database
- open OpenOffice base
- choose in the “Database Wizard” the option “Connect to an existing database”
- choose in the dropdown “MySQL”

5) Choose “Connect directly”

6) Enter your database name, your database server and the port (very likely 3306)

7) Set up the user authentication – basically fill in your database username and password

8. Choose “Yes, register the database for me”

9) Press “Finish”

10) Save it e.g. on the desktop

11) Double click on the new desktop icon

12) Choose on the left side “Tables” and then the table “_wps_iventory”

13) Change the amounts in the column “amounts”

14) Simply close the window and save the changes

Congratulations – you’ve just updated your inventory control without touching the WordPress backend!

Inventory Control – When to use it

admin — Sat, 12 Jun 2010 14:45:22 +0000

One of the mostly desired newer features in our E-Commerce themes was the “Inventory-Control” or also called “Stock-Control”. Since the feature is available for some time now in the ClothesShop, TheFurnitureStore, JewleryShop etc. should you automatically always use it?
It actually depends on the nature of your products; on their uniqueness.

When to use it
Lets say you sell items of artists. Every item is absolutely unique – should you use the inventory control? Yes, definitely. Just imagine you have only 1 item of a kind and suddenly 10 customers order it. Then you need to tell 9 people that “you are very sorry, but that item is sold out”. This in return will trigger the question, why you offer items online which are actually sold out.

Bottom line: if it is very hard for you to get the offered item delivered again or if the article is absolutely unique, then you should use the “Inventory control”.

When not to use it
On the other hand if you sell items which you as merchant can easily reorder for yourself – why actually use the “Inventory control”? Let’s not forget that a message like “SOLD OUT – we are terribly sorry and repent…” is always a small disappointment for your user. It could very well be that he or she will surf to another web shop with similar items.

Bottom line again: if you have no real trouble to re-organize your items, don’t interrupt the sales flow unnecessarily. In this case its better to inform the user that the delivery time is e.g. “5-7 days”. If you really run out of the article you can get the article within lets say 3 days which still gives you enough time to deliver in the other 2-4 days.

Digital goods: if you sell digital goods you will most likely not need the Inventory control either. A digital good is normally a copy of your item in the directory ‘masterdata’ – there is no limit whatsoever for the availability of them.

The famous FPDF error: “Not a JPEG file”

admin — Tue, 01 Jun 2010 19:19:04 +0000

Now and then when you work with FPDF you may encounter this error:
“FPDF error: Not a JPEG file”

The confusing point about this error is, that this is also displayed if your file in question has an .jpg/.jpeg ending.

So in case you changed the ending of an .PNG image file to .JPG ,assuming that this makes the image to a JPG-Image – let me tell you: FPDF is smarter

Every image file has a characteristic beginning. The 2nd to 4th character of an PNG is… yes… PNG.
You see it here – this is a file with the extension .jpg opened in the Texteditor Notepad++ :

Obviously FPDF checks for this and throws then an error (if the file extension is not corresponding).
Solution: make sure its really, thru & thru a .jpg

How does the AIM CURL call to Authorize.net look like?

admin — Sun, 30 May 2010 17:17:47 +0000

Actually its only some lines of code (which you can also find in the Authorize.net AIM sample code):

$request=curl_init($post_url);
curl_setopt($request, CURLOPT_HEADER, 0);

curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($request, CURLOPT_POSTFIELDS, $post_string); 

$post_response = curl_exec($request); 

curl_close ($request); // close curl object
// Following line takes the response

$response_array = explode($post_values["x_delim_char"],$post_response);

Keep in mind: your website can only sent a CURL call if your PHP has the CURL module implemented.

Authorize.net – do I use SIM or AIM?

admin — Sun, 30 May 2010 16:56:26 +0000

A question which sometimes was asked by our customers was: “Does the payment method Authorize.net in your themes use SIM oder AIM?

SIM stands for “Server Integration Method”
AIM stands for “Advanced Integration Method”

To answer this in one brief sentence: Currently we are using SIM.

What does the customer experience when he pays via Authorize.net SIM?
At the last step of the checkout process he presses the famous button “Pay now”. The customer is sent now away from your shop website to a secured Authorize.net entry form. There the customers fills in all the necessary CC infos and presses again a payment button.
Authorize.net processes the transaction and sends the customer together with a special payment signal back to your website. Based on the “payment status” Authorize.net provides, the customers sees a “Thank message” or a “something went wrong message” (like: not sufficient funds on CC).

What would the customer experience if he would pay via Authorize.net AIM?
At the last step of the checkout process he presses the button “Pay now”. Then he is not sent away from your website but rather to a different page of your website. There he fills in his credit card information and there he clicks on a “Continue” button. And… then he sees a “Success” or “No success because…” message.

Something very important happened between the last two steps. Your website sent the CC-Data via a hidden CURL call to Authorize.net – the result of the transaction is sent back again in the background.
Like this the customer has the feeling he never leaves the website.

So AIM would be better?
Seen from the customer experience there is no question about it. AIM is more seamless.
However SIM has one big advantage. What if some customer accuses you that you stole his CC number? Well in this case you can very easily answer with: “My friend, you filled in your CC info on a page of Authorize.net and not on me website”. Ok – this is a bit of far-fetched scenario but theoretically possible.

Future plans
I’m sure you guessed it already: we are planning to implement also the AIM method…

WordPress security – the minimum measures

admin — Wed, 17 Mar 2010 19:31:51 +0000

How can you secure your WordPress installation?
In the Internet you find quite a lot about this point – often exhaustive lists with excellent ideas.
There is only one challenge with long lists, with lets say 30-40 points. Since life is busy and hectic we might not have the time for all of these 30 points “right now” and postpone the implementation to “later”. This results in an additional security of 0.00% in the mean time – which is of course not exactly what we want.

Therefore here 3 basic points, which can be implemented within a few minutes and add tremendously more security to your WordPress installation:

1) Protect the directory “wp-admin” additionally via “.htaccess”

This is will hinder talented hobby hackers to even see your WordPress login page in the first place. The need to figure out two different username/password combinations after each other increases the security level quite a bit.
Your hoster should provide in his admin panel a possibility for you to protect complete directories on your webspace.

2) Protect your cookies via the “secret key”

In the file “wp-config.php” you should find these lines:

define(‘AUTH_KEY’, ‘put your unique phrase here’);

define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);

define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);

define(‘NONCE_KEY’, ‘put your unique phrase here’);

These values are used for the encryption of permanent user cookies. Permanent cookies are also used for login data of WordPress users. Of course every hacker would be very happy if this information would be saved in non-encrypted form in the cookie. Happily this is not the case; WordPress encrypts them for you.
However, the “unique phrase” increases the strength of the encryption.
Additionally, a change of this key forces already existing users (with permanent cookies) to login anew.
There exists a handy online generator, which produces these 4 secure keys at once:
http://api.wordpress.org/secret-key/1.1/ – reloading this page produces always a new set of keys.

3) Protect the “uploads” folder via .htaccess

As the name indicates the above mentioned folder is the target where files of WordPress users end up. Should all kinds of files end up here? Not really! What the user need for writing articles or comments would be image files in the .jpg, .gif or .png format. More is usually not necessary and should not be allowed.
To accomplish this you could upload into the “uploads” directory this brief .htaccess file:

Order Allow,Deny

Deny from all

<Files ~ "\.(jpeg|jpg|png|gif)$">

Allow from all

Files>

Of course there are many more things you can do to increase the security of your WordPress installation. But just in case you have only some few more minutes after your WP installation – these 3 steps are a definitely good time investment.

Linux or Windows server – this is here the question…

admin — Tue, 09 Mar 2010 17:31:34 +0000

Now and then a PHP programmer needs to figure out, if a script runs on a Linux- or Windows server. Of course you can always consult phpinfo() and check the info in the first line next to ‘System’. But for the further processing in scripts the function phpinfo() is not the best candidate.

Happily PHP offers us at least 3 other possibilities to find out:

Possibility No.1:

echo PHP_OS;

A windows server will return here usually the value “WINNT”.

Possibility No.2:

echo php_uname(‘s’);

With a Windows-Server we get a result like “Windows NT”. You could use this then in a strpos() query like here:

if (strpos($os_info,‘Windows’) !== FALSE){

    echo "YES, this is a windows box…";

 }

Possibility No.3:

echo DIRECTORY_SEPARATOR;

PHP provides for us a constant for the separator used in directories of the server. Windows systems as we know use the separator \ . So you could use this again for a PHP query with the function strpos() :

if (strpos(DIRECTORY_SEPARATOR != ‘/’){

    echo "Again! A windows server";

 }

—-
….I’m quite that these possibilities are not the only ones – further possibilities are very much appreciated

Which online Payment Gateway do you prefer?

admin — Sun, 02 Aug 2009 08:33:24 +0000

Statistics prove clearly that you can increase your ecommerce turnover if you provide the payment options your customers expect. Many online transactions are left unfinished if the favorite payment option was not present.

A while ago we tried to find out, which online payment gateways are around. There are more than one may expect.
We have listed our ‘findings’ aphabetically for you – additional information will follow.
There are actually more; in case your favorite Payment Gateway is not listed here – let us know. Let us also why you think its a good online payment gateway.

2CheckOut

AlertPay

Amazon FPS

Authorize.net

Barclays EPDQ

BBS

Beanstream

ChronoPay

ClickandBuy

DIBS Payment

DeltaPay

eWay

ExperCash

FastCharge

FAST TRANSACT

Flo2Cash

GoogleCheckout

HeidelPay

iDeal

iPay88

iPayment

IPPAY

MoneyBookers

mPAY24

myGate

NETBilling

NetCash

NOCHEX

NOVALNET

ogone

paybox

paycenter

PayEase

PAYER

Payment Express

PAYONE

PayPal

PayPoint

PaySimple

protx

Qenta

QUANTUM

sofortüberweisung.de

twyp

UOS

WorldPay

What Credit Card numbers can/should tell us

admin — Fri, 26 Jun 2009 21:14:27 +0000

How can one make sure that a provided credit card number is valid?
There might be the situation that a customer wants to provide you the number by telephone.
Although checking CC numbers is a science on it’s own, there are some basic rules good to keep in mind:

Starting digit:
Every credit card type has it’s fixed starting digit – good to know:

Amex/Diners Club: 3
VisaCard: 4
Mastercard: 5
Discover: 6

Length of number:
Also the length of the number is fixed according to card type:

DinersClub: 13
Amex: 15
All others: 16

So, the customer wants to pay with his VISA Card, but he provided only 15 digits?
And even worse, the first digit was a 7?
No, we don’t think so…

Luhn or Mod10 algorithm – the CC checksum has to be right
This checksum algorithm was invented by Hans Luhn. If the generated checksum can be divided by 10 without rest – then the number is valid – so the basic idea.
Here a practical PHP function to validate a credit card numer with it:

function VerifyLuhn($number) {
   $split = array_reverse(str_split($number));
    for ($i=1;$i<=count($split);$i+=2) {
        if (isset($split[$i])) $split[$i] = array_sum(str_split($split[$i]*2));
    }
   return (array_sum($split) % 10) ? FALSE : TRUE;
}

Warning: Using “Online Credit card number verifiers” is potentially dangerous! Somebody might “harvest” valid credit numbers and misuse them.

—
Comments, improvments are welcome!

International Postal Address Formats – Where to find them?

admin — Thu, 25 Jun 2009 10:49:54 +0000

A while ago we made a small but important change to our WordPress ecommerce themes. Instead of nation-wide sales also international orders were now possible. This led to another challenge: postal address have different formats in different countries.
You may wonder: “…and, whats the big deal with this?”
Well, lets have a look at the classic example of two Joe Doe’s, one living in the US and the other one in Germany. The different addresses would be:

USA:

JOE DOE
1500 E MAIN AVE STE 201
SPRINGFIELD VA 22162–1010
UNITED STATES OF AMERICA

Germany:

Joe Doe
Teststr. 1a
11111 TESTSTADT
GERMANY

If I typed the data of the second Joe Doe into the address form of my E-Commerce application fitting for US-addresses, then I would get an address like this:

JOE DOE
1A TESTSTRASSE
TESTSTADT BAYERN 11111
GERMANY

I can assure you that this will confuse German shop owners + the German national postal delivery services (Deutsche Bundespost).

Ok – so where can I get the information from?
Happily, there exists an international organization which takes care of these issues – the UPU, Universal Postal Union.
They give you here the officially correct address format for every country: http://www.upu.int/en/activities/addressing/postal-addressing-systems-in-member-countries.html – (interestingly, it doesn’t like Opera as browser)