Setting
up the "Capture Card" system using a shared SSL certificate.
Some hosting providers may provide shared space on their secure
server. Generally this is a cheaper option as you don't have to
purchase your own secure certificate, but it is a bit more difficult
to set up.
The first thing you must make sure of is that you can access
your database from both the secure and the non-secure areas. Your
host can tell you if this is possible when you contract the secure
space.
You will need to make a copy to your secure area of the thanks.php
and cart.php pages. Also, you will need any images from your images
directory that are used by these pages and the whole vsadmin directory
on the secure space.
Now in vsadmin/includes.php set the pathtossl, for instance...
$pathtossl = "https://secure.yourhost.com/yourdir/"
$pathtossl = "https://yoursubdomain.yourhost.com/"
One thing to note is that if you are on an https connection and
then click on say the link to the categories.php page, you will
remain on the https connection which is not really desirable.
To overcome this you can make all your links absolute. For instance,
don't link to categories.php but rather link to http://www.yoursite.com/categories.php
Now open your Ecommerce Plus template online admin section, and
click on modify for Capture Card. You want to make sure the processor
is "Enabled", select the credit card types that you want to use.
Open the file vsadmin/includes.php and set $encryptmethod="";
to $encryptmethod="none";
Now try a test transaction. After the first checkout page all
information will be taken on a secure connection. (For instance
https://www.yoursite.com/cart.php.)
To complete a Capture Card transaction you will need a valid
test credit card number such as 4111111111111111 and just choose
any date.
After completing a test transaction you now want to make sure
you can view the credit card number. Log in to your Ecommerce
Plus admin section and go to the orders page. Now click on the
order you just made. Remember to always view the admin orders
page on an HTTPS connection.
NOTE
Sometimes, the way the host sets up the SSL server means that
our tests for SSL are fooled. If you are absolutely
sure that you are on SSL, have the padlock etc, then set the following
in your vsadmin/includes.php file...
$nochecksslserver=TRUE;
Now please be careful as there will be no warning if you try to
view your orders page on a non-ssl connection. The best thing
to do is bookmark the orders page on the https://
address, and only go to admin using that bookmark.
To reduce security risks set the automatic deleting of credit
card information to a workable minimum level - we would suggest
that 2 days is ample time. This setting can be found on the main
admin page. You can also manually delete the credit card information
from your database by hitting the "delete" button. We
strongly advise that you delete the credit card information as
quickly as possible to reduce the security risks.
