// Guest Invoice
On the store-front end, users will receive the invoice token number in order for them to be able to access the guest invoice page which includes a text field by entering the token they have received from the checkout success page and, below, requires a captcha code. By hitting: 'Track Invoice' on the lower right, the token and the captcha will be verified upon each printings. Guest customers must refresh the page if they want to print again to avoid query abuse on the store.
The CSRF protection form has been added into the contribution as well as the SSL enforcement under PCI-Compliance. Guest customers must be able to access the guest invoice page under SSL. No users can directly access the related routes used by the guest invoice page from their browsers. Only the server can. This methodology enforces protection to the store against unauthorized access to the invoices without customers consent.
Contribution: http://www.opencart.com/index.php?route ... n_id=27204
** Tested on Opencart v2.2.0.0 release **
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Who is online
Users browsing this forum: No registered users and 7 guests
