On the store-front end, users will receive the invoice token number in order for them to be able to access the guest invoice page which includes a text field by entering the token they have received from the checkout success page and, below, requires a captcha code. By hitting: 'Track Invoice' on the lower right, the token and the captcha will be verified upon each printings. Guest customers must refresh the page if they want to print again to avoid query abuse on the store.
The CSRF protection form has been added into the contribution as well as the SSL enforcement under PCI-Compliance. Guest customers must be able to access the guest invoice page under SSL. No users can directly access the related routes used by the guest invoice page from their browsers. Only the server can. This methodology enforces protection to the store against unauthorized access to the invoices without customers consent.
Contribution: http://www.opencart.com/index.php?route ... n_id=27204
** Tested on Opencart v18.104.22.168 release **
The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.
Opencart.com Administrator / Quality Assurance Analyst / Programmer / Opencart Tester
Users browsing this forum: No registered users and 3 guests