Post by straightlight » Sun Jul 10, 2016 7:05 am

// Guest Invoice

On the store-front end, users will receive the invoice token number in order for them to be able to access the guest invoice page which includes a text field by entering the token they have received from the checkout success page and, below, requires a captcha code. By hitting: 'Track Invoice' on the lower right, the token and the captcha will be verified upon each printings. Guest customers must refresh the page if they want to print again to avoid query abuse on the store.

The CSRF protection form has been added into the contribution as well as the SSL enforcement under PCI-Compliance. Guest customers must be able to access the guest invoice page under SSL. No users can directly access the related routes used by the guest invoice page from their browsers. Only the server can. This methodology enforces protection to the store against unauthorized access to the invoices without customers consent.

Contribution: http://www.opencart.com/index.php?route ... n_id=27204

** Tested on Opencart v2.2.0.0 release **

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 3 guests