Guest Payment showing a Credit Card form

Good Day

Im using IP 1.5.2

My guest can now select Mollie or TargetPay.
I created the methods and configured the APIs and payment methods.

However, guest still only see a credit card form,
Even if i select Mollie or Targetpay.

Im i missing something ?

Okay so I just deleted the credit card form and only using the pay now button

Since the gateway should decide which payment methods are available.

the payment_handler is missing data which should be sent to the gateway,
im working on that now. (‘issuer’ and ‘description’ is required to be received by Mollie)

Will update when is working so others can benefit

The problem is, that some payment providers like Stripe require credit card information to be sent from within the application. Therefore the credit card form will always be displayed.

Yes but this is weird,
Because the gateway should handle the payment and payment info , only to send back the details to IP.
Maybe my way of thinking is incorrect.

This creditcard requirement is a stripe thingy , but i can relate that it is impossible to keep checking all gateways for their methods and then enable/disable the credit card form.

In Holland we have a payment system called ideal to pay with your internet banking account or bank app on your phone. therefor i shouldnt ask for credit card details since almost nobody has one :slight_smile:

I removed the credit card form and added the missing variables in the payment handler for the provider Mollie. my guests can now pay invoices and they are automaticly set to paid in ip. very cool.

If anyone is interested in using Mollie i can hook you up , i think for targetpay it should be possible but that misses some extra parameters.

Thanks Kovah :slight_smile:

1 Like

I’m interested in this. Mollie also uses bancontact and that’s actually the way to pay over here in Belgium :stuck_out_tongue:

Maybe it would make more sense to try to achieve a general solution for this problem rather than patching the form for each payment provider.

For reference: https://development.invoiceplane.com/browse/IP-530

1 Like

So the easy and one-solution-fixes-all scenarios, we can add a checkbox per payment method, so you can enable to show a CC form or not (default disabled).

The person that enables the payment method, is responsible if CC method is enabled for his/her payment method.
(Maybe a small text to explain what it does and 90% it doesn’t have to be enabled?)

Sounds like a easy fix that solves the problem, as far as I understand the issue above

1 Like

Yeah, this may be a better solution than hard-coding them into configuration files and may leave anything open for further implementation of other gateways.

Does anyone thinks that this is a bad idea?

TL;DR: I’m a bit worried about the CC form and wonder if it’s implemented correctly. With all due respect to the developer that implement it! Just my 50 cent, hopefully you understand my worries.

Btw, I couldn’t believe that there is a payment method that asks YOU to put a CC form on your own website.
Then I checked Stripe, it looks that they have a widget(iframe) solution, which sounds more secure to me https://stripe.com/docs/checkout/tutorial

Like @mikenuun said, we have (Dutch) payment providers, they care about the payment method the customer is going to choose. You just basically open a popup/redirect people to their website, with a certain token.
They handle the security part , etc.

The current CC form is very insecure. The action of the form is the IP URL, which is in my test environment non-HTTPS
(Chrome even notifies you "Automatic credit card filling is disabled because this form does not use a secure connection).
So all your CC information is sent unsecured, if your IP isn’t hosted HTTPS

If you find a suitable solution for the credit card form feel free to open a pull request for it, I really appreciate any solution that solves the current problems. I implemented it to just work with the payment library and may only be used for Stripe at the moment. However, I think it might get a bit hacky to get the custom stripe form working, as it’s no standardized solution.

Well yeah, submitting credit card information on InvoicePlane is indeed insecure if you don’t use SSL. It’s the same with any other information you save in InvoicePlane if you are not using SSL. But this is nothing we can take care of, I just might add a note to the wiki that SSL should be used.

I understand, I think for now the ‘enable CC form’ checkbox per payment method is the easiest solution.

Not sure how the other people think about this? If they agree, then we can start implementing it

1 Like

@mikenuun @Vazeel / @Developers @Contributors

Agree, you should go with the cc checkbox option.

How did you removed the form?, im trying to accept payments with paypal but if you send the form in blank you receive a error

Message: The card parameter is required

I would like the same thing.
I added PayPal and Stripe and I would like to disable the CC form in case the customer choose PayPal.

When a payment method is selected the page need to refresh with or without the CC form.

Plus I think that it’s better to have a checkbox selection (with the logo of each payment methods?) in this way the customer/client will see clearly what payments methods are available. The dropdown menu hide them.

In case you don’t agree for the checkboxes please make the dropdown menu set without any selection by default so the customer have to click on the dropdown and will see all the payment methods available.

2 Likes

Where in the code is this I need to do the same until a better fix is implemented.

You should not delete it at all. However, you can hide it by opening the file application/modules/guest/views/payment_information.php and replace the line 168

<div class="panel panel-default">

with

<div class="panel panel-default hidden">
1 Like

Anynews about this?
Is it going to be implemented on 1.5.4?

Unfortunately I couldn’t make any time to fix this issue :pensive:

Maybe someone else can make some time: https://development.invoiceplane.com/browse/IP-530

for reference:

Even off-site gateways make use of the CreditCard object, because often you need to pass customer billing or shipping details through to the gateway.

The CreditCard object can be initialized with untrusted user input via the constructor. Any fields passed to the constructor which are not recognized will be ignored.

 $formInputData = array(
     'firstName' => 'Bobby',
     'lastName' => 'Tables',
     'number' => '4111111111111111',
 );
 $card = new CreditCard($formInputData);
 You can also just pass the form data array directly to the gateway, and a CreditCard object will be created for you.