Guest Payment showing a Credit Card form


#8

Yeah, this may be a better solution than hard-coding them into configuration files and may leave anything open for further implementation of other gateways.

Does anyone thinks that this is a bad idea?


#9

TL;DR: I’m a bit worried about the CC form and wonder if it’s implemented correctly. With all due respect to the developer that implement it! Just my 50 cent, hopefully you understand my worries.

Btw, I couldn’t believe that there is a payment method that asks YOU to put a CC form on your own website.
Then I checked Stripe, it looks that they have a widget(iframe) solution, which sounds more secure to me https://stripe.com/docs/checkout/tutorial

Like @mikenuun said, we have (Dutch) payment providers, they care about the payment method the customer is going to choose. You just basically open a popup/redirect people to their website, with a certain token.
They handle the security part , etc.

The current CC form is very insecure. The action of the form is the IP URL, which is in my test environment non-HTTPS
(Chrome even notifies you "Automatic credit card filling is disabled because this form does not use a secure connection).
So all your CC information is sent unsecured, if your IP isn’t hosted HTTPS


#10

If you find a suitable solution for the credit card form feel free to open a pull request for it, I really appreciate any solution that solves the current problems. I implemented it to just work with the payment library and may only be used for Stripe at the moment. However, I think it might get a bit hacky to get the custom stripe form working, as it’s no standardized solution.

Well yeah, submitting credit card information on InvoicePlane is indeed insecure if you don’t use SSL. It’s the same with any other information you save in InvoicePlane if you are not using SSL. But this is nothing we can take care of, I just might add a note to the wiki that SSL should be used.


#11

I understand, I think for now the ‘enable CC form’ checkbox per payment method is the easiest solution.

Not sure how the other people think about this? If they agree, then we can start implementing it


#12

@mikenuun @Vazeel / @Developers @Contributors


#13

Agree, you should go with the cc checkbox option.


#14

How did you removed the form?, im trying to accept payments with paypal but if you send the form in blank you receive a error

Message: The card parameter is required


#15

I would like the same thing.
I added PayPal and Stripe and I would like to disable the CC form in case the customer choose PayPal.

When a payment method is selected the page need to refresh with or without the CC form.

Plus I think that it’s better to have a checkbox selection (with the logo of each payment methods?) in this way the customer/client will see clearly what payments methods are available. The dropdown menu hide them.

In case you don’t agree for the checkboxes please make the dropdown menu set without any selection by default so the customer have to click on the dropdown and will see all the payment methods available.


#16

Where in the code is this I need to do the same until a better fix is implemented.


#17

You should not delete it at all. However, you can hide it by opening the file application/modules/guest/views/payment_information.php and replace the line 168

<div class="panel panel-default">

with

<div class="panel panel-default hidden">

#18

Anynews about this?
Is it going to be implemented on 1.5.4?


#19

Unfortunately I couldn’t make any time to fix this issue :pensive:

Maybe someone else can make some time: https://development.invoiceplane.com/browse/IP-530


#20

for reference:

Even off-site gateways make use of the CreditCard object, because often you need to pass customer billing or shipping details through to the gateway.

The CreditCard object can be initialized with untrusted user input via the constructor. Any fields passed to the constructor which are not recognized will be ignored.

 $formInputData = array(
     'firstName' => 'Bobby',
     'lastName' => 'Tables',
     'number' => '4111111111111111',
 );
 $card = new CreditCard($formInputData);
 You can also just pass the form data array directly to the gateway, and a CreditCard object will be created for you.

#21

can you tell me how you added the missing variables in the payment handler for the provider Mollie?, thanks


#22

Hi, Would be great if you could share your change for the Mollie/iDeal payment.without creditcard fields.


#23

Something new? I want same. When guest selects Paypal CC form should be hidden, in case of selected Stripe then CC form should appear.

Also interested on add Checkbox selection with logo of each payment method instead of dropdown menu list.


#24

Just wondering if there permanent fix for this in an upcoming version?

I’ve implemented the temporary fix by removing the CC form - see details in this post:

I"m sure I’ll forget all about this issue when the next update comes out, and then I’ll overwrite the fix with update, and wil no longer be able to process PayPal payments again.

Without this fix, trying to have my clients make PayPal (PayPal Express) payments, just simply does not work at all.

Currently using version 1.5.8 and this is still an issue. Does not look like the changelog for version 1.5.9 addresses this issue.


#25

Probably not. Because it’s no critical issue but rather an UX problem, and hard to resolve. So, low priority for now.


#26

Hi Vazeel,

Do you have a sollution how to show Bancontact or iDeal from mollie?
I’m having the same issue, only the CreditCard is shown, even this is not activated in my mollie account.


#27

Use paypal payment and never share your credit card details.