Results 1 to 5 of 5
  1. #1
    Join Date
    Mar 2011
    Posts
    93
    Plugin Contributions
    0

    Default Tell visitors why they've been logged out?

    The FILENAME_TIME_OUT seems to be the page to go to whenever something goes wrong, but there's no mechanism to display the reason it gets there.

    How can I change it so that it displays some helpful message depending on the reason the user got redirected there?

    Example, if the user got kicked out from checkout_process due to CC Slamming, I want to display "Sorry, as a security measure, you have been logged out because you have made too many failed payment attempts. Please log in to try again."

    How can I pass over an error code? Do I just add &error= to the redirect link and process that in pages/time_out/header_php.php?

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Tell visitors why they've been logged out?

    The whole idea behind the process of blocking credit card slamming is to NOT encourage them to come back. You DO NOT want people slamming credit card numbers on your site. It costs you a transaction fee every time they attempt to use a card, even if the card is declined. And you don't want to be the target that a fraud ring uses to test or exploit cards.

    I don't recommend encouraging malicious visitors to "Please log in to try again." If anything you should be saying "Sorry, you've been locked out for suspected fraudulent abuse of credit cards. Come back tomorrow accompanied by your local police officer."

    Pardon the sarcasm. No offense intended.

    You're the only one reporting having any problems with the way things work presently, and that's probably because you're doing multiple tests of your own new payment gateway module implementation, so you are in fact doing an intentional "slamming" sort of activity.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Mar 2011
    Posts
    93
    Plugin Contributions
    0

    Default Re: Tell visitors why they've been logged out?

    The idea behind CC Slam prevention is to stop simple scripts, right? Functionally, adding the polite text message makes no difference. Even without the polite message, there's nothing to stop a malicious visitor to just log-in again after being booted out. I imagine they can even alter their scripts to log-in again after 'n' tries.

    Anyway, a friendly informative response when things *DO* go wrong for the user (non-malicious) will give a good impression to the customer of your website and how professional it is. This isn't only limited to the CC slam case.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Tell visitors why they've been logged out?

    If your customers are the type who can't type their credit card number correctly 3 times in a row, you're bound to have larger problems than them being logged out.

    But, you'll do as you want, of course.

    Add a messageStack call to every case where the redirect to that page occurs, and give them the "reason".

    Do remember that there's a fine line between being 'informative" and "disclosing sensitive information". Tread carefully.
    Also, be reminded that the more changes you make to core code, the more complicated your future upgrades will be too.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Mar 2011
    Posts
    93
    Plugin Contributions
    0

    Default Re: Tell visitors why they've been logged out?

    Thanks, DrByte. I appreciate your help and advice (and generally appreciative for the whole ZenCart). :)

 

 

Similar Threads

  1. customers cannot checkout their products after they are logged out
    By naturalbornkiller in forum Setting Up Categories, Products, Attributes
    Replies: 2
    Last Post: 22 Aug 2011, 08:26 PM
  2. I want to hide the left column for not-logged-in visitors
    By oluja in forum General Questions
    Replies: 15
    Last Post: 23 Mar 2009, 02:51 PM
  3. how to tell if logged in?
    By adornit in forum General Questions
    Replies: 14
    Last Post: 4 Jul 2008, 12:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg