We're running ZC 1.5.5 on PHP7.3 with the very old SagePay Form payment module, which sets up the Checkout Confirmation page with a form whose 'action' points to the sagepay server, so when you click Confirm Order it will immediately post the data to the sagepay server and not via our own server.
This may be a silly question but wondered what ideas people might have. We want to add a field to the page which would capture the customer's "signature", because we've had trouble refusing a customer refund before because despite having Terms & Conditions displayed during checkout the card company says the customer didn't sign off the conditions so they are not binding.
(Just to preempt some replies, I do understand that most websites don't do this, and I really don't want to have to implement this, but our business owner has requested the feature so I have to at least look into it. We may well ditch the feature - I'm certainly hoping that way).
However if we present a textbox on the confirmation page for their name, the value is not sent to our server (because the form posts to sagepay), so we cannot capture it and associate it with the order record. I've had a look at the SagePay specification and cannot see a way to pack the data in the Crypt field as a 'passthrough' that would be sent back to us when the transaction is confirmed.
Just to be clear, of course the customer is logged in at the time and we know their customer record's firstname and lastname, but we would like a way to present an editable textbox so we can be clear that they are signing their name at the point of confirming the transaction. As said, the card company didn't consider them being logged in as binding enough in a legal sense.
The confirmation form looks something like this:
HTML Code:
<form name="checkout_confirmation" action="https://test.sagepay.com/gateway/service/vspform-register.vsp" method="post" id="checkout_confirmation">
<input type="hidden" name="Crypt" value="@...long_crypt_string...">
<label>Confirm your name associated with these agreements <input type="textbox" id="checkout_customers_name" name="checkout_customers_name" value="Initial Name Here"></label>
<div class="right"><input class="cssButton submit_button button button_confirm_order" type="submit" value="Confirm Order" name="btn_submit_x" id="btn_submit"></div>
</form>
I can only see two ways around this:
- Present the editable textbox on the checkout_payment page (the one just before checkout_confirmation), which does post to our server and so we can capture the value entered by the customer.
- Simply display the customer record's firstname+lastname on the checkout confirmation page in a readonly fashion and indicate that the customer is agreeing that this is their name. I'm not sure how binding that would be legally, given how annoying the card company was last time.
Bookmarks