addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Portland WordPress Meetup Message Board › e-commerce site with a customized product

e-commerce site with a customized product

Daniel P.
tualatinweb
Tualatin, OR
Post #: 79
I'm developing a client web site and want to add a customized product using http://www.fancyprodu...­ into a shopping cart system. I'm looking at WooCommerce, but am open to other ideas. I also need offline credit card processing (so that rules out Cart66).

There will be multiple options that a User will select in customizing a Product like:


  • Type of material: Plastic, Metal
  • Shape: Square, Circle, etc.
  • Size: Small, Medium, Large
  • Color: Black, Yellow, Red, etc.
  • Text Line 1, 2, 3


WooCommerce only supports product variations with up to 50 combinations, and I'll have way more than that, so I don't think I will be using Variations.

The customizer is jQuery so I know how to make that work with all of the variations I need, but how do I tell WooCommerce to let my own jQuery code calculate price and text fields, etc.?

I have lots of PHP, MySQL, WordPress and jQuery experience, but this is my first time using the Fancy Product Designer and an e-commerce plugin like WooCommerce.
Michael R.
user 44755862
Portland, OR
Post #: 1
A warning: letting jQuery calculate price on the client side leaves your ecommerce site open to exploitation. A malicious user could edit the JS so that instead of calculating the price at the correct value of, lets say $500, it instead puts the price at $5.

What you need is to have the price determined on the server side, and to constantly validate it throughout the checkout process to ensure that it hasn't been tampered in some way. If WooCommerce is open source, you might consider forking it and expanding the plugin to handle more than 50 variants. After all, it seems like you're going to be doing that work anyways, so you might as well put it back into the community; this also benefits you by allowing you to update WooCommerce for security purposes or for newly added features.
Daniel P.
tualatinweb
Tualatin, OR
Post #: 80
Thanks for the warning. Exactly how does a malicious user change client side Javascript?
Michael R.
user 44755862
Portland, OR
Post #: 2
It is not limited to JavaScript, but anything on the client side can be manipulated by the client. JS, HTML, CSS, cookies, header packets: all able to be manipulated. Hidden form fields in a table storing sensitive information or setting critical data (price)? They can change that. Cookie set to usertype/admin or usertype/guest? They can change that too.

Download either Google Chrome or Mozilla Firefox (with the Firebug addon). After downloading, open up a webpage and view it in the Firebug/Chrome Inspector (click firebug / right click Inspect Element). This allows you to see all of the HTML, CSS, JS, Cookies, Local Storage, et al. that is related to the web page. From the inspector I can proceed to delete all or portions of the JS on the site (e.g. delete the form validity checker script), and I can then proceed to write my own JS, or more likely, I would leave the whole HTML,CSS, JS intact, then intercept the form submission (with Tamper Data or a host of other proxies) and change the values midstream from my client to your server.

Daniel P.
tualatinweb
Tualatin, OR
Post #: 81
Michael, Thanks for the info. I use Google Chrome and for debug use "Inspect Element", but didn't know that I could change Javascript code from the debug console. If you want to peek at my development page to see the progress I've made on integrating a customized product: http://cascadelaseren...­
Powered by mvnForum

Our Sponsors

  • Digital Trends

    Digital Trends kindly provides our downtown venue.

  • O'Reilly

    Discounts on books and conferences.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy