The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

E-mail address verifcation

oskayoskay Member
in Bugs & Feature Requests edited August 2009
Looks to me like the FoxyCart checkout page does not verify that an e-mail address is valid... which leads to occasional badness.

For example, if someone went through the checkout page and entered their e-mail address as john.smith, the order *would* get processed, and the order confirmation e-mail would be sent to address usually a non-existent address. (You might think this never happens, but we've actually had three cases of it-- that I noticed --in the last year.)

It seems to me that perhaps basic address verification shouldn't be too difficult or resource intensive. Check for an '@' symbol, maybe?
  • lukeluke FoxyCart Team
    edited August 2009
    Hey oskay. We do have a validator, it's FC.validator.isValidEmail and it is called every time a customer enters an email address and clicks continue. Hmm... if you're using the single use checkout the continue button is hidden so it's probably not getting checked correctly. It also looks like it's not being called as part of the validateAndSubmit method. We'll fix this in the next version.

    In the mean time you can drop this code into your checkout template:
    <script type="text/javascript">
    	if (jQuery("#customer_email").val() == "" || !FC.validator.isValidEmail(jQuery("#customer_email").val())) {
    		if (jQuery("#customer_email")[ 0 ]) {
    			jQuery("#customer_email")[ 0 ].focus();
    	} else {
  • I don't think my situation would be solved by an e-mail verification scheme, but I have experienced customers mis-entering their e-mail address, and not being able to manage getting back in to change it using the link to do that sort of thing. Is there a way we could be allowed to rectify incorrect customer e-mail addresses? This has caused us many hours of customer service time.


  • brettbrett FoxyCart Team
    Hi Anais.
    The API can modify customer emails, but there's not currently any user-friendly interface in the admin to do this. What would be your ideal situation as far as this goes? We'd love to discuss ways to make your life easier and save you hours.
  • tookingstookings Member
    edited September 2009
    Well...decided to take a break and whip up a basic stand-alone foxycart customer editor. If it helps anyone, have at it...does allow you to edit the email address (or any other editable field) as long as you can find the record by ID or (good or bad) email address.

    Use at your own risk, and I would use the hosted copy with only non-production store information to test it out...although it will technically work on live data. FWIW, we could record your datafeed key...and this page is not secure. (We don't record anything, of course. But don't trust random people on the internet either!) Source code download link is on the page, and it should work in most PHP systems...includes a modified version of a helpful Curl class by Sean Huber.

    Should be pretty self explanatory. Gets your API info (stored in a session)...then searches the API by Customer ID and/or EMail...loads that customer data...lets you edit it...then save it...then it reloads the data for that customer as a check.

    Caveats: Could be easily modified to allow a customer to be added...but I didn't feel like hardcoding all the elements. Ignores multiship addresses entirely. It's very Web 1.0ish in style, with some hardcoded parts that shouldn't be.

    It's been a while since I've written code like this, much less outside of a strict OO style and without a framework like go easy on me. Also, the CSS is a mess, as I quickly just extracted bits from one of our sites... :)
  • brettbrett FoxyCart Team
    That's awesome! Thanks Tookings. Anais, let us know how it goes for you.

    Tookings, mind if we post this on our section?
  • tookingstookings Member
    edited September 2009
    Sure, be my guest. :)

    It was actually fun to write something that wasn't a cog in some giant project for a change, and it'll be handy for us anyway...was about move editing functionality in our portal to use the API instead of the update link. Was interesting to see what fields were editable too. (ie. Looks like you can't save the lastmodify or CC details -- as expected. :)

    A quick hack for anyone to make this usable as-is for a dedicated store would be to add hardcoded foxy data so you don't have to enter it every time...
    $_SESSION = 'your_token';
    $_SESSION = ';

    ...right after session_start(); at the top of foxyuseredit.php and then protecting wherever you put it with htaccess/htpasswd (or better). There are better ways to modify the code for that, but that is probably the easiest quickie if you don't know PHP. :) The page data in the include file is mostly standard HTML, in order to take out the warning, shameless plug, and such.
  • brettbrett FoxyCart Team
    (ie. Looks like you can't save the lastmodify or CC details -- as expected. :)

    We've actually discussed this quite a bit. Our thoughts are that it'd raise more security issues than it'd address, but we're always open to discussion.
  • Our thoughts are that it'd raise more security issues than it'd address, but we're always open to discussion.

    Well, that takes the guarantee of SSL secured transmission out of your possibly not a good thing. While the API session itself is obviously secure, the (possible) session between the customer and the clients script could be in cleartext, along with the client (possibly) storing the CC info they received.

    Maybe as an option linked to proof that foxycart's client is PCI compliant on their end -- same as required to access CC info in the foxy portal -- coupled with a unique token that wasn't the same as the datafeed token, in case you had to provide the datafeed token to other third parties/developers/scripts. That means at least, access wouldn't happen by accident to someone who didn't understand and take responsibility/liability for the access.

    Just thinking out loud. :) We like not having to worry about that part, although we are self-assessed as a matter of good practice.
  • brettbrett FoxyCart Team
    Yeah, that's actually where we landed, and there are definitely situations and larger or more complex merchants that have need of this info. We've actually been exploring these possibilities, but don't have all the legal issues sorted out yet. But thanks for your thoughts (as always). It's definitely helpful.
  • It would be nice if you'd post the code here or setup a txt file version at your site. Using wget/curl is not going to get us your php code - just what the php outputs.
  • lukeluke FoxyCart Team
    Tookings, would you mind adding that to our wiki as Brett suggested? That would be really helpful.

  • a9k, there is a link on page in the warning block called "download the PHP source" that will download a zip file of the 4 source files.

    a9k and luke, yes, thanks for the reminder. :) I'll update here once I've done that.
  • I've created on the's just a stub for the moment with links to the download/demo, but over the next few days, I'll try to build it out into somewhat of a helpful explanation and ideas for using the customer API beyond the simple demo.
  • brettbrett FoxyCart Team
    Thanks tookings. That's really, really awesome of you.
  • Anyone have a copy of tookings' work per chance? Or the username/pass for his http authentication?
  • fc_adamfc_adam FoxyCart Team
    I'm not sure if @tookings is still around - if @brett doesn't still have a copy, we'll see if we can reach out to him ourselves.
  • @fc_adam thanks. @brett, have a copy?

    Just checking back as this looks like it could save me a lot of time.
  • brettbrett FoxyCart Team
    I shot @tookings an email, and I'll update here as soon as I hear a response (if I get one). Sorry for the delay.
  • Howdy Brett.

    Looks like I was a little over-eager in protecting sub-directories in a recent server move. All the links and files on should be working again.

    Well, no promises that any of the old code actually still works....foxycart has evolved a lot since then -- but it is at least available. :P
  • fc_adamfc_adam FoxyCart Team
    @tookings - thanks!
  • @fc_adam - thanks for reaching out to him for me!

    @tookings - sweet. Managed to download the source. Had to take a change in direction though so can't test immediately. After I test would you mind if I saved it as a github gist for keepsake? Been doing that with other snippets (finally made a github account, pretty convenient) keeping author and pertinent links intact. I think the code should work or be close to it, I've been looking at differences from 7.x to 1.0 and a lot seems to be the same. but......never know til ya test, test, test.
  • tookingstookings Member
    edited September 2012
    @versatil ....sure, do whatever you like with it. Feel free to edit/point the wiki entry to whatever you make of it too. I'm not worried about attribution being preserved anywhere.
  • Does anyone have a mirror for source?
  • fc_adamfc_adam FoxyCart Team

    Unfortunately we don't have a copy of that code on our side. Could I confirm with you what you're wanting to do? We might be able to help provide some additional direction or any new options that we may have since 2012.
Sign In or Register to comment.