PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Plugin Integration Question

Gravity Support Forums » Plugin Support » Gravity Forms

  1. tpman
    Member

    Hello,

    - Background -
    I have a few questions in regards to other plugin integration. I just purchased an ecommerce plugin called Cart66 (formally called PHPurchase) from http://www.cart66.com. One of their main selling points was their integration with Gravity Forms(GF) as a solution for complex product options configuration. Using their plugin, you build a form for your product your selling, then associate the new form when you add your product. You embed the new form on a post or page like any other GF. When the customer completes the form and adds the product to the shopping cart, a GF entry is submitted to the DB. If the customer completes the purchase, you now have an order with an associated GF entry that you can view. So far, everything is sweet.

    - Issue -
    The problem I discovered with their implementation is if the customer doesn't manually remove the item out of the cart and just abandons it you now have orphaned GF entries not associated to any order. When I communicated the issue with the cart plugin vendor, their response was they have no way of knowing if a customer just walked away from their computer or if they abandoned the cart. At this point, I'm thinking about transaction processing, session timeouts and cookies. But hey, what do I know. As well, they indicated that normally you view the order you receive from their admin orders page and you can click link(s) to view the associated GF entries for that order. Also, they will someday add a feature request for a CRON job to clean out these orphaned records.

    - Question -
    In an ideal world, the GF entries would not be submitted until the order is completed. Do any of the filters and hooks you have documented provide a mechanism that would allow them to implement such a solution?

    I am less concerned about the orphaned records then about the possiblity of an attacker becoming aware of the potential spam possibilities which I believe is a security hole in itself. I would hate to have my client report back to me they've had a MySQL denial of service attack stemming from this issue. At least with a contact form, you can add spam protection as well as being notified. There is no way I am setting up a captcha or sending out a notification for every "add to cart" entry to mitigate that possibility.

    Any thoughts on this matter would be very much appreciated.

    Thank you,
    Todd

    Posted 13 years ago on Friday March 18, 2011 | Permalink

  2. Carl Hancock
    Administrator

    I'm not familiar enough with the Cart66 integration to know how it works with Gravity Forms.

    Entries are created when a form is submitted. There is no delay mechanism, that is when the entry is created. So as far as this goes there are not any hooks to delay the entry being created.

    Their CRON job suggestion is probably a simple way to handle this because depending on how their shopping cart works it could indeed be difficult to tell a cart is abandoned or not.

    Posted 13 years ago on Friday March 18, 2011 | Permalink