Tips
How to Speed Up Working in Admin.mv
I have just found a little trick that makes working in the admin module a little faster. Perhaps the old hands already know this
but for the newcomers, I thought it couldn't hurt to point it out. I am working in Netscape and couldn't tell you if there's something comparable in Explorer or not.
The thing that really bogs the interface down is having to
refresh that left-hand menu all the time (even when there's no *news* to put there!) but you can open that left-hand menu into a separate browser screen and work with it there. To do this, just right-click in the left-hand (menu)
frame and choose "Open Frame in a New Window" and the menu, all by itself, will open another browser window. Once there, that menu will not refresh at all. If you want to see it updated, you'll need to click on some menu
item that will change the menu (opening up or closing down options). If you leave the original menu in the frame closed down as far as it will go, it will not need to refresh, and you'll get your work done a lot more quickly.
Contributed by Linda Blanchard @ http://www.ccgs.com
Wild Card SSL Certificates
As most of you know the major ISP's offer Wild Card SSL Certificates for your use in your store and domain.
While researching buying my own Wild Card SSL Certificate I found out the following information and thought I would pass it on:
Can I request a wildcard cert? The URL for the above is: See Ya, Jeff Collins @
Certainly. Unlike some of our competitors, Thawte allows you to request a single certificate that can be used to
provide security for multiple hosts. Such a certificate has a CommonName like *.domain.com. When a client checks the host name in this certificate it uses a shell expansion procedure to see if it matches. In the example given, any
host ending in .domain.com will be acceptable.
A Thawte wildcard certificates will cost you $500US and allows you to implement SSL security for any number of hosts under the certified domain.
Please note, however,
that MSIE does not implement wildcard certificate name checking. Our own testing suggests that wildcards work with IE 4.0 and IE 5.0. Microsoft officially disapproves of wildcards, so we cannot guarantee that wildcarding will work
with any Microsoft product for any period of time. We suggest you test this prior to making your request.
When should I request a wildcard cert?
You should request a wildcard cert if you wish to secure a
number of sub domains, such as 'secure.foo.com', 'www.foo.com', and 'hellfire.foo.com'. You can do this with a wildcard certificate that looks like: '*.foo.com'.
Note: You should check your software documentation to make
sure your server supports wildcard certificates.
Do wildcard certificates work with all servers and browsers?
Wildcard certs work with (almost) all servers. We don't think WebSTAR/SSL
supports wildcards. We know for a fact that MS IIS does not properly support wildcard certs. There may be other servers that dislike wildcard certs. We can't be held responsible if your server refuses a wildcard cert. Be aware
that, officially, MS IE does not support wildcards, however, our testing suggests that MS IE does not show any warning messages when connecting to a wildcard certificate.
If someime in the future MS decides to longer support
Wild Card SSL Certificates, it could have a very severe impact on your business.
Vanishing Information in Admin Screens
I wanted to give you all an update on the problem of things
'vanishing' from the various tabs in the admin screens.
First some background.
When you are looking at one of those tabs you only see a
very small number of fields but in fact all the other field
values for all the tabs exist in the html code as hidden fields.
When you click on a tab you are not clicking a standard
hyper link to a url but rather calling javascript code that
submits a form back to the admin program. This submission
doesn't update the values of the fields in the databases but
does pass on the values of the fields so that they can be
added as hidden fields in the html code for the new tab.
This means that if you at any point click on the hyper link
for a tab while the screen hasn't fully loaded then the
values for the hidden fields that haven't loaded will not
be passed back to the admin thus will be null.
This is effectively the same as if you had deleted the field
contents for those fields before clicking the new tab.
If you then do an update those null values will be added to
the database updating the once populated fields with nothing.
If at any point while clicking on tabs you press the reset
button before you have pressed the update button then the
program is called an the values are reloaded from the database.
We have done extensive testing on this and everything we
have found shows us that the only verified 'vanishing' of
values is happening under the circumstances above.
If someone still thinks after reading and testing this that
they have some other sort of problem that is causing field
contents to be lost please contact us by either sending
email directly to both emily@miva.com and jeff@miva.com. or
by calling us at 858-490-2570 and choose the support option.
Submitted by Jeff Hubber @ Miva Corp
Web Site Security Certificates
Store owners have two options with regard to site certificates. Use the certificate of the server the site is hosted on or
purchase and use their own certificate. If they purchase and install their own certificate, then they will be able to use a URL like :
https://www.yourdomain.com/something.html
.No pop-up screen will appear questioning the validity of the certificate. The pop-up screen is not a Miva issue.
This URL format will not work if you do not have your own certificate since no secure server with that name
has been registered.
If you decide to use the host's certificate, the secure site URL will be of
the form:
https://ssl.your host.com/~yourusername/something.html . In this case, a
pop-up screen may appear. Whether or not it appears depends on the setting in
the user's browser.
Typically, Netscape and Internet Explorer come with default settings that may warn the user when he/she is about to enter or leave a secure site, warn if the certificate is invalid etc. The user has the
option in each browser of disabling these warnings. Where you are not using your own certificate, the warning appears because your site name does not match the name on the certificate. It is then for the shopper to decide how to
proceed from there on. Once a site is secure, the URL will change from " http:// " to "https://" If that additional "s" is there, the transmission of information between the customer and the store was
encrypted.
Having your own certificate does not in any way increase the security of information transfer between the customer and the site nor do you need to upgrade your site in any way to receive a certificate. There is
the cost of purchasing and maintaining the certificate and the fee your host may charge to install it. All certificates expire after a period of about 5 to 10 years.
The certificate is supposed to guarantee that:
* The transmission between the two parties is encrypted.
* The site that uses the certificate is who they say they are.
The pop-up screen occurs because if you are using the certificate of the
host server, your site name is not listed on that certificate so there is no
verification that the information is going to your site. The browser is just
comparing the information encrypted in the certificate with the
location on the server it is being directed to.
Ultimately, real security is not guaranteed even if you have your own
certificate. The information is only as secure as the integrity of the
authority issuing the certificate and the site that uses the information.
Some certificate issuing authorities are more respected than others and a site run by a rogue will not provide security.
You can also get a pop-up
screen right now even if your site has its own certificate, if your customer is using an older browser...Netscape 4.05 and older or IE for Mac 4.5 or older. Your browser lists a number of certificate issuing organizations from whom
it will accept certificates. This list can be edited by the user. Certificates from Verisign that are stored in the browsers mentioned above expired on Dec 31, 1999. Users of these old browsers will see a dialogue box or an
"expired certificate" warning when entering secure sites. They may still be able to continue with a secure purchase depending on the browser by pressing "Continue". The solution is for users to upgrade their
browsers.
Submitted by M. Seaforth
http://innovationhouse.com
Question: How can I rapidly make Thumbnails without having to do them one at a time?
Answer: You can use a program like My Thumbnails Pro to create thumbnails. It's shareware and can be downloaded from ZDnet. It's at:
http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles/info.html?fcode=0011 ZW
Answered by Lisa Hutchins
Check List for Testing Miva Merchant Store
Just one: 572 test transactions through (at least) two different browsers on (at least) two different machines. (smile)
there really doesn't seem to be a formal list anywhere Andy. But some primary stuff to verify before going live would be: (others are encouraged to chime in!)
1. Verify all navigation graphics display properly, in both
secure and non-secure modes. This is an easy way to verify that your secure paths are set right. In theory (and depending on how your SSL cert is setup) you should be able to interchangeably use "http://" and
"https://" on your site, at minimum throughout the invoice process.
2. Verify that your shipping calculator works. Test it against 'real' shipments to verify the accuracy. This is real easy if you are using the UPS
Online module. Create a transaction and see what Merchant calculates for shipping, then goto the UPS web site and enter the exact same info there. The totals should match or something is puking.
3. Hand-walk through your entire product list and verify (twice):
- thumbnail is there
- image is there
- weight is correct
- retail price is accurate
- attributes are offered (where applied)
- descriptions exist for each product
4. Verify your HTML. Get someone with a WebTV account to submit orders. Use an ->old<- copy of Netscrape and an ->old<- version of IE to surf the site. Fix what you can,
anticipate explaining to the user what you cannot control. Save a few pages to disk and use a personal HTML validator on them. See if anything terrifying is found.
5. Run at least 20 invoices yourself (you can NOT do too
many!). Act as absolutely stupid as you can. Image it is the first time you have surfed the net and it is the first time you have spent money on-line. Never assume "they'll know what to do".
6. Use test numbers to
verify your credit card approval system works. People bail a site fastest when they have problems paying!
7. Make POSITIVE your email services work, and take the extra time to be sure that the message sent to your user is
concise and to the point; and gives them a way to re-contact you. It is very unsatisfying to spend money on the web and get a small "thanks. we will ship your order soon." message and a terse invoice. Remember that your
email invoice is the only lasting physical thing your shopper will have top remember the order!
8. Spend time on your Thank You message. Make sure it properly reflects how important their business is to you. Always make
their order number as prominent as you can, and remind them to print the thank you message "for an additional record of their order". Be sure to include a contact email address in the message, and in the email message
they receive.
9. Do not assume you can control the invoice numbering process. Prepare yourself to receive non-consecutive order numbers and not freak out that you 'lost orders'. If you system works, you WILL get the order.
Missing orders are extremely rare and should/will not happen.
10. Train yourself (i.e. create the habit) to immediately batch process and remove orders from your web site ASAP. Remember that as long as your customer's
payment information remains in Merchant it remains "publicly available". The extent of your risk is proportionate to how long you leave their private information on a public web server. Be paranoid and you will never face
having to make the dreaded message or phone call saying "we are sorry to report that your credit card number was stolen from our web site." Merchant is not an accounting system; do not treat it that way! If it bothers you
to realize that your customers' order sat on your web site for more than a few hours, you are doing the right thing (smile).
11. Never sell what you can't ship within 24 (business) hours.
Answred by Jonathan Wray @ Miva Masochists Guild
http://driftwood.net/mmg/
Credit Card Fraud Reporting
http://www.munica.com/frauddetector/
This is a database for reporting fraudulent incidents.
Question: How can I be sure Frontpage 2000 will generate pages viewable in all browsers?
Answer: In Frontpage 2000 there is a feature that lets you say what browser
compatability you would like
your pages set at. Go tp Tools => Page Options => Compatability.
This feature will not allow MS-Specific features if they are not comapatable with the browsers you select.
Answered by Deborah Currie
Question: How can I compare text files?
Answer: There's a nice shareware app called TextPad that will compare files.
www.textpad.com
Answered by Daryl
What is Merchant Order?
There is a demo at:
http://www.miva.com/products/demo/Order/order.mv
I've evaluated order a while back and my impression is that it is
Merchant
- minus categories.. All products show on one screen
- minus attributes. The only thing entered is quantity
- includes all the cc card, shipping modules etc like Merchant
- does not support customization to the same extent ( and this is to the best
of my knowlege ) in that I don't think you can add system extension. You
CAN do a little bit of playing around by including html in the header and
footer though.
Basically its a great product if you have a site explaining all your products in detail and then an "Order Page"
which does all the final sales work. I have a client who I am going to use it for as her products are very complex to explain, requiring a few pages each, then if someone wants it they go to the order page.
Answered by Keith
How to Edit files in Access
Actually, you can edit your files in Access, I do it all the time using
Access 2000 (which is the most reluctant of the bunch).
MS stopped including 'native' support for dbf files with Access 2k.
That caused these problems:
1. Access would not 'see' the files when you tried to browse to them
to import/link them. However, if you typed in the long filename, it
worked.
2. You couldn't write data to linked files.
3. If you imported, then exported, your filenames went to 8.3
uppercase format.
Here's what MS has to say about it:
http://support.microsoft.com/support/kb/articles/Q230/1/25.ASP?LN=E N-US&SD=gn&FR=0
To correct that, you need the Borland Database Engine
which used to be
free, and is included with some apps, but now costs about $10.
BDE Info:
http://www.borland.com/bde/
That will let you 'see' the files, and write to them, but leaves you
with a new problem:
If you import a dbf file, then export it, Access mangles your NUMBER
fields by converting them to FLOAT (?,5). Which thoroughly screws up
most miva db's. To get around this, link the files, do NOT import them.
If you are using Access 97, or earlier, you should still link the files
instead of importing them, and you won't have any of the other problems.
Here are the steps:
MAKE A BACKUP! (see notes below)
Download
Link in Access
Make your changes
Upload
Pack store
You don't need to download the index files as Access neither knows, nor
cares, about them. You do want to include them in your backup as they
will be changed during the pack. If something goes wrong, they will be
wrong.
If you plan to delete products, you should also delete them in any of
the associated tables.
Here are the files:
Files needed to Add/Edit products:
products.dbf (products)
products.dbt (memo field for prod desc)
Index files (for backup):
prd_*.mvx
Extra files needed to Delete products:
agpxprod.dbf (availability group products) 2.x Only!
attr.dbf (attributes)
attr.dbt (memo field for attr prompt)
catxprod.dbf (products assigned to categories)
opts.dbf (options)
opts.dbt (memo field for opt prompt)
pgpxprod.dbf (price group products) 2.x Only!
upsell.dbf (upsell)
upslprod.dbf (upsell products)
Index files (for backup):
agxp_*.mvx 2.x Only!
atr_*.mvx
cxp_*.mvx
opt_*.mvx
pgxp_*.mvx 2.x Only!
us_*.mvx
usp_*.mvx
That should just about cover it <G>. If anyone sees anything
wrong/missing here, please post it.
Bill Guindon billg@simiansites.com
How to upgrade Merchant and Change Servers
Upgrade on the new server to Version 2.24 first and then follow the below instructions...
How to move an existing Miva Merchant Store to a new server.
The concept is simple, just copy your directories to the exact locations on
the new server. Here's How.
1. First, you will want to run the setup.mv
file on the new domain and make sure that you have a fresh store that works. This means that you will need to have a good working SCRIPT directory and a good working DATA directory. You do not have to build an entire
storefront, but rather just have a fresh store created with no products or categories.
2. Get an ftp program. Best that you contact your Host and find out what ftp program they recommend. This allows you to copy files to
and from a website.
3. Get your ftp login information for the old site and the new site. Again,
you need to contact your host to get that information. Log onto your website with the FTP program.
4. Copy the Merchant script directory (usually named either Merchant or
Merchant2) to a location on your computer.
5. Copy the your data directory (usually named htsdata or mivadata) to your computer hard drive.
***These are now also a backup copy of your site in case something
happens.***
6. Log onto the new website with the ftp program.
7. Copy the Merchant or Merchant2 script directory to your new site.
***NOTE: It MUST be in the same location on your new
site that it was in the old site.***
8. Copy the contents of your old data directory to your new sites data
directory (usually named htsdata or mivadata).
***NOTE: It MUST be in the same location on your new site that it was in the old site.***
9. Log into your new site's admin.mv and change the Secure Server
Information in domain/mall settings to match your new secure
server information.
10.Change your email address and server under domain/mall settings and Edit Store/Owner.
Thats it...
Provided by Jeremy @ Miva Corp.
How to edit data files to recover from dupe orders
Welcome to your first order duplicate. It's actually a symptom of corrupt And finally, do the same with your payment module, such as Mod10 -- figure out which payment entry goes with which
order, and update. Depending on which other 3rd Party Modules you're using, it's also possible that there will be other databases which key off from the Order ID, and may need to be updated. Once you've done all these changes, you
upload the files back to the server, and pack data files. If it goes well, you can open your store back up.
data, and needs to be repaired, although luckily that can be done without
loss of information or other problems in almost every case. These duplicates are mostly a result of the nature of web applications, which allow concurrent
database operations. Miva's Empresa engine is supposed to regulate the database accesses, to keep two instances (i.e, two users) from accessing the same database record at the same exact time, but occasionally glitches do occur and
can lead to this data corruption.
As usual, our Priority Support team can handle repairing these problems
quickly, easily, and safely. To have it taken care of right away, simply go
to http://priority.starbase21.com/
and purchase a Duplicate Removal product,
and then fill out an incident report for it (instructions are at the website, and in your e-mail confirmation). This will alert our technicians immediately and they can begin the
repairs for you.
That being said -- with the proper tools and knowledge, you can of course
attempt this yourself, but I must say you do so at your own risk -- and make
SURE you make full backups!
You'll need an appropriate database editor that works with xBase files
(dBASE-III compatible). For example, recent versions of Lotus Approach have this capability. You should close your store down while doing this, as
you'll be changing the database files and need to know they aren't changing
on the server at the same time. You'll need to download many files, depending on where the duplicates occur. For an Orders dupe, you usually
need to
download (and backup as well) the orders.* , orditems.*, ordopts.*, ordrchrg.*, storekey.*, orphans.*, and -- if using the Mod10 payment module, for example, the mod10ord.* in the /mod10/ subdirectory.
The trickiest part is
that all these files are related. You find the duplicate entries in the Orders table, and then you need to give one of the dupes a new (unique) ID. Pick something higher than the highest entry in the Orders table. Then you need to
find the Orders entry in the StoreKey database, and make sure THAT number is higher than the new ID you just assigned. You should also open the Orphans database and make sure that no entries in there collide with existing Order
ID's -- including the one you just reassigned (it's safe and easiest to just go ahead and clear the entire Orphans database out). Now you need to resolve the OrderItems -- which are
based on the Order ID. Find all entries in
there that match the old duplicated Order ID, figure out which ones go with which order, and change the Order ID to the newly assigned one for the appropriate products. Do the same thing with the OrderCharges -- figure out which
tax & shipping etc. entries go with which order, and reassign the new order ID as appropriate.
Obviously this isn't a simple procedure, and there is a lot of room for error, and further corruption. That is why we
offer our services to our customers -- having a trained technician who is knowledgeable about all of these database relations, as well as potential 3rd Party databases, and has worked in thousands of stores, can make a big
difference.
I wish I could make the problem go away, but as I said, it's just an occasional glitch caused by various reasons, and it does happen on out-of-the-box Merchant installs without any other modules. I hope I've
given you enough information to help you better understand the problem, and either fix it yourself or decide to have a trained technician fix it.
Phew! Thanks...
STARBASE-21 -- http://miva.starbase21.com/
Oversized Items Shipping Primer
I've received a number of messages asking for info on oversize item
shipping, so I thought I'd go ahead and post this (for what it's worth).
An oversize item, according to any carrier (UPS, FedEx, or USPS) is an
item with a combined length and girth of greater than 84 inches. Length
is the length of the longest edge. Girth is two times the width plus two
times the height (basically the distance completely around the package).
So, for example, a package that is 35 x 20 x 5 is oversize, while a
package that is 50 x 8 x 8 is not.
Typically there are two categories of oversize (pkg = length + girth):
OS1: 84" < pkg <= 108"
OS2: 108" < pkg <= 130"
If you have an item over 130" in length + girth, then you should
probably consider not shipping it.
Now the tricky part is that oversize item rates are calculated
differently for Ground than they are for Air by all of the carriers! As
a matter of fact, the OS1 and OS2 classifications don't even apply for
Air - they use something called dimensional weight, which I am not even
going to discuss. Also, I will stick to UPS here. FedEx is almost
exactly the same, but there may be some minor differences. USPS seems to
be quite a bit different, for example Priority Mail charges a 15 lb rate
for OS1 but doesn't allow OS2.
So, for UPS Ground:
Any OS1 package that is less than 30 lbs. will be charged the 30 lb
billable rate to ship UPS ground.
Any OS2 package that is less than 70 lbs. will be charged the 70 lb
billable rate to ship UPS ground.
Also, if the package is greater than 60 inches in length, another $5.00
is added (regardless of other dimensions or destination).
As you can see, if you wish for the standard UPS calculator to correctly
calculate ground shipping for an oversize item, all you need to do is
assign a Miva shipping weight of 30 or 70 lbs to the item, depending on
its dimensions (when packaged). If it's over 60 inches in length, add
$5.00 to the price of the product to cover the charge. Also, if you do
use a shipping weight of 30 or 70 lbs., make sure you include a note on
the product description with the actual weight of the item, so people
aren't scared off by the heaviness of it.
Now as I said, this will give you correct ground rates, but most likely
the 2-day and express rates will be way too high, because they use a
calculation called dimensional weight to figure weight for Air items.
Another way to do this if you are NOT using the UPS calculator is to add
an oversize item charge based on the shipping destination. I did this on
my oversize items with an attribute containing one option for each of
the 50 states. Each state falls into one of 4 zones and the charge is
different for each of those zones. This actually works fairly well to
give an adequate shipping price for UPS/FedEx Ground and USPS
Priority/Express.
More info:
UPS how to measure size:
http://ups.com/using/services/packaging/wtsize-guide.html
<http://ups.com/using/services/packaging/wtsize-guide.html>
UPS oversize information (for Ground):
http://www.ups.com/using/services/packaging/oversize-guide.html
<
http://www.ups.com/using/services/packaging/oversize-guide.html>
UPS dimensional weight (for Air):
http://ups.com/using/services/packaging/dimwt-guide.html
<
http://ups.com/using/services/packaging/dimwt-guide.html>
UPS rate calculator:
http://wwwapps.ups.com/servlet/QCCServlet
<http://wwwapps.ups.com/servlet/QCCServlet>
FedEx oversize info (for Ground):
http://www.fedex.com/us/services/documents/groundcodeus.html
<http://www.fedex.com/us/services/documents/groundcodeus.html>
FedEx dimensional weight (for Air):
http://www.fedex.com/us/services/termsandconditions/ground/us/weight.ht m
l
<http://www.fedex.com/us/services/termsandconditions/ground/us/weight. ht
ml>
FedEx rate calculator:
http://rate.dmz.fedex.com/servlet/RateFinderServlet?orig_country=US
<http://rate.dmz.fedex.com/servlet/RateFinderServlet?orig_country=US&l an
guage=english> &language=english
<http://ups.com/using/services/packaging/dimwt-guide.html>
USPS oversize definitions and rate calculator:
http://postcalc.usps.gov/ <http://postcalc.usps.gov/>
USPS rate definitions (with oversize info):
http://new.usps.com/cgi-bin/uspsbv/scripts/content.jsp?B=Mail_or_Ship
<http://new.usps.com/cgi-bin/uspsbv/scripts/content.jsp?B=Mail_or_Ship &D
=9743#priority> &D=9743#priority
Hope this helps,
Provided by Jeremy Goodall
Zero Dollar forced Checkout Screens
Recently, someone listed a problem with merchant handling orders which total
$0.00. Here's the patch to fix it.
In the function:
"Action_AuthorizePayment" in the merchant.mv file, you will
need to add the following lines of code, Just BEFORE the final </MvIF>:
<MvCOMMENT>**** ALLOWS ZERO DOLLAR ORDERS -- START OF ADDED CODE
****</MvCOMMENT>
<MvIF EXPR = "{ l.ok AND ( l.total EQ 0 ) }">
<MvDO FILE = "{ g.Library_DB }" NAME = "l.ok" VALUE = "{
BasketList_FindSession( g.Session_ID ) }">
<MvIF EXPR = "{ l.ok }">
<MvDO FILE = "{ g.Library_DB }" NAME = "l.order_id" VALUE =
"{ Order_Create_From_Basket( g.Session_ID, l.total ) }">
<MvIF EXPR = "{ l.order_id }">
<MvDO FILE = "{ g.Library_DB }" NAME = "l.found"
VALUE = "{ StoreModule_FindFirst_Type( 'FULFILLMENT' ) }">
<MvWHILE EXPR = "{ l.found }">
<MvDO FILE = "{ Modules.d.module }" NAME =
"l.ok" VALUE = "{ FulfillmentModule_ProcessOrder() }">
<MvDO FILE = "{ g.Library_DB }" NAME =
"l.found" VALUE = "{ StoreModule_FindNext_Type( 'FULFILLMENT' ) }">
</MvWHILE>
</MvIF>
</MvIF>
</MvIF>
<MvCOMMENT>**** ALLOWS ZERO DOLLAR ORDERS -- END OF ADDED CODE
****</MvCOMMENT>
Hope this helps.
Provided by Darren Ehlers @ STARBASE-21