ShopSite Forums

[Scott Norman]

On 5/11/03 7:52 PM, in article BAE45A91.6340%scott@yourhost.com, "Scott
Norman" <scott@yourhost.com> wrote:

I've been learning Perl in use with the order.api and also the CALL tag in
ShopSite Templates. I've attached two Perl scripts for use with the CALL tag
that will get IP address and User Agent in Templates.

To use:
1. Perl needs to be running on the server
2. In the Perl files use may need to change the location of Perl depending
on the server setup.
3. Place file in shop-bin/ss/ or location that is setup for ShopSite cgi-bin
4. Make sure file has execute privileges
5. In template use command [-- CALL getIP.pl --] or [-- CALL getUserAgent.pl
--]

Scott Norman

On 5/7/03 2:47 PM, in article b9butg$no5$1@support.shopsite.com, "BruceM"
mckeag@cdrecorders.com> wrote:

Has anyone found a way to display the IP address that a customer is using
when placing an order. We would like to use this variable on our order
screen to help dissuade potential fraudulent orders.

The IPHOSTNAME variable is available in reports but not sure how to get it
to display on an order screen.

[Rob]

I've been learning Perl in use with the order.api and also the CALL tag in
ShopSite Templates. I've attached two Perl scripts for use with the CALL
tag
that will get IP address and User Agent in Templates.

This will not work for a store because the CALL tag is only run once when
the pages are published. It does not cause a dynamic call each time a page
is browsed on the net.

There are 3 solutions (that I can think of) to this problem:
1. ShopSite adds in a feature in a future version to display the IP when a
customer goes to the checkout page (probably the most clean).

2. You can use Javascript to detect and display an IP number, but this only
works if the customer is using a Netscape browser. You could use a separate
3rd party Javascript program that was mentioned a few posts above, but this
is not an elegant solution.
http://javascriptkit.com/script/cut35.shtml
http://javascriptkit.com/script/cut69.shtml

3. You can use an shtml page with an SSI call to get the IP number through a
script or by referencing the IP number environment variable. Problem with
this solution is it will only work on the catalog pages. It will *not* work
on the checkout page, as the checkout page is an already executed CGI
script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most circumstances to
have SSI tags parsed by the web browser.

Hope this helps clear things up.

Rob

"Scott Norman" <scott@yourhost.com> wrote in message
news:BAE45A91.6340%scott@yourhost.com...

I've been learning Perl in use with the order.api and also the CALL tag in
ShopSite Templates. I've attached two Perl scripts for use with the CALL
tag
that will get IP address and User Agent in Templates.

To use:
1. Perl needs to be running on the server
2. In the Perl files use may need to change the location of Perl depending
on the server setup.
3. Place file in shop-bin/ss/ or location that is setup for ShopSite
cgi-bin
4. Make sure file has execute privileges
5. In template use command [-- CALL getIP.pl --] or [-- CALL
getUserAgent.pl
--]

Scott Norman

[loren_d_c]

Rob,

Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use JavaScript
on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren


Rob wrote:

I've been learning Perl in use with the order.api and also the CALL tag in
ShopSite Templates. I've attached two Perl scripts for use with the CALL

tag

that will get IP address and User Agent in Templates.


This will not work for a store because the CALL tag is only run once when
the pages are published. It does not cause a dynamic call each time a page
is browsed on the net.

There are 3 solutions (that I can think of) to this problem:
1. ShopSite adds in a feature in a future version to display the IP when a
customer goes to the checkout page (probably the most clean).

2. You can use Javascript to detect and display an IP number, but this only
works if the customer is using a Netscape browser. You could use a separate
3rd party Javascript program that was mentioned a few posts above, but this
is not an elegant solution.
http://javascriptkit.com/script/cut35.shtml
http://javascriptkit.com/script/cut69.shtml

3. You can use an shtml page with an SSI call to get the IP number through a
script or by referencing the IP number environment variable. Problem with
this solution is it will only work on the catalog pages. It will *not* work
on the checkout page, as the checkout page is an already executed CGI
script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most circumstances to
have SSI tags parsed by the web browser.

Hope this helps clear things up.

Rob

"Scott Norman" <scott@yourhost.com> wrote in message
news:BAE45A91.6340%scott@yourhost.com...

I've been learning Perl in use with the order.api and also the CALL tag in
ShopSite Templates. I've attached two Perl scripts for use with the CALL

tag

that will get IP address and User Agent in Templates.

To use:
1. Perl needs to be running on the server
2. In the Perl files use may need to change the location of Perl depending
on the server setup.
3. Place file in shop-bin/ss/ or location that is setup for ShopSite

cgi-bin

4. Make sure file has execute privileges
5. In template use command [-- CALL getIP.pl --] or [-- CALL

getUserAgent.pl

--]

Scott Norman

[Rob]

Here are some webpages that tell you how to read and wrtie cookies using
Javascript:
http://www.js-examples.com/search/?op=2&q=28
http://www.js-examples.com/example/?ex=700
Combine this with a little SSI call for the IP address, and you could easily
put the IP number in any page or checkout screen using Javascript.

Rob

Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use JavaScript
on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren
3. You can use an shtml page with an SSI call to get the IP number
through a
script or by referencing the IP number environment variable. Problem
with
this solution is it will only work on the catalog pages. It will *not*
work
on the checkout page, as the checkout page is an already executed CGI
script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most circumstances
to
have SSI tags parsed by the web browser.

[Chris]

OK, I'll bite.

I've been following this thread with interest. Sure, it's a nice "Wow Check it
Out!" kind of technical trick, especially to the less tech-savvy shopper, and
perhaps a slight deterrent to the casual con. But, do you folks really think the
return is going to be worth all this effort?

I've actually resolved the host name on 2 orders after the fact to help track
down fraudulent orders. I was able to resolve to an ISP and even contacted them.
They indicated that the "could" match the IP to a specific customer, but
wouldn't release that information without a subpoena. Not wanting to take th
time and effort involved in that, we let it drop.

Just curious how people see this working as far as real deterrent to falsified
orders. Also, how accurate is it really?

Chris

MLCS

Rob wrote:

Here are some webpages that tell you how to read and wrtie cookies using
Javascript:
http://www.js-examples.com/search/?op=2&q=28
http://www.js-examples.com/example/?ex=700
Combine this with a little SSI call for the IP address, and you could easily
put the IP number in any page or checkout screen using Javascript.

Rob

Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use JavaScript
on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren
3. You can use an shtml page with an SSI call to get the IP number
through a
script or by referencing the IP number environment variable. Problem
with
this solution is it will only work on the catalog pages. It will *not*
work
on the checkout page, as the checkout page is an already executed CGI
script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most circumstances
to
have SSI tags parsed by the web browser.

[BruceM]

Chris,

I can attest to the fact that it acts as a deterent if a would be crook
thinks he is at risk of being caught. A few years ago we added the following
to our www site and the fraudulent orders dropped in half.

We do not tolerate credit card fraud, which is a felony. If it is determined
that an attempted order is fraudulent, we will report all information to the
FBI, at Internet Fraud Complaint Center (IFCC).

If we can prevent more fraudulent orders by adding the IP address then its
worth the effort because if a fraudulent order is placed we still have to go
through all of the effort we normally do for a legitimate order.




"Chris" <sawdust@mlcswoodworking.com> wrote in message
news:3EBFF4E4.A689B911@mlcswoodworking.com...

OK, I'll bite.

I've been following this thread with interest. Sure, it's a nice "Wow
Check it
Out!" kind of technical trick, especially to the less tech-savvy shopper,
and
perhaps a slight deterrent to the casual con. But, do you folks really
think the
return is going to be worth all this effort?

I've actually resolved the host name on 2 orders after the fact to help
track
down fraudulent orders. I was able to resolve to an ISP and even contacted
them.
They indicated that the "could" match the IP to a specific customer, but
wouldn't release that information without a subpoena. Not wanting to take
th
time and effort involved in that, we let it drop.

Just curious how people see this working as far as real deterrent to
falsified
orders. Also, how accurate is it really?

Chris

MLCS

Rob wrote:

Here are some webpages that tell you how to read and wrtie cookies using
Javascript:
http://www.js-examples.com/search/?op=2&q=28
http://www.js-examples.com/example/?ex=700
Combine this with a little SSI call for the IP address, and you could
easily
put the IP number in any page or checkout screen using Javascript.

Rob

Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use
JavaScript
on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren
3. You can use an shtml page with an SSI call to get the IP number
through a
script or by referencing the IP number environment variable. Problem
with
this solution is it will only work on the catalog pages. It will
*not*
work
on the checkout page, as the checkout page is an already executed
CGI
script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most
circumstances
to
have SSI tags parsed by the web browser.

[Jim Stavast]

How is it going to look to shoppers coming from AOL when there IP
changes everytime they add something to their cart? Most are probably
not aware that that is happening.

Jim

BruceM wrote:

Chris,

I can attest to the fact that it acts as a deterent if a would be crook
thinks he is at risk of being caught. A few years ago we added the following
to our www site and the fraudulent orders dropped in half.

We do not tolerate credit card fraud, which is a felony. If it is determined
that an attempted order is fraudulent, we will report all information to the
FBI, at Internet Fraud Complaint Center (IFCC).

If we can prevent more fraudulent orders by adding the IP address then its
worth the effort because if a fraudulent order is placed we still have to go
through all of the effort we normally do for a legitimate order.




"Chris" <sawdust@mlcswoodworking.com> wrote in message
news:3EBFF4E4.A689B911@mlcswoodworking.com...

OK, I'll bite.

I've been following this thread with interest. Sure, it's a nice "Wow

Check it

Out!" kind of technical trick, especially to the less tech-savvy shopper,

and

perhaps a slight deterrent to the casual con. But, do you folks really

think the

return is going to be worth all this effort?

I've actually resolved the host name on 2 orders after the fact to help

track

down fraudulent orders. I was able to resolve to an ISP and even contacted

them.

They indicated that the "could" match the IP to a specific customer, but
wouldn't release that information without a subpoena. Not wanting to take

th

time and effort involved in that, we let it drop.

Just curious how people see this working as far as real deterrent to

falsified

orders. Also, how accurate is it really?

Chris

MLCS

Rob wrote:


Here are some webpages that tell you how to read and wrtie cookies using
Javascript:
http://www.js-examples.com/search/?op=2&q=28
http://www.js-examples.com/example/?ex=700
Combine this with a little SSI call for the IP address, and you could

easily

put the IP number in any page or checkout screen using Javascript.

Rob


Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use

JavaScript

on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren

3. You can use an shtml page with an SSI call to get the IP number

through a

script or by referencing the IP number environment variable. Problem

with

this solution is it will only work on the catalog pages. It will

*not*

work

on the checkout page, as the checkout page is an already executed

CGI

script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most

circumstances

to

have SSI tags parsed by the web browser.

[Chris]

The AOL variable was my next question, since that is where the vast majority of
our orders originate. What DOES it look like for them?

Jim Stavast wrote:

How is it going to look to shoppers coming from AOL when there IP
changes everytime they add something to their cart? Most are probably
not aware that that is happening.

Jim

BruceM wrote:
Chris,

I can attest to the fact that it acts as a deterent if a would be crook
thinks he is at risk of being caught. A few years ago we added the following
to our www site and the fraudulent orders dropped in half.

We do not tolerate credit card fraud, which is a felony. If it is determined
that an attempted order is fraudulent, we will report all information to the
FBI, at Internet Fraud Complaint Center (IFCC).

If we can prevent more fraudulent orders by adding the IP address then its
worth the effort because if a fraudulent order is placed we still have to go
through all of the effort we normally do for a legitimate order.




"Chris" <sawdust@mlcswoodworking.com> wrote in message
news:3EBFF4E4.A689B911@mlcswoodworking.com...

OK, I'll bite.

I've been following this thread with interest. Sure, it's a nice "Wow

Check it

Out!" kind of technical trick, especially to the less tech-savvy shopper,

and

perhaps a slight deterrent to the casual con. But, do you folks really

think the

return is going to be worth all this effort?

I've actually resolved the host name on 2 orders after the fact to help

track

down fraudulent orders. I was able to resolve to an ISP and even contacted

them.

They indicated that the "could" match the IP to a specific customer, but
wouldn't release that information without a subpoena. Not wanting to take

th

time and effort involved in that, we let it drop.

Just curious how people see this working as far as real deterrent to

falsified

orders. Also, how accurate is it really?

Chris

MLCS

Rob wrote:


Here are some webpages that tell you how to read and wrtie cookies using
Javascript:
http://www.js-examples.com/search/?op=2&q=28
http://www.js-examples.com/example/?ex=700
Combine this with a little SSI call for the IP address, and you could

easily

put the IP number in any page or checkout screen using Javascript.

Rob


Your #3 might work best, and if you were to aet that IP in a cookie on
your shtml or your custom php or cgi page, then you could use

JavaScript

on the shopping cart to read the cookie (not sure how that is done in
JavaScript, but I have seen it done before).

-Loren

3. You can use an shtml page with an SSI call to get the IP number

through a

script or by referencing the IP number environment variable. Problem

with

this solution is it will only work on the catalog pages. It will

*not*

work

on the checkout page, as the checkout page is an already executed

CGI

script, so you cannot apply SSI tags to it in most cases.
http://javascriptkit.com/script/script2/displayip.shtml
You also have to name your page ending in .shtml in most

circumstances

to

have SSI tags parsed by the web browser.