Order online, bring your calculator...


  • Considered Harmful

    This is the first online order form I've seen that makes the user calculate their subtotal, tax, shipping, and total manually.  The user can take care of validation as well.

    They've also got a nice, consistent, black, white, red, green, blue, and purple color scheme, and random bold and italics.

    https://ec2.bestnet.net/esses/pomorder.htm

    "<FONT size=4>You have order from Esses Distributing Company</FONT><FONT size=2>"</FONT>



  • You know, the fact that I rarely stumble across things like this makes me think that either:

    A) I am wisely particular in the sites I visit, or

    B) I am too afraid to really examine the vastness of the web.

     

    I'd like to think that it's A, but even if it's B, examples like this make me think such a fear is justified.



  • <font color="#008000">Common Ordering errors that "Delay Order Processing"; Double check your order for these common errors:</font><font color="#ff0000">
    1) not enough or too many digits in credit card # and or expiration date;
    2) failure to include small order charge (applies to all orders under $100);
    3) listing incorrect s/h charge
    4) ordering sizes not offered in item/model description.
    5) listing an incorrect email address.
    </font>

    I can almost understand having an entirely manual ordering process (although there has to be some kind of automated catalog/checkout software you can use for stores like this).

    But having to calculate your shipping/tax/small order charge/total yourself? And not even validating the length of the credit card number or expiration date fields? There's no way in hell I'd ever order something from that site. I'd rather just call up the person who's going to manually process the order and deal with them directly than go though this thing.
     



  • Perhaps the worst part about this is that despite the site owners bragging about their form being secure, you just know this ends up getting emailed to someone for processing.



  • @hunter9000 said:

    <font color="#008000">Common Ordering errors that "Delay Order
    Processing"; Double check your order for these common errors:</font>
    <font color="#ff0000">

    1) not enough or too many digits in credit card # and or
    expiration date;

    2) failure to include small order charge (applies to all orders under
    $100);

    3) listing incorrect s/h charge

    4) ordering sizes not offered in item/model description.

    5) listing an incorrect email address.
    </font>

    I can almost understand having an entirely manual ordering process (although there has to be some kind of automated catalog/checkout software you can use for stores like this).

    But having to calculate your shipping/tax/small order charge/total yourself? And not even validating the length of the credit card number or expiration date fields? There's no way in hell I'd ever order something from that site. I'd rather just call up the person who's going to manually process the order and deal with them directly than go though this thing.
     

    I'm willing to bet that there's no processing done on this form at all -- the post goes to one of those scripts that just emails the form input out.

    ...Although, that doesn't excuse not doing any validation in javascript, at least.  I guess this is what you get when you farm work out the the lowest bidder.



  • The filename also looks a lot like 'pornorder'.

    Gee, it looks like this even on the page itself. Wanna some cheerleader pr0n, eh? 8=]



  • At the bottom:

        This is not a shopping cart order form; to avoid order processing delays, you must compute and enter the dollar amounts.

     

    oops :) 



  • I bet the guy who designed this telnets to port 25 to check his email.



  • SQL Injection, anybody?

     

    Microsoft OLE DB Provider for ODBC Drivers error '80040e14'


    [Microsoft][ODBC Microsoft Access Driver] Syntax error in FROM clause.

    /scripts/securedaccount.asp, line 104


  • <META content="Microsoft FrontPage 4.0" name=GENERATOR>
    [...]
    <p><input type="submit" value="Purchase/Submit Form">
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    <input type="reset" value="Reset Form"></p
    Any questions left? 


  • @operagost said:

    I bet the guy who designed this telnets to port 25 to check his email.

     

    More likely it gets e-mailed to somebody, who prints it out, puts it on a wooden table, takes a picture and then e-mails it to the distributor.



  • @Spectre said:

    The filename also looks a lot like 'pornorder'.

    Gee, it looks like this even on the page itself. Wanna some cheerleader pr0n, eh? 8=]

    <font color="#ff0000"> 4) ordering sizes not offered in item/model description.</font>

    I always want the correct size when ordering my porn.

    <font color="#ff0000">1) not enough or too many digits in credit card #</font>

    My credit card # is 47.

    It's one of the earlier ones! 



  • <font color="#008000"> Use this scroll box for ordering & any Special Instructions about your order. </font>

    A "scroll box"... Looks like a text area to me. I guess they are used to write in scrolls, which would explain why they aren't familiarized with this "internet" thing.



  • @operagost said:

    I bet the guy who designed this telnets to port 25 to check his email.

    Port 25 is SMTP.

    You could check mail by telnetting to port 110 (POP3).



  • Nice: <input type="hidden" value="sales@essesco.com" name="recipient"><input type="hidden" value="https://ec2.bestnet.net/esses/thanks.htm" name="redirect">

    The speculation in this thread is totally right. But at least the "action" is a https page!


Log in to reply