VM 2.0.2 revised order numbering

[Milbo]

I had exactly this case. I overtune it now a bit, assume you have a customer, he moved and lost his email account. But he has the invoice. With the order_number you can be quite sure he is not trying to betray. The most used way to hack is to use social engineering http://en.wikipedia.org/wiki/Social_engineering_(security). The bigger the store, the more likely. Additionally to that provides virtuemart an anonymous order tracking and with this technic all invoices and emails are generated. Having the loginname (order_number) is having the half of the password. For example, when you go in the BE and look for your pdf invoice, it just calls an url like:

http://myshop.com/index.php?option=com_virtuemart&view=invoice&layout=invoice&format=pdf&tmpl=component&order_number=bc7d04&order_pass=p_57f98

The order_number and the order_pass must fit, so the order_number is here like the loginname. Assume you have a bigger store,.. with 10k entries. Hackers know the numbers and can try over the time to hack it. Whatever they want with it, that is another question.

[Bruce Morgan]

Okay the first link was informative but i am not sure how it applies to what we are talking about.  Maybe you were trying to explain with the second link but I fail to see the security issue.  I do not collect bank information, Social Security numbers, or credit card information, so what exactly is the risk?  It sounds like a solution for a problem that simply does not exist.  Even if I am wrong about this you need to have a bertter solution or at least offe the option to use the old method with a security warning.

[markito]

It may be possible to create the technical link with a additional order_link_number instead the order_number and made the order number for the customer usability?

http://myshop.com/index.php?option=com_virtuemart&view=invoice&layout=invoice&format=pdf&tmpl=component&order_link_number=bc7d04&order_pass=p_57f98

That would be really great, I would not expect the customer such complicating number. Clear order numbers is a really basic user-friendliness issue.

[Milbo]

When I look in my invoices, then it depends, for example the microsoft store has a loong number. Not easy to spell at the phone. But my flight ticket for example has a short alphanumeric number. Easier then the microsoft one, even it is alphanumeric. It is also a matter of taste and store size. And as I said, it is also relativly easy to write a plugin creating own order_numbers and invoice_numbers. Additionally to that, you usually dont want to reveal to obvious to every customer how many orders you have already.

[Bruce Morgan]

Okay, I got the process to work.  I remigrated and the order numbers were retained.  The order id numbers did reset, so that after migration order number 2167 had order ID 2147.  It looks like the order id's were renumbered to fill gaps in the sequence.

It would be nice to be able to continue the established sequence going forward.  In response to Milbo's last post I really do not care if anyone knows how many orders i have, but I suppose others do.  Whay not just build in some options for numbering.  Perhaps a new shop could have the first order be "1001" by having a configuration definable starting number .

I like many other have become annoyed by the huge order numbers generated some the mega e-commerce retailers.  Same goes for the confirmation codes generated when making online payments.  Some of them were 20+ characters long.  A pain in the butt.

[Bruce Morgan]

I delted all VM tables and did a fresh migration with 2.0.4.  I also selected the option to retain the VM1.1 order numbers.  It seemed to go much smoother than the first time. 

I noticed two problems when I was finished.

1. A few orders were still missing after making the migration but there were many fewer missing orders than before.  I think my backup database that i migrated inlcuded orders upt to number 3598 but after mirating the highest order number was 3553 dating back to mid February.  This is tantalizingly close but I would like to migration to be complete when I move the live site.

2.  The sort function on the order ID works fine.  The sort function on the order number column give wacky results that are out of sequence.  For example the numbering on the increasing sort is 10, 100, 1000, 1001.  Reversing the sort order give different but also erroneous results.

Assuming these two things get fixed all I would need is a plug-in that would allow me to continue the existing (VM1.1 style) order number sequence (I would be happy to contribue $ for this).  I would also like to edit the most recent order_id so that it matched the order_number.  Hopefully, VM would increment  both number based on the highest number already in use. 

[reinhold]

I have now created such a plugin, which allows the shop owner to change format of the order number, order password and invoice number at will:
http://open-tools.net/virtuemart-2-extensions/40-vm2-ordernumber.html

The format is given as a text string, where [...] is understood as a variable and replaced by its value (e.g. [year] by the current year).

The running counter is indicated by #. The counter can be configured to be global (e.g. not reset each year/month/..) or a separate counter for each year/month/...

I hope you like the plugin and it does what you need.

[JanZet]

To start the ordernumber from a given number and create sequential order numbers I have changed these files:
administrator\components\com_virtuemart\helpers\config.php 
line 48: defined('VM_ORDER_OFFSET') or define('VM_ORDER_OFFSET',1000); to start with ordernumber 1000 and
administrator\components\com_virtuemart\models\orders.php
line 1143       //We can use that here, because the order_number is free to set, the invoice_number must often follow special rules
      $count = $db->loadResult();
      $data = $count + (int)VM_ORDER_OFFSET;
//       vmdebug('my db creating ordernumber VM_ORDER_OFFSET '.VM_ORDER_OFFSET.' $count '.$count, $this->_db);
//       $variable_fixed=sprintf("%06s",$num_rows);
//      $data = substr( md5( session_id().(string)time().(string)$uid )
//      ,0
//      ,$length
//      ).'0'.$count;

      return $data;
   }
In this case the first order will have number 1000 and the next 1001 and so on.
I hope you can use it

[kalozpepi]

To start the ordernumber from a given number and create sequential order numbers I have changed these files:
administrator\components\com_virtuemart\helpers\config.php 
line 48: defined('VM_ORDER_OFFSET') or define('VM_ORDER_OFFSET',1000); to start with ordernumber 1000 and
administrator\components\com_virtuemart\models\orders.php
line 1143       //We can use that here, because the order_number is free to set, the invoice_number must often follow special rules
      $count = $db->loadResult();
      $data = $count + (int)VM_ORDER_OFFSET;
//       vmdebug('my db creating ordernumber VM_ORDER_OFFSET '.VM_ORDER_OFFSET.' $count '.$count, $this->_db);
//       $variable_fixed=sprintf("%06s",$num_rows);
//      $data = substr( md5( session_id().(string)time().(string)$uid )
//      ,0
//      ,$length
//      ).'0'.$count;

      return $data;
   }
In this case the first order will have number 1000 and the next 1001 and so on.
I hope you can use it

OH THAT'S IT

Thank you