Delayed billing

What version of the module did support them, and what code did you borrow?

The D5 version was provided as-is, based on the best version I could find when I started working on the D6 version. Really anything could be possible in that branch.

I don't think it makes sense to fork off a different module. If you're going to go through the trouble, please just provide a patch instead and I'll review it.

* Good: very little code is altered; the patch is largely additive
* Minor: the comment messages do not use valid xhtml (b tag, etc.)
* Minor: _uc_payflowpro_submit_nvp duplicates a lot of existing code
* Minor: Also some other code that should be combined instead of duplicated for order comment saving, etc. but not as important.
* Major: CURL usage is vulnerable to a man in the middle attack. See function _uc_payflowpro_submit_xml for details. This is related to the code duplication in _uc_payflowpro_submit_nvp

It needs some work before I can safely put it into a release. However, your patch should work well enough for anyone who needs to functionality right now. Thanks.

For this patch, are you referring to the setting in Configuration > Payment Settings > Payment Gateway: "Authorize and capture immediately"?

I would assume that is what you are looking at, and are looking for "Authorization only" setting instead, so you can screen the transaction for fraud before capturing it? If so, this is something I am looking for too, and was wondering what the status of the patch is.

In my current site (coldfusion), we authorize $0.01 and then set the 1st recurring billing out 3 days, so we have time to screen the accounts before they are charged. Credit card companies are brutal about chargebacks, even if it has been refunded, and we found this solved majority of our chargeback issues.

Kwinters: I am currently using/testing the 6.x.2 branch of the module, will this patch work with that branch?

Thanks guys, keep up the great work :)

The basic idea of this patch is to add authorize only. The patch itself is usable (carefully), but not ready for official distribution.

The 2.x version is pretty different, so I doubt the patch will apply cleanly. However, if you have a reasonable understanding of PHP you should be able to figure it out based on the patch contents.

However, if you're using recurring, the 2.x branch is very much not ready for use (it's experimental and I haven't had a lot of time to spend on it, which is why it has no official release). Using the 1.x branch instead would be better.

The patch attached to the issue below should also be reviewed along side of any patches attached to this issue as they will most likely affect each other.

#1012348: Replace custom payment_action variable with built-in Ubercart transaction type

Cheers,

Antoine