Quote system consists of
- multiple forms, handled by filled-in plugin
- affiliate tracking, handled by affiliate-tracking plugin
- data extraction and display, handled by dental-quote plugin and WordPress alone
Filled in stores all the data submitted through forms. Sequentiality of forms is managed by special extensions for filled-in. Confidential data, like Credit card number is pulled out from main filled-in storage (by other extension) and stored as cyphered text in other database.
Affiliate tracking is standalone plugin, which works without the whole quote system. Requires a defined PHP URL query variable with agent id to start the tracking of user. All users with this variable are than tagged with cookie and stored in database.
Forms are edited on normal WordPress pages also with help from dental-quote plugin, where multiple products can be defined.
Dental Quote System workflow
ID of post to redirect to when zipcode failed to pass: Insert ID of post which contains text that will inform some user that the area with inserted zipcode is not supported for online quote. You can get the ID of some post / page in post / page management pages, in first column of table displayed there.
ID of filled-in form for extraction of data: When making the data-purge, data is extracted from filled-in database and credit-card database. In order to receive the correct data from filled-in database, the ID of form handling the final quote page is required. Go to the filled-in management,
click on the correct form and now check the url of this last page.
the PHP query variable named edit holds the ID of this filled-in form. Insert this number to dental-quote management.
Leave data in database after purge for n days: Data purge stores all the data submitted into quote system into a csv file. Data should then be deleted from credit card database ( so the CCs are not stored on this server ). When this option ( n ) is greater then 0, the data will be left in CC database for n days, prior to deletion. When this option is 0, data is deleted immediately after purge.
E-mail to send purge notifications to: After each successful purge, notification e-mail is sent to these/this e-mail (semicolon separated) and to admin e-mail which is defined in basic WP options. If some error occurs, e-mail is sent only to admin e-mail
Path where to store CSV: Is path from domain directory ( it has to start with forward slash / and includes also the name of file ) to file where the data purge will be outputted. The name of the file can contain ”$time$” string, which will be replaced with current time stamp. The CSV file does not have to exist, when it does, it is over written.
Typing a non-existing name into Add new product name field and clicking on Add Product will add product into Products section. When some product exists you can edit it’s options by clicking on the edit icon next to product name on the left.
Here you can edit:
- Description – insert HTML text
- Prices of Adult (65-) – Price for each area for adult person of age less then 65.
- Prices of Adult (65+) – Price for each area for adult person of age 65 or more.
- Prices for each Child – Price for each area for one child.
Inserting a product into a WP page or post is done by inserting special tags into WP page content. These tags are then replaced for real text according to product options.
Available tags are
- [dental-quote Name of product] – outputs the radio button with name of product
- [dental-quote Name of product-price] – outputs calculated price for this product according to number of people and zipcode
- [dental-quote Name of product-description] – outputs the description of product
The price is tightly bounded to quote system, because it check how many children were inserted into first form, if the spouse or main applicant is over 65 or under and so on. This means that the price tag will not work correctly in all pages. The other tags will work anywhere.
Hidden data has no real functionality right now. Adding and editing does not alter anything in the quote system or outside.
When some error occurs during the purge, purge will not continue and the whole purge system will come to a halt, which means nothing will be deleted from DB and all attempts for new purge will fail. It is best to contact us when this happens. It is possible to reset the error here, which will allow next attempt for data purge. But if nothing is done, this next attempt will probably fail as well.
Each new user that visits the site with correct URL ( user comes from some agent ) which has the agent info in it is tagged with a cookie, where the ID of his entry in database is stored.
- Cookie expiration in days – the number of days for cookie expiration.
- Delete history after n days – the data about users that came from some agent are kept in database for n days. ( It is logical that n should be bigger than cookie expiration ) After the cookie expires this data is not relevant for the user any more, but can serve for statistical purposes.
- Affiliate URL key – this is the PHP URL query variable name, which is checked for any agent ID. It is very important to set this field and to create the URL for agents correctly. Whole affiliate tracking will not work without this, or with bad links.
- Text displayed on bottom – if any text is present in this field, it will be outputted into the footer of each page, if the user came through some agent.
You can add and configure new agents easily.
To add new type his ID into the field next to Add agent and click Add. If no agent with that ID is present, new agent will be added.
Editing is done in similar fashion. Click on the edit icon next to agent on the left.
Here you can change the
- ID – important in affiliate URL creation
- Name – just for informative purposes
- E-mails – Where confirmation when a sale is made will be sent
More on the affiliate URL link creation: Specified PHP URL query variable is needed for affiliate tracking to work. Some text about PHP URL query variables is located here: http://whn.vdhri.net/2005/10/how_to_use_the_query_string_in_php.html
So if the PHP URL query variable is set in options to ”agent”, there is some agent with ID ”CA_LA”, and the site is onelifedental.com, his URL link will look like http://onelifedental.com?agent=CA_LA , or if there is some page with this link http://onelifedental.com/privacy-policy , the affiliate link will look like this http://onelifedental.com/privacy-policy?agent=CA_LA .
Data is extracted by a cron command "nice -n20 /hsphere/shared/php5/bin/php-cli -q /hsphere/local/home/ancillarybenefit/data/purge.php". This PHP script that is executed by the cron starts the data purge by setting $_POST[‘data-purge’] and declaring $strPurge variables and including the page root. This tells WP and dental-quote plugin to start the purge execution.
Dental-quote looks at the last run of data-purge, which is stored in DB in wp_options table and takes all inquiries from that time till present from filled-in data table (wp_filled_in_data). This data is then matched to CC data from different database and exported into CSV file to specified folder. After successful extraction, CC are deleted from database. Filled in data is left on the server.
Hosting providers have automatical backup systems, which may store the CC information, so even when it’s deleted, it stays on the server. Cartika has keeps DB and File backup for 30 days.
For storing CC information AES 256 cipher is used. This cipher is executed in Cipher feedback (CFB) mode. Initialization vector is randomly generated and stored along with CC encrypted information. The key is generated first by reading contents of one HTML file and then using SHA 256 hash to create key of correct length. Using part of a file as key ensures that no dictionary attack can be used to break the cipher. Attacker would have to get to the file, which is not in web-space (it’s on the server but outside of the document root for website).