Index: openacs-4/packages/ecommerce/ecommerce.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/ecommerce.info,v
diff -u -N -r1.43 -r1.44
--- openacs-4/packages/ecommerce/ecommerce.info	28 Aug 2008 21:56:30 -0000	1.43
+++ openacs-4/packages/ecommerce/ecommerce.info	4 Sep 2008 12:24:05 -0000	1.44
@@ -7,17 +7,17 @@
     <initial-install-p>f</initial-install-p>
     <singleton-p>t</singleton-p>
     
-    <version name="5.11" url="http://openacs.org/repository/download/apm/ecommerce-5.11.apm">
+    <version name="5.12" url="http://openacs.org/repository/download/apm/ecommerce-5.12.apm">
         <owner url="mailto:janine@furfly.net">Janine Sisk</owner>
         <owner url="mailto:bart.teeuwisse@7-sisters.com">Bart Teeuwisse</owner>
         <owner url="mailto:alfred@thunderstick.com">Alfred Werner</owner>
         <summary>The ACS 3.x based e-commerce solution ported to OpenACS.</summary>
         <release-date>2005-02-10</release-date>
         <vendor url="http://www.furfly.net">furfly.net, LLC</vendor>
-        <description format="text/plain">This module implements all that IT needs for a standard business-to-consumer Web service. You can find a feature summary in the documentaion.</description>
+        <description format="text/plain">This module implements a standard business-to-consumer Web store service. A feature summary is included with the documentaion.</description>
         <maturity>0</maturity>
 
-        <provides url="ecommerce" version="5.11"/>
+        <provides url="ecommerce" version="5.12"/>
         <requires url="acs-datetime" version="4.0"/>
         <requires url="acs-kernel" version="5.0"/>
         <requires url="ref-countries" version="0.1d"/>
@@ -58,6 +58,8 @@
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="OfferTaxExemptStatusP"  default="0" description="Should we ask people if their organization is tax exempt?" section_name="associated charges"/>
             <parameter datatype="string"  min_n_values="1"  max_n_values="1"  name="PaymentGateway"  description="The package-key of the payment  gateway to use. Leave empty if you don't want to use a gateway." section_name="payment information"/>
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="PaymentRetryPeriod"  default="8" description="The time in hours that temporarily failed transactions should be repeated for. Transactions that do not receive a definitive answer from the gateway with this period fail at the end of the period." section_name="payment information"/>
+            <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="PaymentCardCodeAsk"  default="0" description="Default is 0. Set to 1 to display credit card CVV2/CVC2/CID code field along with credit card number etc. This is for accepting payments with the extra 3 or 4 digits on the card." section_name="payment information"/>
+            <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="PaymentCardCodeRequired"  default="0" description="Default is 0. Set to 1 to require a credit card's CVV2/CVC2/CID code to validate as a part of authorization and card processing." section_name="payment information"/>
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="PickupP"  default="0" description="Can orders be picked up from your location by customers?" section_name="shipping"/>
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="ProductCommentsAllowP"  default="1" description="whether to allow user comments on products" section_name="display"/>
             <parameter datatype="number"  min_n_values="1"  max_n_values="1"  name="ProductCommentsNeedApprovalP"  default="1" description="whether user comments on products (if allowed) need approval before becoming live" section_name="display"/>
Index: openacs-4/packages/ecommerce/tcl/ecommerce-credit-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/tcl/ecommerce-credit-procs.tcl,v
diff -u -N -r1.11 -r1.12
--- openacs-4/packages/ecommerce/tcl/ecommerce-credit-procs.tcl	9 Aug 2008 12:23:49 -0000	1.11
+++ openacs-4/packages/ecommerce/tcl/ecommerce-credit-procs.tcl	4 Sep 2008 12:24:06 -0000	1.12
@@ -13,10 +13,12 @@
 ad_proc -public ec_creditcard_authorization { 
     order_id 
     {transaction_id ""} 
+    {card_code ""}
 } { 
 
     Authorizes the credit card for use with an order. Gets info it
-    needs from database.  Connects to the payment gateway to
+    needs from database. Card_code does comes from mem to avoid storing in db.
+    Connects to the payment gateway to
     authorize card. Outputs one of the following strings,
     corresponding to the level of authorization:
 
@@ -121,6 +123,11 @@
 
     set card_type [ec_pretty_creditcard_type $creditcard_type]
     ns_log Notice "ec_creditcard_authorization card_type ${card_type} from ${creditcard_type}"
+
+    # card_code cvv2/cvc2/cid is not stored in the db
+    # if needed, is passed into proc
+   
+
     # Connect to the payment gateway to authorize the transaction.
 
     array set response [acs_sc_call "PaymentGateway" "Authorize" \
@@ -130,6 +137,7 @@
 			   $card_number \
 			   $card_exp_month \
 			   $card_exp_year \
+               $card_code \
 			   $card_name \
 			   $billing_address \
 			   $billing_city \
@@ -158,7 +166,7 @@
 	"not_implemented" {
 	    
 	    # The payment gateway rejected to authorize the
-	    # transaction. Or is not cable of authorizing
+	    # transaction. Or is not capable of authorizing
 	    # transactions.
 	    
 	    set outcome(response_code) "failed_authorization"
@@ -206,6 +214,7 @@
 
 ad_proc -public ec_creditcard_marking { 
     transaction_id 
+    {card_code ""}
 } { 
 
     Connect to the payment gateway to charge a previously authorized
@@ -299,6 +308,9 @@
 
     set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card_code cvv2/cvc2/cid is not stored in the db
+    # if needed, needs to be passed in to proc
+
     # Connect to the payment gateway to authorize the transaction.
 
     array set response [acs_sc_call "PaymentGateway" "ChargeCard" \
@@ -308,6 +320,7 @@
 			   $card_number \
 			   $card_exp_month \
 			   $card_exp_year \
+               $card_code \
 			   $card_name \
 			   $billing_address \
 			   $billing_city \
@@ -376,6 +389,7 @@
 
 ad_proc -public ec_creditcard_return { 
     transaction_id 
+    {card_code ""}
 } { 
 
     Refunds a transaction back to the credit card used for that
@@ -465,6 +479,9 @@
 
     set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card_code cvv2/cvc2/cid is not stored in the db
+    # if needed, must be passed into proc
+
     # Connect to the payment gateway to authorize the transaction.
 
     array set response [acs_sc_call "PaymentGateway" "Return" \
@@ -474,6 +491,7 @@
 			   $card_number \
 			   $card_exp_month \
 			   $card_exp_year \
+               $card_code \
 			   $card_name \
 			   $billing_address \
 			   $billing_city \
@@ -547,6 +565,7 @@
 ad_proc -public ec_creditcard_precheck { 
     creditcard_number 
     creditcard_type 
+    {creditcard_code ""}
 } { 
 
     Prechecks credit card numbers. If you're going to accept cards
@@ -570,6 +589,7 @@
 
     set exception_count 0
     set exception_text ""
+    set card_code_required [parameter::get -package_id [ec_id] -parameter PaymentCardCodeRequired -default 0]
 
     if {![empty_string_p $creditcard_type]} {
 	switch -exact $creditcard_type {
@@ -583,6 +603,11 @@
 		    incr exception_count
 		    append exception_text "<li>The credit card number does not have the right number of digits.</li>"
 		}
+            if { $card_code_required && [string length $creditcard_code] != 3 } {
+		    incr exception_count
+		    append exception_text "<li>The credit card validation code (CVC2) should have 3 digits, and is usually a separate group of 3 digits to the right of the signature strip.</li>"
+		}
+
 	    }
 
 	    "v" {
@@ -594,6 +619,11 @@
 		    incr exception_count
 		    append exception_text "<li>The credit card number does not have the right number of digits.</li>"
 		}		    
+            if { $card_code_required && [string length $creditcard_code] != 3 } {
+		    incr exception_count
+		    append exception_text "<li>The credit card verification value (CVV2) should have 3 digits, and is usually a separate group of 3 digits to the right of the signature strip.</li>"
+		}
+
 	    }
 
 	    "a" {
@@ -605,10 +635,20 @@
 		    incr exception_count
 		    append exception_text "<li>The credit card number does not have the right number of digits.</li>"
 		}		    
+            if { $card_code_required && [string length $creditcard_code] != 4 } {
+		    incr exception_count
+		    append exception_text "<li>The credit card Unique Card Code (CID) should have 4 digits, and is a printed group of four digits on the right side of the face of the card.</li>"
+		}
+
 	    }
 
             "n" {
                 # no pattern available to precheck validity of card
+            if { $card_code_required && [string length $creditcard_code] != 3 } {
+		    incr exception_count
+		    append exception_text "<li>The credit card identification number (CID) should have 3 digits, and is usually a separate group of 3 digits to the right of the signature strip.</li>"
+		}
+
             }
 
 	    default {
Index: openacs-4/packages/ecommerce/tcl/ecommerce-scheduled-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/tcl/ecommerce-scheduled-procs.tcl,v
diff -u -N -r1.13 -r1.14
--- openacs-4/packages/ecommerce/tcl/ecommerce-scheduled-procs.tcl	13 Jan 2005 13:57:56 -0000	1.13
+++ openacs-4/packages/ecommerce/tcl/ecommerce-scheduled-procs.tcl	4 Sep 2008 12:24:06 -0000	1.14
@@ -219,6 +219,11 @@
 
 	    set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+        # no cvv2/cvc2/cid card available, because this is a delayed transaction
+        # theoretically, card code can be held for up to 24 hours, but storing
+        # in the db defeats the spirit of the intended use.
+        set card_code ""
+
 	    # Connect to the payment gateway to authorize the transaction.
 
 	    array set response [acs_sc_call "PaymentGateway" "Authorize" \
@@ -228,6 +233,7 @@
 					 $card_number \
 					 $card_exp_month \
 					 $card_exp_year \
+                     $card_code \
 					 $card_name \
 					 $billing_address \
 					 $billing_city \
@@ -415,6 +421,9 @@
 
 	set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card_code cvv2/cvc2/cid is not stored in the db
+    set card_code ""
+
 	# Connect to the payment gateway to authorize the transaction.
 
 	array set response [acs_sc_call "PaymentGateway" "Authorize" \
@@ -424,6 +433,7 @@
 				     $card_number \
 				     $card_exp_month \
 				     $card_exp_year \
+                     $card_code \
 				     $card_name \
 				     $billing_address \
 				     $billing_city \
@@ -710,6 +720,9 @@
 
 	set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card code cvv2/cvc2/cid not stored in db
+    set card_code ""
+
 	# Connect to the payment gateway to authorize the transaction.
 
 	array set response [acs_sc_call "PaymentGateway" "Authorize" \
@@ -719,6 +732,7 @@
 				     $card_number \
 				     $card_exp_month \
 				     $card_exp_year \
+                     $card_code \
 				     $card_name \
 				     $billing_address \
 				     $billing_city \
@@ -868,6 +882,9 @@
 
 	set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card_code cvv2/cvc2/cid not stored in db
+    set card_code ""
+
 	# Connect to the payment gateway to authorize the transaction.
 
 	array set response [acs_sc_call "PaymentGateway" "ChargeCard" \
@@ -877,6 +894,7 @@
 				     $card_number \
 				     $card_exp_month \
 				     $card_exp_year \
+                     $card_code \
 				     $card_name \
 				     $billing_address \
 				     $billing_city \
@@ -1035,6 +1053,9 @@
 
 	set card_type [ec_pretty_creditcard_type $creditcard_type]
 
+    # card_code cvv2/cvc2/cid is not stored in db
+    set card_code ""
+
 	# Connect to the payment gateway to authorize the transaction.
 
 	array set response [acs_sc_call "PaymentGateway" "Return" \
@@ -1044,6 +1065,7 @@
 				     $card_number \
 				     $card_exp_month \
 				     $card_exp_year \
+                     $card_code \
 				     $card_name \
 				     $billing_address \
 				     $billing_city \
Index: openacs-4/packages/ecommerce/tcl/resource-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/tcl/resource-procs.tcl,v
diff -u -N -r1.5 -r1.6
--- openacs-4/packages/ecommerce/tcl/resource-procs.tcl	28 Aug 2008 22:39:45 -0000	1.5
+++ openacs-4/packages/ecommerce/tcl/resource-procs.tcl	4 Sep 2008 12:24:06 -0000	1.6
@@ -303,6 +303,7 @@
 
     set filename "product${type}${extension}"
     set image_pathname [file join $dir_path $filename]
+
     set image_url "[ecommerce::resource::resource_url -product_id $product_id -product_name $product_name -dirname $dirname]/$filename"
 
     if { [file exists $image_pathname] && [file isfile $image_pathname] } {
Index: openacs-4/packages/ecommerce/www/checkout-3.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/checkout-3.adp,v
diff -u -N -r1.5 -r1.6
--- openacs-4/packages/ecommerce/www/checkout-3.adp	11 Aug 2008 13:01:09 -0000	1.5
+++ openacs-4/packages/ecommerce/www/checkout-3.adp	4 Sep 2008 12:24:06 -0000	1.6
@@ -10,6 +10,7 @@
 <blockquote>
 
   <form method="post" action="finalize-order">
+@export_form_vars_html;noquote@
     <p><b>Push <input type="submit" value="Submit"> to send us your order!</b>
     </p>
 
Index: openacs-4/packages/ecommerce/www/checkout-3.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/checkout-3.tcl,v
diff -u -N -r1.10 -r1.11
--- openacs-4/packages/ecommerce/www/checkout-3.tcl	11 Aug 2008 13:01:09 -0000	1.10
+++ openacs-4/packages/ecommerce/www/checkout-3.tcl	4 Sep 2008 12:24:06 -0000	1.11
@@ -16,6 +16,7 @@
 } {
     usca_p:optional
     referer:optional
+    {card_code ""}
 }
 
 ec_redirect_to_https_if_possible_and_necessary
@@ -156,6 +157,7 @@
     set display_progress "t"
 }
 
+set export_form_vars_html [export_form_vars card_code]
 set order_summary [ec_order_summary_for_customer $order_id $user_id]
 set title "Completing Your Order : verify and complete your order"
 set context [list $title]
Index: openacs-4/packages/ecommerce/www/checkout-one-form-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/checkout-one-form-2.tcl,v
diff -u -N -r1.5 -r1.6
--- openacs-4/packages/ecommerce/www/checkout-one-form-2.tcl	11 Aug 2008 13:01:09 -0000	1.5
+++ openacs-4/packages/ecommerce/www/checkout-one-form-2.tcl	4 Sep 2008 12:24:06 -0000	1.6
@@ -44,6 +44,7 @@
     @param tax_exempt_p:optional
     @param usca_p:optional
     @param value_currency_code:optional
+    @param card_code:optional
 
     @author
     @creation-date April 2002
@@ -98,7 +99,7 @@
     tax_exempt_p:optional
     usca_p:optional
     value_currency_code:optional
-
+    {card_code ""}
 }
 
 # We need them to be logged in
@@ -123,6 +124,7 @@
 } else {
     set possible_exception_list [list [list bill_to_first_names "billing first name"] [list bill_to_last_name "billing last name"] [list bill_to_line1 "billing street address"] [list bill_to_city "billing city"] [list bill_to_country_code "billing country"] [list bill_to_phone "billing telephone number"]]
 }
+
 set exception_count 0
 set exception_text ""
 
@@ -680,7 +682,7 @@
         # make sure the credit card type is right & that it has
         # the right number of digits
 
-        set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type]
+        set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type $card_code]
         set exception_count [expr $exception_count + [lindex $additional_count_and_text 0]]
         append exception_text [lindex $additional_count_and_text 1]
         
Index: openacs-4/packages/ecommerce/www/checkout-one-form.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/checkout-one-form.adp,v
diff -u -N -r1.3 -r1.4
--- openacs-4/packages/ecommerce/www/checkout-one-form.adp	11 Aug 2008 13:01:09 -0000	1.3
+++ openacs-4/packages/ecommerce/www/checkout-one-form.adp	4 Sep 2008 12:24:06 -0000	1.4
@@ -144,6 +144,12 @@
     <td align="right">Expires:</td>
     <td>@ec_expires_widget;noquote@</td>
   </tr>
+<if @ask_for_card_code@ true>
+  <tr>
+    <td align="right">Card Security Code (cvv2/cvc2/cid):</td>
+    <td><input type="text" name="card_code" size="4" tabindex="42"</td>
+  </tr>
+</if>
   </table>
 </if>
 
Index: openacs-4/packages/ecommerce/www/checkout-one-form.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/checkout-one-form.tcl,v
diff -u -N -r1.4 -r1.5
--- openacs-4/packages/ecommerce/www/checkout-one-form.tcl	11 Aug 2008 13:01:09 -0000	1.4
+++ openacs-4/packages/ecommerce/www/checkout-one-form.tcl	4 Sep 2008 12:24:06 -0000	1.5
@@ -86,8 +86,9 @@
     set billing_address_exists 0
     set more_addresses_available "f"
 
-    set currency [ad_parameter -package_id [ec_id] Currency ecommerce]
-    set tax_exempt_status [ad_parameter -package_id [ec_id] OfferTaxExemptStatusP ecommerce 0]
+    set currency [parameter::get -package_id [ec_id] -parameter Currency -default "USD"]
+    set ask_for_card_code [parameter::get -package_id [ec_id] -parameter PaymentCardCodeAsk -default 0]
+    set tax_exempt_status [parameter::get -package_id [ec_id] -parameter OfferTaxExemptStatusP -default 0]
     set tax_exempt_options ""
     if { $tax_exempt_status == "t" } {
         append tax_exempt_options "
Index: openacs-4/packages/ecommerce/www/credit-card-correction-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/credit-card-correction-2.tcl,v
diff -u -N -r1.7 -r1.8
--- openacs-4/packages/ecommerce/www/credit-card-correction-2.tcl	1 Mar 2005 00:01:30 -0000	1.7
+++ openacs-4/packages/ecommerce/www/credit-card-correction-2.tcl	4 Sep 2008 12:24:06 -0000	1.8
@@ -22,6 +22,7 @@
     creditcard_type:notnull
     creditcard_expire_1:notnull
     creditcard_expire_2:notnull
+    {card_code ""}
 }
 
 # Doubleclick problem: There is a small but finite amount of time
@@ -58,7 +59,7 @@
 # Make sure the credit card type is right & that it has the right
 # number of digits
 
-set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type]
+set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type $card_code]
 set exception_count [expr $exception_count + [lindex $additional_count_and_text 0]]
 append exception_text [lindex $additional_count_and_text 1]
 if { $exception_count > 0 } {
@@ -166,4 +167,5 @@
 
 }
 db_release_unused_handles
+rp_form_put card_code $card_code
 rp_internal_redirect finalize-order
Index: openacs-4/packages/ecommerce/www/credit-card-correction.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/credit-card-correction.adp,v
diff -u -N -r1.6 -r1.7
--- openacs-4/packages/ecommerce/www/credit-card-correction.adp	11 Aug 2008 13:01:09 -0000	1.6
+++ openacs-4/packages/ecommerce/www/credit-card-correction.adp	4 Sep 2008 12:24:06 -0000	1.7
@@ -7,7 +7,7 @@
 
 <h2>Sorry, There seems to be a problem with completing this transaction.</h3>
 
-  <blockquote>
+
   
   <p>At this time we are unable to receive authorization to charge
     your credit card.  Please check the number and the expiration
@@ -17,12 +17,8 @@
    Try again later, or report this problem to @ec_system_owner;noquote@.
 </p>
 
-  <table>
-    <tr>
-      <td>
 	@formatted_address@
-      </td>
-      <td>
+
 	<if @international_address@ eq 1>
 	  <form method="post" action="address-international">
 	    <input type="hidden" name="address_id" value="@address_id@"></input>
@@ -37,10 +33,7 @@
 	    <input type="submit" value="Edit"></input>
 	  </form>
 	</else>
-      </td>
-      <td width="20%">
-      </td>
-      <td>
+
 	<form method="post" action="credit-card-correction-2">
 	  <input type="hidden" name="address_id" value="@address_id@"></input>
 	  <table>
@@ -51,20 +44,22 @@
 	    <tr>
 	      <td>Type:</td>
 	      <td>@ec_creditcard_widget;noquote@</td>
-	      <td>
-		<center>
-		  <input type="submit" value="Submit">
-		</center>
-	      </td>
 	    </tr>
 	    <tr>
+	      <td>Credit card security code (cvv2/cvc2/cid):</td>
+	      <td><input type="text" name="card_code" size="4" value="@card_code@"></td>
+	    </tr>
+
+	    <tr>
 	      <td>Expires:</td>
 	      <td>@ec_expires_widget;noquote@</td>
 	    </tr>
+        <tr>
+	      <td colspan="2">
+		<center>
+		  <input type="submit" value="Submit">
+		</center>
+	      </td>
+        </tr>
 	  </table>
 	</form>
-      </td>
-    </tr>
-  </table>
-
-</blockquote>
Index: openacs-4/packages/ecommerce/www/credit-card-correction.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/credit-card-correction.tcl,v
diff -u -N -r1.9 -r1.10
--- openacs-4/packages/ecommerce/www/credit-card-correction.tcl	11 Aug 2008 13:01:09 -0000	1.9
+++ openacs-4/packages/ecommerce/www/credit-card-correction.tcl	4 Sep 2008 12:24:06 -0000	1.10
@@ -13,6 +13,7 @@
 
 } {
     usca_p:optional
+    {card_code ""}
 }
 
 # The order that we're trying to reauthorize is the 'in_basket' order
Index: openacs-4/packages/ecommerce/www/finalize-order.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/finalize-order.tcl,v
diff -u -N -r1.10 -r1.11
--- openacs-4/packages/ecommerce/www/finalize-order.tcl	11 Aug 2008 06:40:45 -0000	1.10
+++ openacs-4/packages/ecommerce/www/finalize-order.tcl	4 Sep 2008 12:24:06 -0000	1.11
@@ -16,6 +16,7 @@
     @revision-date April 2002
 
 } {
+    {card_code ""}
 }
 
 # If they reload, we don't have to worry about the credit card
@@ -264,7 +265,7 @@
             values
             (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-        array set response [ec_creditcard_authorization $order_id $transaction_id]
+        array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
         set result $response(response_code)
         set transaction_id $response(transaction_id)
         if { [string equal $result "authorized"] } {
@@ -332,7 +333,7 @@
             values
             (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-        array set response [ec_creditcard_authorization $order_id $transaction_id]
+        array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
         set result $response(response_code)
         set transaction_id $response(transaction_id)
         if { [string equal $result "authorized"] } {
@@ -355,7 +356,7 @@
             # for the scheduled procedures to mark the
             # transaction.
 
-            array set response [ec_creditcard_marking $transaction_id]
+            array set response [ec_creditcard_marking $transaction_id $card_code]
             set mark_result $response(response_code)
             set pgw_transaction_id $response(transaction_id)
             if { [string equal $mark_result "invalid_input"]} {
@@ -436,7 +437,7 @@
             values
             (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-        array set response [ec_creditcard_authorization $order_id $transaction_id]
+        array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
         set result $response(response_code)
         set soft_goods_transaction_id $response(transaction_id)
         if { [string equal $result "authorized"] } {
@@ -463,7 +464,7 @@
             values
             (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-            array set response [ec_creditcard_authorization $order_id $transaction_id]
+            array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
             set result $response(response_code)
             set hard_goods_transaction_id $response(transaction_id)
             if { [string equal $result "authorized"] } {
@@ -488,7 +489,7 @@
             # waiting for the scheduled procedures to mark
             # the transaction.
 
-            array set response [ec_creditcard_marking $transaction_id]
+            array set response [ec_creditcard_marking $transaction_id $card_code]
             set mark_result $response(response_code)
             set pgw_transaction_id $response(transaction_id)
             if { [string equal $mark_result "invalid_input"]} {
@@ -617,7 +618,7 @@
         values
         (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-        array set response [ec_creditcard_authorization $order_id $transaction_id]
+        array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
         set result $response(response_code)
         set transaction_id $response(transaction_id)
         #ns_log Notice "finalize-order.tcl, ref(623): order_id=$order_id,result=$result,transaction_id=${transaction_id}"
@@ -727,7 +728,7 @@
         values
         (:transaction_id, :order_id, :transaction_amount, 'charge', sysdate)"
 
-        array set response [ec_creditcard_authorization $order_id $transaction_id]
+        array set response [ec_creditcard_authorization $order_id $transaction_id $card_code]
         set result $response(response_code)
         set transaction_id $response(transaction_id)
         if { [string equal $result "authorized"] } {
@@ -749,7 +750,7 @@
         # Mark the transaction now, rather than waiting for
         # the scheduled procedures to mark the transaction.
 
-        array set response [ec_creditcard_marking $transaction_id]
+        array set response [ec_creditcard_marking $transaction_id $card_code]
         set mark_result $response(response_code)
         set pgw_transaction_id $response(transaction_id)
         if { [string equal $mark_result "invalid_input"]} {
Index: openacs-4/packages/ecommerce/www/gift-certificate-finalize-order.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/gift-certificate-finalize-order.tcl,v
diff -u -N -r1.10 -r1.11
--- openacs-4/packages/ecommerce/www/gift-certificate-finalize-order.tcl	11 Aug 2008 13:01:09 -0000	1.10
+++ openacs-4/packages/ecommerce/www/gift-certificate-finalize-order.tcl	4 Sep 2008 12:24:06 -0000	1.11
@@ -49,9 +49,9 @@
     
     creditcard_number:notnull
     creditcard_type:notnull
-    creditcard_expire_1:notnull
-    
+    creditcard_expire_1:notnull    
     creditcard_expire_2:notnull
+    {card_code ""}
 }
 
 ec_redirect_to_https_if_possible_and_necessary
@@ -128,7 +128,7 @@
 # Make sure the credit card type is right & that it has the right number
 # of digits
 
-# set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type]
+# set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type $card_code]
 # set exception_count [expr $exception_count + [lindex $additional_count_and_text 0]]
 # append exception_text [lindex $additional_count_and_text 1]
 
Index: openacs-4/packages/ecommerce/www/gift-certificate-order-3.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/gift-certificate-order-3.adp,v
diff -u -N -r1.6 -r1.7
--- openacs-4/packages/ecommerce/www/gift-certificate-order-3.adp	11 Aug 2008 13:01:09 -0000	1.6
+++ openacs-4/packages/ecommerce/www/gift-certificate-order-3.adp	4 Sep 2008 12:24:06 -0000	1.7
@@ -8,7 +8,7 @@
 
 <form method=post action="gift-certificate-order-4">
   @hidden_form_variables;noquote@
-  <blockquote>
+
     <table>
       <tr>
 	<td>Credit card number:</td>
@@ -22,8 +22,14 @@
 	<td>Expires:</td>
 	<td>@ec_expires_widget;noquote@</td>
       </tr>
+<if @ask_for_card_code@ true>
+      <tr>
+	<td>Credit card security digits (cvv2/cvc2/cid):</td>
+	<td><input type="text" name="card_code" size="4"></td>
+      </tr>
+</if>
     </table>
-  </blockquote>
+
   <center>
     <input type="submit" value="Continue">
   </center>
Index: openacs-4/packages/ecommerce/www/gift-certificate-order-3.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/gift-certificate-order-3.tcl,v
diff -u -N -r1.8 -r1.9
--- openacs-4/packages/ecommerce/www/gift-certificate-order-3.tcl	11 Aug 2008 13:01:09 -0000	1.8
+++ openacs-4/packages/ecommerce/www/gift-certificate-order-3.tcl	4 Sep 2008 12:24:06 -0000	1.9
@@ -35,6 +35,7 @@
     ad_script_abort
 }
 
+set ask_for_card_code [parameter::get -package_id [ec_id] -parameter PaymentCardCodeAsk -default 0]
 set ec_creditcard_widget [ec_creditcard_widget]
 set ec_expires_widget "[ec_creditcard_expire_1_widget] [ec_creditcard_expire_2_widget]"
 set hidden_form_variables [export_form_vars address_id certificate_to certificate_from certificate_message amount recipient_email]
Index: openacs-4/packages/ecommerce/www/gift-certificate-order-4.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/gift-certificate-order-4.tcl,v
diff -u -N -r1.8 -r1.9
--- openacs-4/packages/ecommerce/www/gift-certificate-order-4.tcl	11 Aug 2008 13:01:09 -0000	1.8
+++ openacs-4/packages/ecommerce/www/gift-certificate-order-4.tcl	4 Sep 2008 12:24:06 -0000	1.9
@@ -19,6 +19,7 @@
     creditcard_type
     creditcard_expire_1
     creditcard_expire_2
+    {card_code ""}
 }
 
 ec_redirect_to_https_if_possible_and_necessary
@@ -102,7 +103,7 @@
 # Make sure the credit card type is right & that it has the right
 # number of digits 
 
-set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type]
+set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type $card_code]
 set exception_count [expr $exception_count + [lindex $additional_count_and_text 0]]
 append exception_text [lindex $additional_count_and_text 1]
 
Index: openacs-4/packages/ecommerce/www/payment.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/payment.adp,v
diff -u -N -r1.7 -r1.8
--- openacs-4/packages/ecommerce/www/payment.adp	11 Aug 2008 13:01:10 -0000	1.7
+++ openacs-4/packages/ecommerce/www/payment.adp	4 Sep 2008 12:24:06 -0000	1.8
@@ -53,6 +53,12 @@
 	  <td>Expires:</td>
 	  <td>@ec_expires_widget;noquote@</td>
 	</tr>
+<if @ask_for_card_code@ true>
+	<tr>
+	  <td>Credit card secrity code (cvv2/cvc2/cid):</td>
+	  <td><input type="text" name="card_code" size="4"></td>
+	</tr>
+</if>
       </table>
     </if>
 
Index: openacs-4/packages/ecommerce/www/payment.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/payment.tcl,v
diff -u -N -r1.13 -r1.14
--- openacs-4/packages/ecommerce/www/payment.tcl	11 Aug 2008 13:01:10 -0000	1.13
+++ openacs-4/packages/ecommerce/www/payment.tcl	4 Sep 2008 12:24:06 -0000	1.14
@@ -227,7 +227,8 @@
     append old_cards_to_choose_from "</table>"
 }
 
-set gift_certificate_p [ad_parameter -package_id [ec_id] SellGiftCertificatesP ecommerce]
+set ask_for_card_code [parameter::get -package_id [ec_id] -parameter PaymentCardCodeAsk -default 0]
+set gift_certificate_p [parameter::get -package_id [ec_id] -parameter SellGiftCertificatesP -default 0]
 
 set title "Completing Your Order: Payment information"
 set context [list $title]
Index: openacs-4/packages/ecommerce/www/process-payment.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/process-payment.tcl,v
diff -u -N -r1.7 -r1.8
--- openacs-4/packages/ecommerce/www/process-payment.tcl	1 Mar 2005 00:01:31 -0000	1.7
+++ openacs-4/packages/ecommerce/www/process-payment.tcl	4 Sep 2008 12:24:06 -0000	1.8
@@ -29,6 +29,7 @@
     creditcard_expire_2:optional
     billing_address_id:optional
     usca_p:optional
+    {card_code ""}
 }
 
 ec_redirect_to_https_if_possible_and_necessary
@@ -196,7 +197,7 @@
 	    # make sure the credit card type is right & that it has
 	    # the right number of digits
 
-	    set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type]
+	    set additional_count_and_text [ec_creditcard_precheck $creditcard_number $creditcard_type $card_code]
 	    set exception_count [expr $exception_count + [lindex $additional_count_and_text 0]]
 	    append exception_text [lindex $additional_count_and_text 1]
 	    
Index: openacs-4/packages/ecommerce/www/admin/products/list.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/admin/products/list.tcl,v
diff -u -N -r1.6 -r1.7
--- openacs-4/packages/ecommerce/www/admin/products/list.tcl	14 Aug 2008 10:53:42 -0000	1.6
+++ openacs-4/packages/ecommerce/www/admin/products/list.tcl	4 Sep 2008 12:24:06 -0000	1.7
@@ -51,8 +51,6 @@
 set header " order by $ordering_options"
 set context [list [list index Products] $title]
 
-
-
 set list_items ""
 
 set have_how_many_more_p f
Index: openacs-4/packages/ecommerce/www/admin/user-classes/member-add-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/admin/user-classes/member-add-2.tcl,v
diff -u -N -r1.4 -r1.5
--- openacs-4/packages/ecommerce/www/admin/user-classes/member-add-2.tcl	1 Mar 2005 00:01:35 -0000	1.4
+++ openacs-4/packages/ecommerce/www/admin/user-classes/member-add-2.tcl	4 Sep 2008 12:24:06 -0000	1.5
@@ -26,8 +26,6 @@
     ad_script_abort
 }
 
-
-
 # see if they're already in ec_user_class_user_map, in which case just update
 # their record
 

Credit card number:	Expires:	@ec_expires_widget;noquote@
Credit card security digits (cvv2/cvc2/cid):