jacobr Posted December 2, 2004 Share Posted December 2, 2004 I'm looking for a way to keep the credit card information in my database, but encrypted (either with MD5 or whatever - I don't know much about encryption techniques) - so that if I pull up the order through my SSL Admin, it's safe for it to show me the credit card number so I can process the order (which I do manually). I'm not really happy with the 'rip out the middle 8 digits and email them to me separately' solution that the stock cc.php provides because of the logistical nightmare if an email doesn't come through, gets lost, etc. I haven't found the OSC emailer to be the most reliable thing on earth, and if the middle half of a credit card didn't come through, I'd hate to call the customer to ask for it. I've seen people in other posts from my multiple searches mention contributions that do what I'm talking about (encrypt CC # in full in database, display only in admin, don't email to anybody), but after searching over there for a bit, I can't find one that does it. I'm hoping it's as simple as the Master Password contrib SQL - i.e.: INSERT INTO a_table (password) VALUES (MD5('yourpassword'); which makes 'yourpassword' encrypted with MD5 I just want the cc_number to be encrypted and accessible through Admin (after which I'll delete it when I'm done with the order). I hunted through the cc module, checkout_process.php, etc but couldn't find the SQL statement that inserts the cc_number value into the database. Is this possible? Jacob Link to comment Share on other sites More sharing options...
Guest Posted December 2, 2004 Share Posted December 2, 2004 MD5 is not encryption, it's a one-way hash. When someone chooses a password, that doesn't get stored in the database. Instead, the hash function is run against it, and the resulting value is stored in the database. When someone inputs their password for a subsequent login, osC runs the hash function against it to see if the resultant hash matches what we have in the database. Hashing isn't encryption, it's a mathematical way to uniquely identify the password without actually storing the password. You can't "un-hash" it. I'm sure that there are better explanations of hashing somewhere . . . -jared Link to comment Share on other sites More sharing options...
jacobr Posted December 2, 2004 Author Share Posted December 2, 2004 MD5 is not encryption, it's a one-way hash. When someone chooses a password, that doesn't get stored in the database. Instead, the hash function is run against it, and the resulting value is stored in the database. When someone inputs their password for a subsequent login, osC runs the hash function against it to see if the resultant hash matches what we have in the database. Hashing isn't encryption, it's a mathematical way to uniquely identify the password without actually storing the password. You can't "un-hash" it. I'm sure that there are better explanations of hashing somewhere . . . -jared <{POST_SNAPBACK}> Ok, I get it then. Since I wouldn't know the original CC number to verify against the hash equivalent, that wouldn't really work (I think). Thanks for the good info on hashing though. Do you (or anybody) know of a way to do what I'm looking for, or a contribution that can do it? Jacob Link to comment Share on other sites More sharing options...
Guest Posted December 2, 2004 Share Posted December 2, 2004 I just searched for "encrypt" and found this one: http://www.oscommerce.com/community/contributions,2013 take note of the following, though: These changes are in the main file, just forgot to include them in the text. Changes: Install alters orders table to allow for a GPG Encrypted CC CC of Orders are now stored in the DB GPG Encrypted TODOs: Add option to have GPG Decryption in Admin Order Display *Currently you will have to use a GPG Decryption Program to get the CC off the Admin Page -jared Link to comment Share on other sites More sharing options...
jacobr Posted December 3, 2004 Author Share Posted December 3, 2004 I just searched for "encrypt" and found this one: http://www.oscommerce.com/community/contributions,2013take note of the following, though: -jared <{POST_SNAPBACK}> Yeah, I had saw that one as well - thanks for your help. Jacob Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.