arbitar Posted January 1, 2006 Share Posted January 1, 2006 I have a need to store the entire order information to a file. Credit Card information, shipping and billing information, order comments, subtotal, shipping, tax, and total, and the date and time ordered. Is this at all possible? How hard would this be to accomplish. It seems pretty simple, but after about four days of digging around and trying things, it seems a bit harder than I thought. Is there something I'm missing? I would love to know, and possibly get a push in the right direction. Thanks, --Arbitar Link to comment Share on other sites More sharing options...
Guest Posted January 2, 2006 Share Posted January 2, 2006 Are you aware of the consequences should the file fall into the wrong hands? Storing credit card info in this way is...... not smart and possibly illegal depending on where you are :-" Matti Link to comment Share on other sites More sharing options...
GraphicsGuy Posted January 2, 2006 Share Posted January 2, 2006 Are you aware of the consequences should the file fall into the wrong hands? Storing credit card info in this way is...... not smart and possibly illegal depending on where you are ':- Matti Indeed, before you make any decision to store complete cardholder information in a computer file, you should read through the rules, regulations and tips at Visa and MasterCard at least. If accepting American Express or Discover, you should also review their security policies for merchants. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
arbitar Posted January 2, 2006 Author Share Posted January 2, 2006 Yes, I am quite aware of the security implications, but that part has already been taken care of. It's not the security of it that I need help on, but rather the implimentation of it itself. I can guarentee that I am the only person who will ever have access to that file, unless someone seriously wants in, and regardless of what you do, that is always a possibility. There are problems with everything. Plus, this isn't as simply set up as it sounds. The file will be more split into many (8) different files, and each one will be secured in a different and unique way. I was just curious how it would be possible, and where to get the information in a whole from within OSCommerce. Link to comment Share on other sites More sharing options...
kwalker Posted January 2, 2006 Share Posted January 2, 2006 Why don't you download the tables to your computer and then burn them to re-writable cd's, then delete what's on your computer. Unless your online database is on a secured server, I'd advise against keep that type of info there too for more than 24 hours. Kevin "What I didn't know yesterday, I know today & will remember tomorrow" (By Kwalker) What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download? Link to comment Share on other sites More sharing options...
GraphicsGuy Posted January 2, 2006 Share Posted January 2, 2006 Sounds like you have given thought as to how to secure the information once you have it into the files. But, that still leaves the issue of storing the full cardholder information into the database in the first place. Unless your database is on a separate server that is not Internet accessible, then that in itself is a violation and if compromised could subject you to severe fines (up to $100,000). This is why the card informatin is split and part of it emailed to you and only part of it stored in the database. All that said, the simplest way to harvest the data without having to code a solution will be to use phpMyAdmin to export the tables to csv files. The problem you are going to run into is that order and customer data is stored in several tables. To see the database structure you can download this contribution that has a pdf file with the database layout and relationships. Another way you could approach the project would be to hack /admin/invoice.php to harvest the data and output it to the file format you want instead of the screen. I am not a coder so I can't give you advice on the code to do that but for someone well experienced in php it wouldn't be a problem. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.