shanehamelin Posted July 25, 2008 Share Posted July 25, 2008 Hey Everyone, I was sitting here wondering why I have not recieved any new orders since I put up my new store.. Well, Customers are getting this ERROR: Credit Card Error! The first four digits of the number entered are: Here is my Code.. The only credit cards we take are Visa, MasterCard and AMEX I dont need pre-authorization.. I just Manually Put the order in my CC machine here in store, then ship.. Can someone look at this for me? <?php /* $Id: cc_validation.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ class cc_validation { var $cc_type, $cc_number, $cc_expiry_month, $cc_expiry_year; function validate($number, $expiry_m, $expiry_y) { $this->cc_number = ereg_replace('[^0-9]', '', $number); if (ereg('^4[0-9]{12}([0-9]{3})?$', $this->cc_number)) { $this->cc_type = 'Visa'; } elseif (ereg('^5[1-5][0-9]{14}$', $this->cc_number)) { $this->cc_type = 'Master Card'; } elseif (ereg('^3[47][0-9]{13}$', $this->cc_number)) { $this->cc_type = 'American Express'; } elseif (ereg('^3(0[0-5]|[68][0-9])[0-9]{11}$', $this->cc_number)) { $this->cc_type = 'Diners Club'; } elseif (ereg('^6011[0-9]{12}$', $this->cc_number)) { $this->cc_type = 'Discover'; } elseif (ereg('^(3[0-9]{4}|2131|1800)[0-9]{11}$', $this->cc_number)) { $this->cc_type = 'JCB'; } elseif (ereg('^5610[0-9]{12}$', $this->cc_number)) { $this->cc_type = 'Australian BankCard'; } else { return -1; } if (is_numeric($expiry_m) && ($expiry_m > 0) && ($expiry_m < 13)) { $this->cc_expiry_month = $expiry_m; } else { return -2; } $current_year = date('Y'); $expiry_y = substr($current_year, 0, 2) . $expiry_y; if (is_numeric($expiry_y) && ($expiry_y >= $current_year) && ($expiry_y <= ($current_year + 10))) { $this->cc_expiry_year = $expiry_y; } else { return -3; } if ($expiry_y == $current_year) { if ($expiry_m < date('n')) { return -4; } } return $this->is_valid(); } function is_valid() { $cardNumber = strrev($this->cc_number); $numSum = 0; for ($i=0; $i<strlen($cardNumber); $i++) { $currentNum = substr($cardNumber, $i, 1); // Double every second digit if ($i % 2 == 1) { $currentNum *= 2; } // Add digits of 2-digit numbers together if ($currentNum > 9) { $firstNum = $currentNum % 10; $secondNum = ($currentNum - $firstNum) / 10; $currentNum = $firstNum + $secondNum; } $numSum += $currentNum; } // If the total has no remainder it's OK return ($numSum % 10 == 0); } } ?> Link to comment Share on other sites More sharing options...
WoodsWalker Posted July 26, 2008 Share Posted July 26, 2008 Hi Shane, Sorry you are having troubles with your credit card payments. I'm afraid I don't know enough code to be of much help. The reason I posted is that, in my own case, I initially thought I would do the same as you - that is, use the online ordering system to receive the customer info including cc#, and then process the transactions offline - but then learned that in doing so I would be in violation with my agreements with VISA and Mastercard, in that I would be using non PCI-compliant procedures. You may be incurring hefty risks and putting the security of your customers' info in jeopardy. Just a heads-up in case you haven't explored these issues. In any case, I've bumped your post to the top again now, so maybe someone else can answer the technical end! ~Wendy Link to comment Share on other sites More sharing options...
shanehamelin Posted July 26, 2008 Author Share Posted July 26, 2008 Hi Shane, Sorry you are having troubles with your credit card payments. I'm afraid I don't know enough code to be of much help. The reason I posted is that, in my own case, I initially thought I would do the same as you - that is, use the online ordering system to receive the customer info including cc#, and then process the transactions offline - but then learned that in doing so I would be in violation with my agreements with VISA and Mastercard, in that I would be using non PCI-compliant procedures. You may be incurring hefty risks and putting the security of your customers' info in jeopardy. Just a heads-up in case you haven't explored these issues. In any case, I've bumped your post to the top again now, so maybe someone else can answer the technical end! ~Wendy Im not going to take a double processing fee to do it any other way.. We have always do it that way.. Process credit in store , not online but ever since we did a new look, cant seem to get it back that way.. Link to comment Share on other sites More sharing options...
WoodsWalker Posted July 26, 2008 Share Posted July 26, 2008 Hi Shane, Our credit card processor (Moneris) offered us an eCommerce package for close to the same rate as our off-line processing was. To stay within the guidelines and take credit card info over the internet, Moneris required that we become "PCI-Compliant". To fulfill the PCI-compliance requirements, we had to get SSL for our site, and get a "PCI-compliance Certificate". This cost a little money, but now we know that our customers' data is as secure as it can be, which protects us as well as them. I made a posting about the process of getting PCI-compliance Certificate, here. The credit card industry is primarily concerned about the storage of credit card info on unsecure servers. When a customer places an order through your site, SSL (if you have it) will protect their data in transit, but not once it is sitting on your (or your host's) web server. This is where the PCI rules come into play. Luckily, when I went through this process, it was found that my hosting service (BellHosting.ca) had my site on a server that met the security rules (the PCI-compliance folks do a remote scan to check). Anyway, if you become interested in PCI-compliance, I hope my link is helpful. ~Wendy Link to comment Share on other sites More sharing options...
shanehamelin Posted July 26, 2008 Author Share Posted July 26, 2008 Hi Shane, Our credit card processor (Moneris) offered us an eCommerce package for close to the same rate as our off-line processing was. To stay within the guidelines and take credit card info over the internet, Moneris required that we become "PCI-Compliant". To fulfill the PCI-compliance requirements, we had to get SSL for our site, and get a "PCI-compliance Certificate". This cost a little money, but now we know that our customers' data is as secure as it can be, which protects us as well as them. I made a posting about the process of getting PCI-compliance Certificate, here. The credit card industry is primarily concerned about the storage of credit card info on unsecure servers. When a customer places an order through your site, SSL (if you have it) will protect their data in transit, but not once it is sitting on your (or your host's) web server. This is where the PCI rules come into play. Luckily, when I went through this process, it was found that my hosting service (BellHosting.ca) had my site on a server that met the security rules (the PCI-compliance folks do a remote scan to check). Anyway, if you become interested in PCI-compliance, I hope my link is helpful. ~Wendy Thanks Wendy, We are on an SSL server and the store is https:// and secure... Im just confussed why before we did the make over, same OS Version we would just get an email for the order with credit card info.. No we get this darn error Shane Link to comment Share on other sites More sharing options...
WoodsWalker Posted July 26, 2008 Share Posted July 26, 2008 Hmmmm, I don't see anything weird with the sode, but I'm not an expert. Anyone else out there have any insight? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.