Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Deleting Credit card details from Admin?


sefu

Recommended Posts

Hi All,

MY PHP/SQL is very lacking. I am just wondering if anyone can help me include some code within the Admin that lets me delete the customers CC details individually from the "edit order page"?. Nothing fancy, just a small button that deletes their CC number and Exp date from the DB.

 

Also code would I use in PHPMyAdmin to delete all the CC details in the current DB?

 

Thanks for your help

Link to comment
Share on other sites

i am working on a cc mod that is doing just that, well the first part anyway. here's the code you want to add....admin/orders.php

 

study it first, make sure you know what you are doing and if you're gonna implement it, BACKUP then backup again.

 

i have deliberatley not put in line numbers as my store is fairly heaviy modified and numbers would be pointless

 

This first section of code is the bit that does the acion and is called when the buttons are clicked. There are references to the removal of the cvv data which i have implemented in my store, you may need to fiddle with this a little or take out the cvv stuff altogether.

 

 

find

    case 'deleteconfirm':

     $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);



     tep_remove_order($oID, $HTTP_POST_VARS['restock']);



     tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action'))));

     break;

 

after it add

    case 'deleteccinfo':

     $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);

     $cvvnumber = tep_db_prepare_input ($HTTP_POST_VARS['cc_cvv']);

     $ccnumber = tep_db_prepare_input ($HTTP_POST_VARS['cc_number']);



     tep_db_query("update " . TABLE_ORDERS . " set cc_cvv = '000' " . tep_db_input($cvvnumber) . " where orders_id = '" . tep_db_input($oID) . "'");

     tep_db_query("update " . TABLE_ORDERS . " set cc_number = '0000000000000000' " . tep_db_input($ccnumber) . " where orders_id = '" . tep_db_input($oID) . "'");



     tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action'))));

     break;

 

 

now to add the buttons on the page that will call the above code and delete the info.

 

find

            <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

           <td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td>

           <td class="pageHeading" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>

and replace with

            <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

           <td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td>

        <td class="pageHeading" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deleteccinfo') . '">' . tep_image_button('button_removeccinfo.gif', RemoveCCInfo) . ' </a>' . '<a href="' . tep_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERS_PACKINGSLIP) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>

 

adds the button at the top of the order display page

 

next, about 3/4 of the way down the page find

        <td colspan="2" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERS_PACKINGSLIP) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>

and replace with

        <td colspan="2" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deleteccinfo') . '">' . tep_image_button('button_removeccinfo.gif', RemoveCVV) . ' </a>' . '<a href="' . tep_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $HTTP_GET_VARS['oID']) . '" TARGET="_blank">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERS_PACKINGSLIP) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>

adds the same buttons at the bottom of the page

 

the next addition adds the delete option to the order listing page

 

find

        $contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=edit') . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=delete') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a>');

and replace with

        $contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=edit') . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=delete') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=deleteccinfo') . '">' . tep_image_button('button_removeccinfo.gif', RemoveCVV) . '</a>');

 

hope this helps a little.

 

cheers

barry

Link to comment
Share on other sites

an important point i should have stated in my previous post, however, my infinite wisdom has prevented me from doing so.....

 

 

anyways the snapshot this is based on is from mid november, the 19th to be exact.

 

cheers

barry

Link to comment
Share on other sites

Hey some of that code looks familiar. :wink: Yes, you will need to remove the cvv parts, unless you collect the number in your store otherwise you will be trying to alter a field that does not exsist.

Link to comment
Share on other sites

Hey some of that code looks familiar.
Yeah it will do, thanks for the mod. Unfortunately it didn't go far enough so i had to modify it slightly to fit my needs.

 

t worked!! WOOHOO! Can't wait til you get the rest completed:) Thanks!
well i have it all working apart from getting the cc info encrypted in the db, looking for ideas as i'm slowly going bald :cry:

 

cheers

barry

Link to comment
Share on other sites

Barry;

 

Just a thought here...

 

If a way is found to encrypt the CC info in the database (with PGP or GnuPG for instance), does there remain any need to delete the info from the database?

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Link to comment
Share on other sites

Just a thought here...

 

If a way is found to encrypt the CC info in the database (with PGP or GnuPG for instance), does there remain any need to delete the info from the database?

 

well yeah, the less info you keep, the less of a liability there is should any of your security measures be compromised, and in my opinion, nothing is that secure.

 

cheers

barry

Link to comment
Share on other sites

Thanks Barry,

Works like a charm! Just what I wanted. Now to make a button for it.

 

It will take some time to manually delete every cc detail in the DB, anyone know the SQL statement to use in PHPMyAdmin to delete all the records in the CC number feild?

Link to comment
Share on other sites

this worked great when I installed it then I added the contrib_Update Order and now when I try to click on the delete CC Info I get this error:

 

1054 - Unknown column 'cc_cvv' in 'field list'

 

update orders set cc_cvv = '000' where orders_id = '59'

 

[TEP STOP]

 

Can I fix this?

Link to comment
Share on other sites

    

//DELETE FROM HERE

case 'deleteccinfo': 

     $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']); 

     $cvvnumber = tep_db_prepare_input ($HTTP_POST_VARS['cc_cvv']); 

     $ccnumber = tep_db_prepare_input ($HTTP_POST_VARS

//TO HERE

['cc_number']); 

//AND DELETE HERE

     [b]tep_db_query("update " . TABLE_ORDERS . " set cc_cvv = '000' " . tep_db_input($cvvnumber) . " where orders_id = '" . tep_db_input($oID) . "'"); 

//TO HERE

     tep_db_query("update " . TABLE_ORDERS . " set cc_number = '0000000000000000' " . tep_db_input($ccnumber) . " where orders_id = '" . tep_db_input($oID) . "'"); 



     tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')))); 

     break;  

 

where i have commented delete

Link to comment
Share on other sites

//DELETE FROM HERE 

case 'deleteccinfo': 

     $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']); 

     $cvvnumber = tep_db_prepare_input ($HTTP_POST_VARS['cc_cvv']);

//TO HERE  

     $ccnumber = tep_db_prepare_input ($HTTP_POST_VARS 



['cc_number']); 

//AND DELETE HERE 

     [b]tep_db_query("update " . TABLE_ORDERS . " set cc_cvv = '000' " . tep_db_input($cvvnumber) . " where orders_id = '" . tep_db_input($oID) . "'"); 

//TO HERE 

     tep_db_query("update " . TABLE_ORDERS . " set cc_number = '0000000000000000' " . tep_db_input($ccnumber) . " where orders_id = '" . tep_db_input($oID) . "'"); 



     tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')))); 

     break;  

 

Ignore last post, made a small mistake

Link to comment
Share on other sites

thanks that worked for the credit card delete. I still want it where it'll delete cvv too, instead I have to go to update orders to get it deleted. Which will work for now I guess just some extra clicking involved

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...