Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Card Zapper


Adyx

Recommended Posts

http://www.oscommerce.com/community/contributions,1072

 

Just a quick note about the above contribution i made...

 

It's got plenty of room for improvements, and in theory ive not really used much of the pre-existing oscommerce code.. things like zapfunctions.php could just as easily be using the configuration.php file to call in the database connection etc.

 

I just used the code i had already for a quick set-up.

 

Actually, i think having the database info in configure.php is a slight security risk... chmod 644 is fair enough, and admin using htaccess as well, is fine for most things.

 

Ive used the off-set database variables 'include' system, for a while, and it means you can get the database user/passwd etc. off root, and reduce any security risk. (almost)

 

Other than that, obviously the credit cards are gone when they are zapped, meaning if you zap it before you are ready, then your going to have to call the customer for the number again !

 

I think instead of a zap, it could be an encryption routeen, is the MD5 php encryption something useful for this ?

I think it would mean quite a lot of messing about to get encryption working really well in the DB.

 

Anyway... Card Zapper is handy if you just want to clear up some cc numbers, that youve processed etc. :wink:

Link to comment
Share on other sites

i like the idea of the contribution that you've made

 

Next step:

implement it in Osc code so that's not standalone

 

all functions already do exist, it's not good to have more files with config information about dbname and login/password chmod 644 or not

 

When you need to change servers or so then you need to change more files then admin & catalog's configure.php which will cause problems in the end.

 

personally i have an encryption of MD5 with a hash on that cc field.

No it's not ready for a real contribution because it's in dev. (no due date)

Robert

 

We all need to learn it once, how hard it may seem when you look at it, also you will master it someday ;)

Link to comment
Share on other sites

Thank q :wink:

 

RE:

all functions already do exist, it's not good to have more files with config information about dbname and login/password chmod 644 or not

 

Yes.. i agree.. infact the configure.php files, could as i mentioned use an include for the DB info..

the section: // define our database connection

could call variables rather then the actual true db connection names being coded into the configure.php file itself...

 

Also RE:

Next step: implement it in Osc code so that's not standalone

 

I will do that, i just think that it might get a bit specific to a particular release though, if i start getting too deep with it.. the point of this was a work on 99% of versions.. what with the javascript/UPDATE~SET system.

 

Easy enough to get it all inside orders.php.....

When i get chance i will do a V-1.1 based on the milestone admin/orders.php :wink:

Link to comment
Share on other sites

  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...