Adyx Posted March 15, 2003 Share Posted March 15, 2003 http://www.oscommerce.com/community/contributions,1072 Just a quick note about the above contribution i made... It's got plenty of room for improvements, and in theory ive not really used much of the pre-existing oscommerce code.. things like zapfunctions.php could just as easily be using the configuration.php file to call in the database connection etc. I just used the code i had already for a quick set-up. Actually, i think having the database info in configure.php is a slight security risk... chmod 644 is fair enough, and admin using htaccess as well, is fine for most things. Ive used the off-set database variables 'include' system, for a while, and it means you can get the database user/passwd etc. off root, and reduce any security risk. (almost) Other than that, obviously the credit cards are gone when they are zapped, meaning if you zap it before you are ready, then your going to have to call the customer for the number again ! I think instead of a zap, it could be an encryption routeen, is the MD5 php encryption something useful for this ? I think it would mean quite a lot of messing about to get encryption working really well in the DB. Anyway... Card Zapper is handy if you just want to clear up some cc numbers, that youve processed etc. :wink: Quote Link to comment Share on other sites More sharing options...
Druide Posted March 15, 2003 Share Posted March 15, 2003 i like the idea of the contribution that you've made Next step: implement it in Osc code so that's not standalone all functions already do exist, it's not good to have more files with config information about dbname and login/password chmod 644 or not When you need to change servers or so then you need to change more files then admin & catalog's configure.php which will cause problems in the end. personally i have an encryption of MD5 with a hash on that cc field. No it's not ready for a real contribution because it's in dev. (no due date) Quote Robert We all need to learn it once, how hard it may seem when you look at it, also you will master it someday ;) Link to comment Share on other sites More sharing options...
Adyx Posted March 15, 2003 Author Share Posted March 15, 2003 Thank q :wink: RE: all functions already do exist, it's not good to have more files with config information about dbname and login/password chmod 644 or not Yes.. i agree.. infact the configure.php files, could as i mentioned use an include for the DB info.. the section: // define our database connection could call variables rather then the actual true db connection names being coded into the configure.php file itself... Also RE: Next step: implement it in Osc code so that's not standalone I will do that, i just think that it might get a bit specific to a particular release though, if i start getting too deep with it.. the point of this was a work on 99% of versions.. what with the javascript/UPDATE~SET system. Easy enough to get it all inside orders.php..... When i get chance i will do a V-1.1 based on the milestone admin/orders.php :wink: Quote Link to comment Share on other sites More sharing options...
Adyx Posted March 16, 2003 Author Share Posted March 16, 2003 :idea: anyone else can do an upgrade also :D Be interested to see other peoples take on the idea :wink: Quote Link to comment Share on other sites More sharing options...
Dennisra Posted November 22, 2007 Share Posted November 22, 2007 If you use this contribution and then appy the Register Globals contribution Zapper no longer removes the credit card number from the database. If someone has a fix for this problem please post or let me know. Card Zapper Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.