Guest Posted May 5, 2003 Posted May 5, 2003 I have just uploaded an update to my cc contribution which add encryptio/decryption functionality. It allows encryption of the cc number as it is inserted into the database and is only decrypted in admin/orders.php when the number needs to be displayed. At no point is the raw number stored in the db hopefully this is useful to you guys almost forgot, here's the link http://www.oscommerce.com/community/contri...ons,1148/page,2 cheers barry Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 Thanks, Work Brilliantly!! However, Found these bugs during install: The code that should be in checkout_process.php should be: if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedatain($cipher_data,$key); } NOT: <?php if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } ?> The code that should be in admin/orders.php should be: if ($order->info['cc_type'] !=0000000000000000) { if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } } NOT: if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } Hope that helps!! And thanks for this brilliant contribution!! PS Any more info on CC Validation? Warren Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 Ooopppss... Sorry, Small mistake!! Warren The code that should be in admin/orders.php should be: if ($order->info['cc_number'] != '0000000000000000') { if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } } NOT: if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } Quote
Guest Posted May 5, 2003 Posted May 5, 2003 Actually, i posted that lot at like 3.30 am and should really have waited till this morning and checked it over, anyway it's done now, here's the proper changes. in catalog/checkout_process.php the additions should be; <?php if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $plain_data = $order->info['cc_number']; $order->info['cc_number'] = changedatain($plain_data,$key); } ?> and in admin/orders.php the additions should be <?php if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } ?> sorry for any confusion there guys, must get more sleep. cheers barry Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 Ok, But what about after the number has been cleared!!! Using this - it will see if it has been cleared and NOT decrypt the output becuase there is no need to: if ($order->info['cc_number'] != '0000000000000000') { if ( strtolower(CC_ENC) == 'true' ) { $key = changeme; $cipher_data = $order->info['cc_number']; $order->info['cc_number'] = changedataout($cipher_data,$key); } } Warren Quote
Guest Posted May 5, 2003 Posted May 5, 2003 warren i will add that to the next release which will include an improved card recognition validation class. This will be database driven and will read the bin numbers from the database. I should have that done by the end of the day or first thing tomorrow. cheers barry Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 warren i will add that to the next release which will include an improved card recognition validation class. This will be database driven and will read the bin numbers from the database. I should have that done by the end of the day or first thing tomorrow. cheers barry Brilliant - I can not wait!!! If there is anything that I could test or help with, Just give me a shout!! Thanks, Warren Quote
Guest Posted May 5, 2003 Posted May 5, 2003 i will pm you later regarding the testing of the code, hopefully then it will be an error free release. cheers barry Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 i will pm you later regarding the testing of the code, hopefully then it will be an error free release. cheers barry OK - No Problem :) Warren Quote
CC Posted May 5, 2003 Posted May 5, 2003 Forgive me for being lazy Bazza. :wink: But I am hoping you can tell me if the additions to the checkout_process.php and the addition to the admin/orders.php is all that is required in order to add the encryption/decryption to the mod? I have this installed with a few changes of my own already and dont want to do a fresh install, can you tell me if I am right in thinking that is the correct upgrade route? Cheers bud. CC. Quote
Guest Posted May 5, 2003 Posted May 5, 2003 Forgive me for being lazy Bazza. :wink: But I am hoping you can tell me if the additions to the checkout_process.php and the addition to the admin/orders.php is all that is required in order to add the encryption/decryption to the mod? I have this installed with a few changes of my own already and dont want to do a fresh install, can you tell me if I am right in thinking that is the correct upgrade route? Cheers bud. CC. don't worry, i would like the same info if i were you :) i slotted it straight into my live site with the changes detailed in the following files catalog/includes/functions/encrypt.php catalog/includes/functions/general.php (includes call to the above file) catalog/checkout_process.php admin/includes/functions/decrypt.php admin/includes/functions/general.php (includes call to the above file) admin/orders.php it should be fairly painless to add to an existing live site with my mod already installed. If you also add in the little bit of code that warren posted earlier if ($order->info['cc_number'] != '0000000000000000') { This additional if statement goes into the code for admin/orders.php hope this helps cheers barry p.s. i forgive you for being lazy, it is a bank holiday after all :D Quote
CC Posted May 5, 2003 Posted May 5, 2003 Well I have all the files in and updated, but I dont see an exncrypted cc number in my db. I just see it the same as it was input. Surely I should be seeing a load of jumbled data shouldnt I? Also the addition to checkout_process shouldnt carry the <?php - ?> but it should in orders.php. Can you just confirm for me what the end result should be cos it dont appear to be working for me. ta. CC. Quote
Waza04 Posted May 5, 2003 Posted May 5, 2003 CC, Yes aswell as two new files in the incules/functios... Warren Quote
Guest Posted May 5, 2003 Posted May 5, 2003 ok i have posted an update, it adds the code suggested by warren earlier and sorts a couple of minor errors in the readme that appear to have caused a little confusion. If you are upgrading from a previous version remember to add the 2 new function files in admin/includes/functions/decrypt.php and catalog/includes/functions/encrypt.php as well as add calls to these files at the bottom of admin & catalog includes/functions/general.php there are also 2 minor changes in catalog/checkout_process.php and admin/orders.php here's the link http://www.oscommerce.com/community/contributions,1148 cheers barry Quote
CC Posted May 6, 2003 Posted May 6, 2003 hmmm... Well I have followed it all to the 'T' And although there are no errors or problems along the way, and it all seems fine, I am not getting an encrypted CC number in my Database. :? Like I say, I dont get errors either. Can you just confirm the idea is that the numbers should be encrypted in the DB, so rather than looking like 4111111111111111 they should look more like *&$(^($(^($)(?$)))% Or whatever...? Because I get no encrypted data in my DB, it all looks the same as it was input from the customer side of things... If you can just answer that for me it would help. ta. CC. Quote
Guest Posted May 6, 2003 Posted May 6, 2003 how are you viewing you db? I also assume that you have turned on CC encryption in the cc module admin. that aside, yes if you view raw db data for the cc number then it should just be garbled, rendering it useless if your database is compromised. cheers barry Quote
Guest Posted May 6, 2003 Posted May 6, 2003 Additionally, note that this mod will only encrypt data entered after the mod is installed and activated and not exisitng bata in your db. cheers barry Quote
CC Posted May 7, 2003 Posted May 7, 2003 Well I am a little unsure as to my problems, but I think I may have cocked up with a newbie error, uploading in binary and not ascii. Anyway, just tried it again after reuploading and and double checking the upload type was right and it works perfectly. Cheers mate, a quality mod! :D CC. Quote
Guest Posted May 7, 2003 Posted May 7, 2003 Well I am a little unsure as to my problems, but I think I may have cocked up with a newbie error, uploading in binary and not ascii. Anyway, just tried it again after reuploading and and double checking the upload type was right and it works perfectly. Cheers mate, a quality mod! :D CC. Ah well, it happens to the best of us :wink: Glad you're happy with it cheers barry Quote
Starkness Posted May 27, 2003 Posted May 27, 2003 Hi, Will this module be included with the new release of oscommerce that is upcoming? I am asking because I don't know how to add this to the existing oscommerce installatin I have. I had my tech support guys do the install. I don't want to operate the cart without cc #'s being encrypted though. Thanks for any help. Quote Thanks! Starkness
Snowman Posted May 30, 2003 Posted May 30, 2003 Barry ...well done i experimented for quite some time with an encryption/decryption system i was workign on but i just couldnt get ti to work correctly. Quote
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.