Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] CC_CVV now with CC Encryption


Guest

Recommended Posts

I have just uploaded an update to my cc contribution which add encryptio/decryption functionality.

 

It allows encryption of the cc number as it is inserted into the database and is only decrypted in admin/orders.php when the number needs to be displayed.

 

At no point is the raw number stored in the db

 

 

hopefully this is useful to you guys

 

almost forgot, here's the link

 

http://www.oscommerce.com/community/contri...ons,1148/page,2

 

cheers

barry

Link to comment
Share on other sites

Thanks,

Work Brilliantly!!

 

However,

Found these bugs during install:

 

The code that should be in checkout_process.php should be:

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedatain($cipher_data,$key);

 }

 

NOT:

<?php

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

 }

?>

 

 

The code that should be in admin/orders.php should be:

if ($order->info['cc_type'] !=0000000000000000) {

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

}

 }

 

NOT:

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

}

 

Hope that helps!!

And thanks for this brilliant contribution!!

 

PS Any more info on CC Validation?

Warren

Link to comment
Share on other sites

Ooopppss...

 

Sorry, Small mistake!!

Warren

 

 

The code that should be in admin/orders.php should be:

if ($order->info['cc_number'] != '0000000000000000') {

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

}

 }

 

NOT:

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

}

Link to comment
Share on other sites

Actually, i posted that lot at like 3.30 am and should really have waited till this morning and checked it over, anyway it's done now, here's the proper changes.

 

in catalog/checkout_process.php

 

the additions should be;

<?php

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $plain_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedatain($plain_data,$key);

 }

?>    

 

and in admin/orders.php

 

the additions should be

<?php

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

 }

?>    

 

sorry for any confusion there guys, must get more sleep.

 

cheers

barry

Link to comment
Share on other sites

Ok,

But what about after the number has been cleared!!!

 

Using this - it will see if it has been cleared and NOT decrypt the output becuase there is no need to:

 

if ($order->info['cc_number'] != '0000000000000000') {

if ( strtolower(CC_ENC) == 'true' ) {

 $key = changeme;

 $cipher_data = $order->info['cc_number'];

 $order->info['cc_number'] = changedataout($cipher_data,$key);

}

 }

 

Warren

Link to comment
Share on other sites

warren i will add that to the next release which will include an improved card recognition validation class. This will be database driven and will read the bin numbers from the database.

 

I should have that done by the end of the day or first thing tomorrow.

 

cheers

barry

Link to comment
Share on other sites

warren i will add that to the next release which will include an improved card recognition validation class. This will be database driven and will read the bin numbers from the database.

 

I should have that done by the end of the day or first thing tomorrow.

 

cheers

barry

 

Brilliant - I can not wait!!!

 

If there is anything that I could test or help with,

Just give me a shout!!

 

Thanks,

Warren

Link to comment
Share on other sites

i will pm you later regarding the testing of the code, hopefully then it will be an error free release.

 

cheers

barry

Link to comment
Share on other sites

Forgive me for being lazy Bazza. :wink:

 

But I am hoping you can tell me if the additions to the checkout_process.php and the addition to the admin/orders.php is all that is required in order to add the encryption/decryption to the mod?

 

I have this installed with a few changes of my own already and dont want to do a fresh install, can you tell me if I am right in thinking that is the correct upgrade route?

 

Cheers bud.

 

CC.

Link to comment
Share on other sites

Forgive me for being lazy Bazza. :wink:

 

But I am hoping you can tell me if the additions to the checkout_process.php and the addition to the admin/orders.php is all that is required in order to add the encryption/decryption to the mod?

 

I have this installed with a few changes of my own already and dont want to do a fresh install, can you tell me if I am right in thinking that is the correct upgrade route?

 

Cheers bud.

 

CC.

 

don't worry, i would like the same info if i were you :)

 

i slotted it straight into my live site with the changes detailed in the following files

 

catalog/includes/functions/encrypt.php

catalog/includes/functions/general.php (includes call to the above file)

catalog/checkout_process.php

 

admin/includes/functions/decrypt.php

admin/includes/functions/general.php (includes call to the above file)

admin/orders.php

 

it should be fairly painless to add to an existing live site with my mod already installed. If you also add in the little bit of code that warren posted earlier

if ($order->info['cc_number'] != '0000000000000000') {

This additional if statement goes into the code for admin/orders.php

 

hope this helps

 

cheers

barry

 

p.s. i forgive you for being lazy, it is a bank holiday after all :D

Link to comment
Share on other sites

Well I have all the files in and updated, but I dont see an exncrypted cc number in my db.

 

I just see it the same as it was input.

 

Surely I should be seeing a load of jumbled data shouldnt I?

 

Also the addition to checkout_process shouldnt carry the <?php - ?> but it should in orders.php.

 

Can you just confirm for me what the end result should be cos it dont appear to be working for me.

 

ta.

 

CC.

Link to comment
Share on other sites

ok i have posted an update, it adds the code suggested by warren earlier and sorts a couple of minor errors in the readme that appear to have caused a little confusion.

 

If you are upgrading from a previous version remember to add the 2 new function files in

admin/includes/functions/decrypt.php

and

catalog/includes/functions/encrypt.php

 

as well as add calls to these files at the bottom of admin & catalog includes/functions/general.php

 

there are also 2 minor changes in catalog/checkout_process.php and admin/orders.php

 

here's the link

 

http://www.oscommerce.com/community/contributions,1148

 

cheers

barry

Link to comment
Share on other sites

hmmm...

 

Well I have followed it all to the 'T'

 

And although there are no errors or problems along the way, and it all seems fine, I am not getting an encrypted CC number in my Database. :?

 

Like I say, I dont get errors either.

 

Can you just confirm the idea is that the numbers should be encrypted in the DB, so rather than looking like 4111111111111111 they should look more like *&$(^($(^($)(?$)))% Or whatever...?

 

Because I get no encrypted data in my DB, it all looks the same as it was input from the customer side of things...

 

If you can just answer that for me it would help.

 

ta.

 

CC.

Link to comment
Share on other sites

how are you viewing you db?

 

I also assume that you have turned on CC encryption in the cc module admin.

 

that aside, yes if you view raw db data for the cc number then it should just be garbled, rendering it useless if your database is compromised.

 

cheers

barry

Link to comment
Share on other sites

Additionally, note that this mod will only encrypt data entered after the mod is installed and activated and not exisitng bata in your db.

 

 

cheers

barry

Link to comment
Share on other sites

Well I am a little unsure as to my problems, but I think I may have cocked up with a newbie error, uploading in binary and not ascii.

 

Anyway, just tried it again after reuploading and and double checking the upload type was right and it works perfectly.

 

Cheers mate, a quality mod! :D

 

CC.

Link to comment
Share on other sites

Well I am a little unsure as to my problems, but I think I may have cocked up with a newbie error, uploading in binary and not ascii.

 

Anyway, just tried it again after reuploading and and double checking the upload type was right and it works perfectly.

 

Cheers mate, a quality mod! :D

 

CC.

 

Ah well, it happens to the best of us :wink:

 

Glad you're happy with it

 

 

cheers

barry

Link to comment
Share on other sites

  • 3 weeks later...

Hi,

 

Will this module be included with the new release of oscommerce that is upcoming?

 

I am asking because I don't know how to add this to the existing oscommerce installatin I have. I had my tech support guys do the install. I don't want to operate the cart without cc #'s being encrypted though.

 

Thanks for any help.

Thanks!

 

Starkness

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...