Rodland Posted July 8, 2003 Share Posted July 8, 2003 If I had the technical skills to do this I would do it myself, so if anyone fancies a challenge or a nice favour I would appreciate it big time: The following are two modules to encrypt and decrypt cc# details for merchants who prefer to process the orders via their credit card terminal provided by their banks: 1) http://www.oscommerce.com/community/contributions,611 This uses a GPG public key to encrypt the middle 8 digits before sending it to a merchants email address. (you need to download 0.92 - not just 0.94). The merchant decrypts this data on their personal computer via their private key and processes the order manually. 2) http://www.oscommerce.com/community/contributions,1148 This is similar in that it encrypts and decrypts the cc# numbers, but it does this by encrypting the cc# numbers to the database and decrypting the cc# numbers to the clients browser, once the client has sucessfully logged in the the admin section. This contribution has more features than the one above (cvv, cc blacklist etc.). However, I perceive it to be less secure than the GPG version (I may be wrong here). However, what I do think is that a combination of the two modules would be an awesomely module and very secure. For instance, the second contribution is used as the base point. It stores the cc# details encrypted in the database and reveals the decrypted cc# numbers to the client who has logged in, BUT the middle 8 digits are XXXXXXXX out. These middle 8 digits are sent to the GPG module and encrypted before being sent to the merchants email address. In other words the best of both words. Not only are the middle 8 digits encrypted and sent by email to the users computer who has the private key but the rest of the numbers are also encrypted in the database and revealed only to the person who has successfully logged in. What do other users think? CMR Link to comment Share on other sites More sharing options...
Guest Posted July 8, 2003 Share Posted July 8, 2003 To do this, change (in cc.php from the cvv contribution): function after_process() { global $insert_id; if ( (defined('MODULE_PAYMENT_CC_EMAIL')) && (tep_validate_email(MODULE_PAYMENT_CC_EMAIL)) ) { $message = 'Order #' . $insert_id . "nn" . 'Middle: ' . $this->cc_middle . "nn" . 'CVV:' . $this->cc_cvv . "nn" . 'Start:' . $this->cc_start . "nn" . 'ISSUE:' . $this->cc_issue . "nn"; tep_mail('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } } to function after_process() { global $HTTP_POST_VARS, $insert_id; if ( (defined('MODULE_PAYMENT_CC_EMAIL')) && (tep_validate_email(MODULE_PAYMENT_CC_EMAIL)) && (defined('MODULE_PAYMENT_CCGPG_ENCRYPT')) && (MODULE_PAYMENT_CCGPG_ENCRYPT == 'GPG') ) { $message = 'Order #' . $insert_id . "nn" . 'Middle: ' . $this->cc_middle . "nn" . 'CVV: ' . $this->cc_cvv . "nn" . 'Start: ' . $this->cc_start . "nn" . 'ISSUE: ' . $this->cc_issue . "nn"; $tmpToken = md5(uniqid(rand())); $plainTxt = "/home/equine-m/temp/" . "$tmpToken" . "anca"; $crypted = "/home/equine-m/temp/" . "$tmpToken" . "anca.asc"; $gpghome="/home/equine-m/"; //where is your pubring? That dir has to have write access. $gpgpath="gpg"; //where is the executable $gpgrecipient="Glen Ross (emailkey) <[email protected]>"; //the key used for encryption $fp = fopen($plainTxt, "w+"); fputs($fp, $message); fclose($fp); system("export HOME=" . $gpghome . ";" . $gpgpath . " --batch --always-trust --quiet --no-secmem-warning --compress-algo 1 -ear '" . $gpgrecipient . "' $plainTxt"); $fd = fopen($crypted, "r"); $message = fread($fd, filesize($crypted)); fclose($fd); unlink($plainTxt); unlink($crypted); tep_mail('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } } I think that's it, except for modifying the GPG info to match your system. Good luck, Matt Link to comment Share on other sites More sharing options...
Rodland Posted July 8, 2003 Author Share Posted July 8, 2003 wow! if this works!!!!!!! .. not sure if the current ccgpg module works with ms1 though, so hope this does work!! I'll give it a try and let you know. Super million thanks! Christian Link to comment Share on other sites More sharing options...
Rodland Posted July 10, 2003 Author Share Posted July 10, 2003 Tried it but got this error in the payments modules of the admin pages: Parse error: parse error, unexpected T_STRING in /home/httpd/vhosts/mydomain.com/httpdocs/catalog/includes/modules/payment/cc.php on line 913 Funny thing though the file cc.php doesn't have 913 lines! Any ideas ? CMR Link to comment Share on other sites More sharing options...
Guest Posted August 10, 2003 Share Posted August 10, 2003 Probably a bit late now, but that error suggests that one of the (, ', or " is missing the other ), ', or ". That may be a problem in the posted code, or it may have been a typing error. Hth, Matt Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.