Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Module Payment - where is info coming from?

    I think I'm going to be completely bald before I get this task accomplished! I was going to upgrade from v1.3.0 to v1.3.8, mainly to fix a problem...kill two birds... Since it's going to take an enormous amount of time to do that I'm just trying to upload the modules that deal with emailing credit card info to the owner. It was missing the cc middle #'s and missing the CVV number. I've now gotten it to send the cc #'s correctly but not the CVV.
    Right now I'm working on the file: store/includes/modules/payment
    When I replaced this file, it still comes up with the info it had before. As in, when I look at the file from admin, it has all fields already filled in. In looking at the code of this module, I can't figure out where it is getting this information to fill in. Can someone explain where the info is coming from. And if possible, tell me what files I need to upload to try to correct the problem. BTW, I've tried the 'fixes' I found in the forum but none of those have worked for the CVV.
    Any help would be appreciated.

  2. #2
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Module Payment - where is info coming from?

    What you are doing is inappropriate, dangerous and almost certainly contrary to your merchant account terms of use.

    The middle digits are deliberately kept separate from the ends to protect your customers' security.

    Putting them back together and emailing them, exposes your customers to an unacceptable level of risk. And since the card regulations covering this have been incorporated into law in many jurisdictions, may even be illegal depending upon where you are.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  3. #3
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Re: Module Payment - where is info coming from?

    Evidently I have not made myself clear. I have NO intentions of putting the cc numbers back together; as that would be a real security hazard. I was having a problem where the email to the owner with new order info was NOT showing the middle cc numbers nor the cvv number. I worked on the problem and finally got the middle cc #'s to show on the owners email as it should. But still can not get the cvv number to show even though the customer has entered it. So the owner has to call each customer to get the cvv number to finish the transaction. Now does that make sense?? I've tried all the 'fixes' I could find in the forum to fix the problem of the cvv # not showing but it still continues to be a problem, hence my call for help.
    I did fail to mention that I had a Trojan on the site, which is now gone and taken care of. That is when all the problems started.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Module Payment - where is info coming from?

    It would be much safer for you to compare all your live site files against the original Zen Cart files, and simply reconcile the differences, cleaning up whatever damage was done by the trojan and/or hacker. A very similar exercise to the first half of the upgrade process.

    Everything in the /includes/ folder handles the storefront activity.

    I fear that telling you particular filenames will cause you to stop at fixing one thing without properly fixing *all* the damage done elsewhere, leaving you with a false sense of security that might tempt you to put the store back in operation prematurely.
    Thus, the advice is to complete the thorough cleanup of everything first.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Re: Module Payment - where is info coming from?

    Thanks. Actually I just finished comparing all the payment files and found no differences. I had compare everything in the store last night and made a looooong list of all the files that have a difference BUT that was comparing v1.3.0 to v1.3.8. That's why I decided to compare the payment files with the current (production) files with the original files. Sadly I found nothing. I'm at a loss as to what to look at next. I think I'm now going to compare the rest of the files as I just did...production against the original. I just don't know what else to do. Any suggestions would be greatly appreciated as this experience has not left a good taste for the product and I will be the first to admit that part of that has been that huge learning curve. I learned a good bit last year when I took over the site and had to make some changes. Anyway, off to start up WinMerge again...

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Module Payment - where is info coming from?

    Comparing 130 against 138 is definitely going to show a HUGE list of differences.

    If upgrading is what you're after, you want to (as the upgrade docs say):
    a) compare 130-original against 130-live. This will show you all the differences YOU (or whoever you are replacing) have made vs the originals.
    (that's also the tactic one uses to assess intrusion impact of a hacker who has altered/added files to your site).
    b) then you take ONLY YOUR DIFFERENCES, and merge them into the new version (in this case you've been talking about upgrading to 138)
    (sometimes you need to factor in upgrades to addons, and maybe a need to do some of your old customizations a different way due to structural/procedural changes in the new version)

    If you're attempting to cleanup from being hacked, then you alter step (b) above by simply identifying rogue "new" files, and removing them, and any added rogue content within existing files, by cleaning up whatever shouldn't be there.
    (Ideally you would also alter step (a) and compare against your own good known clean working backups, but if you don't have any such thing then using the original ZC files would be the natural fallback)

    That's what the Recovering From Hacks guide talks about.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Still having problem with CVV number

    I don't know where else to post this question, as it's not really a problem with upgrading. But it was my original problem that made me decide to 1) upgrade from 1.3.0 to 1.3.8 (which for now I've abanonded); 2) Found that the site was woefully behind in security patches. Only have one of those left to install. Now to the problem: My site was hacked into and also had a Trojan. It's been quite a job cleaning up the mess but I think I'm pretty much finished except, I still can't get the CVV number to email to the owner along with the middle cc#. No I'm not trying to put the cc #'s together. But when a customer puts in an order, an email is sent to the owner with the middle cc#'s along with the CVV. At first, the problem was that both were missing from the email but I've managed to get the middle cc#'s to show up but no luck with the cvv number. I've had more problems that you can believe trying to clean up this mess but one, by one, it's being done. PLEASE does anyone have a clue about the cvv number not showing in the email to owner????

  8. #8
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Still having problem with CVV number

    The cvv number WILL NEVER BE EMAILED. Never has. Never will.
    It's never been designed to do that.

    The design was intended to work like this:
    1. middle digits emailed
    2. outer digits and CVV readable by logging in to the admin area

    More information about the how-to is here: https://www.zen-cart.com/tutorials/index.php?article=67

    Furthermore, ALL FUTURE versions (after 1.3.8) will NO LONGER HAVE the "email the middle digits" module, because it's way to dangerous from a security standpoint.
    Instead, it is STRONGLY advised that you connect your store to your merchant account via a live payment gateway service. Your bank can tell you which gateways they support. If you need a service, look here: http://www.zen-cart.com/index.php?ma...es&pages_id=27
    Or if the gateway you need isn't already in Zen Cart, you might find it in the Free Addons section of this site.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Apr 2006
    Location
    West Salem, IL
    Posts
    2,739
    Plugin Contributions
    0

    Default Re: Module Payment - where is info coming from?

    In the one site left that I have that uses the cc module, it never has emailed the cvv number to the store owner, the cvv number was always on the order page in the admin.
    Mike
    GeekHost - Zen Cart Certified & PCI Compliant Hosting
    The Zen Cart Forum...Better than a monitor covered with post-it notes!

  10. #10
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Re: Module Payment - where is info coming from?

    Well CRAP!!!!!!!!!!!!!!!!!! I have spent an enormus amount of time on this so called problem! Since I have taken over this site, I have never seen the email that is sent to the owner EXCEPT when she tells me there is a problem...as I've described. So now I'm told it has NEVER shown in the email. Unless I missed someone telling me this....couldn't someone have told me this days ago before I spent so time, lost tons of sleep and pulled what hair I have left out??? But at least someone was kind enough to let me know now. You know it goes back to the ole saying...you can't assume....! But she was positive those numbers used to be on the email. I'm sooo tired and worn out I think I'm gonna cry..................

 

 

Similar Threads

  1. Where is this coming from?
    By rolo550 in forum General Questions
    Replies: 8
    Last Post: 31 Aug 2011, 07:17 AM
  2. Where is my traffic coming from?
    By HealeyV3 in forum General Questions
    Replies: 3
    Last Post: 11 Jan 2009, 08:57 PM
  3. Where is this coming from?
    By sifuhall in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 9 Oct 2008, 05:32 PM
  4. Where is this price coming from
    By powers in forum Setting Up Categories, Products, Attributes
    Replies: 3
    Last Post: 5 Sep 2007, 09:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR