Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2008
    Posts
    60
    Plugin Contributions
    0

    Default Deleting all credit card info in admin - Ceon Manual Card

    Okay, I'll get this said and out of the way right off. My client is dead set on offline processing of credit cards. I've talked to them multiple times about this, trying to convince them to go with a payment gateway, but they've been doing it offline for going on 20 years and don't want to change for various reasons. Therefore, please don't post arguments here against offline processing. You'd just be preaching to the choir. It's not my decision to make, and the client has spoken.

    That having been said, I am now trying to make this store as compliant as possible with the PCI Security Standards. Those standards say that ALL stored credit card information must be encrypted in one way or another, including cardholder name, expiration date, etc. In Zen Cart, the credit card number itself is not a problem since the number is truncated. The problem is the rest of it.

    Since I can't think of a way to encrypt/truncate the expiration date, cardholder name and everything else yet still enable the accounting department to retrieve it to process the order, the only thing I can think of doing is setting things up so that, once the accounting dept. has retrieved the info, there would be links to delete all that stuff from the database. In that way, none of it would be stored except during the time between the order coming in and them getting online to get the info.

    I noticed that when Zen Cart's offline processing is set to collect the CVV number, in the order record there is a link for deleting it from the database. I would like to implement that for all the other info as well. I found the code in orders.php that controls the delete function for the CVV (included below).

    Code:
          case 'delete_cvv':
            $delete_cvv = $db->Execute("update " . TABLE_ORDERS . " set cc_cvv = '" . TEXT_DELETE_CVV_REPLACEMENT . "' where orders_id = '" . (int)$_GET['oID'] . "'");
            zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('action')) . 'action=edit', 'NONSSL'));
            break;
    Code:
                <td class="main"><?php echo $order->info['cc_cvv'] . (zen_not_null($order->info['cc_cvv']) && !strstr($order->info['cc_cvv'],TEXT_DELETE_CVV_REPLACEMENT) ? '&nbsp;&nbsp;<a href="' . zen_href_link(FILENAME_ORDERS, '&action=delete_cvv&oID=' . $oID, 'NONSSL') . '" class="noprint">' . TEXT_DELETE_CVV_FROM_DATABASE . '</a>' : ''); ?><td>
    I was wondering if someone could help guide me on how to do the same thing for cardholder name, expiration date, credit card number, and all other credit card info.

    By the way, the store will not be using the Zen Cart Offline CC processing module. It will be using the Ceon Manual Card add-on module, which keeps the CC info encrypted throughout the checkout process.

  2. #2
    Join Date
    Nov 2008
    Posts
    60
    Plugin Contributions
    0

    Default Re: Deleting all credit card info from order records in admin

    Here's an update on my progress. I've managed to figure out how to delete the other info, but it's not exactly working right. When you delete the CVV from the record (the built-in feature of offline cc processing), the number is replaced with the word "Deleted", and the link to delete it disappears. In my coding test, I set the cc expiration date to have the option to delete it. However, when I click on that link, the date is replaced with "Dele", and the delete link does not disappear. Obviously, the reason why "Delete" is cut off is because the field is set to be no more that 4 digits long in the database. I can fix that. But I don't know why the delete link isn't disappearing. There must be some other piece of the puzzle, but I don't know where it is. Using a search in the Developer's Tool Kit, I've looked at all the code that has to do with the CVV number in the various files, but I can't find any that has something to do with making that delete link go away after it's been clicked. I suppose there could be a javascript somewhere that controls it, but I can't find it.

 

 

Similar Threads

  1. Ceon Manual Card 2.2.2
    By Forum5 in forum Addon Payment Modules
    Replies: 7
    Last Post: 6 Jun 2012, 03:11 AM
  2. Ceon Manual Card
    By lcarlo1507 in forum Addon Payment Modules
    Replies: 6
    Last Post: 20 Aug 2011, 04:22 AM
  3. Replies: 1
    Last Post: 26 Oct 2009, 03:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR