[Contribution] Credit Card Fraud Detection Service

[John Doswell]

ok i have deleted the last line and still get

Warning: Cannot modify header information - headers already sent

 

regards john

[magicproshop]

Noel,

 

I am running a pretty heavily modded MS2 release. Any reasons why the maximind database is not populating?

[nrlatsha]

RobinsonDixon - You'll need those lines in HTTPBase.php. When I said to delete the last line in HTTPBase, I should have said, delete the last line, the extra line after the last ?>. Check CreditCardFraudProtection.php for an extra line after the last ?> as well.

 

magicproshop - Yours has to do with Auth.net that I haven't quite solved yet (read: had to sleep) but I'll take a closer look at that now. I'll get a testing script together for you to test with to see what errors you may be getting...

[nrlatsha]

magicproshop - All right, we'll start from the beginning here and work our way down to the end...

 

1. Copy and save this test file as testmax.php or something and put it in your catalog/admin folder:

 

<?php
/*
 $Id: testmax.php,v 1.43 2004/05/21 22:50:51 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2004 osCommerce

 Released under the GNU General Public License
 
 Noel Latsha, www.nabcomdiamonds.com
*/

// A couple of countries have to ruin it for everyone...

require('includes/application_top.php');

       
 // $oID = $insert_id;
 $oID = 10; // for testing, set this to a number of an order in your database that used CC to purchase
       
//Enter your license key here
$h["license_key"] = "XXXXXXX";

// *************************************



 $check_status_query = tep_db_query("select customers_name, customers_street_address, customers_city, customers_postcode, customers_state, customers_country, customers_email_address from " . TABLE_ORDERS . " where orders_id = '" . (int)$oID . "'");
      $check_status = tep_db_fetch_array($check_status_query);
 
 $check_country_query = tep_db_query("select countries_iso_code_2 from " . TABLE_COUNTRIES . " where countries_name = '" . $check_status['customers_country'] . "'");
       $check_country = tep_db_fetch_array($check_country_query);
 
 $check_state_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_name = '" . $check_status['customers_state'] . "'");
       $check_state = tep_db_fetch_array($check_state_query);

require(DIR_WS_MODULES . 'maxmind/CreditCardFraudDetection.php');

//first we create a new CreditCardFraudDetection object
$ccfs = new CreditCardFraudDetection;

//Modify a few variables to match what MaxMind is expecting.
$string = $sql_data_array['cc_number'];
$cc = substr($string, 0, 6); 

$str = $check_status['customers_email_address'];
list ($addy, $domain) = split ('[@]', $str);

//next we set inputs and store them in a hash
$h["i"] = $REMOTE_ADDR;    // set the client ip address
$h["domain"] = $domain; // set the Email domain 
$h["city"] = $check_status['customers_city'];    // set the billing city
$h["region"] = $select_state['zone_code'];        // set the billing state
$h["postal"] = $check_status['customers_postcode'];     // set the billing zip code
$h["country"] = $check_country['countries_iso_code_2'];       // set the billing country
// $h["bin"] = $cc;       // set bank identification number - Obviously can't use this testing


// If you want Secure HTTPS and you have Curl and OpenSSL installed
// and the php curl binding then
// uncomment the next line with the word isSecure

$ccfs->isSecure = 1;

//next we pass the input hash to the server
$ccfs->input($h);

//then we query the server
$ccfs->query();

//then we get the result from the server
$h = $ccfs->output();

//then finally we print out the result
$outputkeys = array_keys($h);
$sql_data_array = array(                       
      'order_id' => $insert_id,
                        'distance' => $h['distance'],
                        'country_match' => $h['countryMatch'],
                        'country_code' => $h['countryCode'],
                        'free_mail' => $h['freeMail'],
                        'anonymous_proxy' => $h['anonymousProxy'],
                        'score' => $h['score'],
                        'bin_match' => $h['binMatch'],
                        'bin_country' => $h['binCountry'],
                        'err' => $h['err'],
                        'proxy_score' => $h['proxyScore'],
                        'spam_score' => $h['spamScore'],
                        'bin_name' => $h['binName'],
                        'ip_isp' => $h['ip_isp'],
                        'ip_org' => $h['ip_org']);

tep_db_perform(TABLE_ORDERS_MAXMIND, $sql_data_array);
                        

$numoutputkeys = count($h);
for ($i = 0; $i < $numoutputkeys; $i++) {
 $key = $outputkeys[$i];
 $value = $h[$key];
 print $key . " = " . $value . "\n";
 echo '<br>';
}
?>

 

3. Modify that file to represent an order # in your database that has paid with a creditcard on this line:

 

$oID = 10; // for testing, set this to a number of an order in your database that used CC to purchase

 

4. Go to that file via your web browser and you should see if it is working or the error message you are getting. Paste that info back here and we'll go from there.

[magicproshop]

Noel,

 

When I upload and access the test file from the catalog side the script worked (results below)

countryMatch = Yes

countryCode = US

freeMail = No

anonymousProxy = No

score = 0.00

binMatch = NA

binCountry =

err =

proxyScore = 0.00

spamScore = 0.00

binName =

ip_isp = AT&T WorldNet Services

ip_org = Mediacom Communications Corp

 

However when I access the test file from the admin side I recieve the following error.

Warning: main(includes/modules/maxmind/CreditCardFraudDetection.php): failed to open stream: No such file or directory in /home/talk2mag/public_html/newstore2/admin/testmax.php on line 39

 

Fatal error: main(): Failed opening required 'includes/modules/maxmind/CreditCardFraudDetection.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/talk2mag/public_html/newstore2/admin/testmax.php on line 39

 

If I upload the following files the admin side (ie /includes/modules/maxmind/) I no don't recieve the error message.

maxmind.php

HTTPBase.php

CreditCardFraudProtection.php

Thank you again for your help, I can't thank you enough.

 

Take care

[nrlatsha]

And is the databse table order_maxmind getting populated with the results?

[stevel]

I have this working for my site now - thanks. I made some minor changes that probably don't matter for most people.

 

One thing though is that, in maxmind.php, the lines of code after the call to tep_db_perform can be removed (leaving just the closing ?> - that code is left over from Maxmind's example.

 

Also, if you have a license key from Maxmind, specify it as follows:

 

$h["license_key"] = "yourkeygoeshere"

[magicproshop]

Yes, I now have a database table with many results populated. However the "order_id" field does not contain any results, I don't know if this is normal or not.

 

Thanks

Edited May 24, 2004 by magicproshop

[nrlatsha]

stevel - good point, missed that, will remove it for the next upload, which will probably have to include something special for Authorize.net. Do you happen to use auth.net for cc processing, and if so, does it work? I'm curious if this is an issue with just that specific contrib magic is using.

 

magicproshop - I missed that in the example, but it will populate that when it does it in conjunction with an order. Now I just have to figure out auth.net code to get this working with that contrib.

[stevel]

I just use the default cc module - no gateway.

[nrlatsha]

magicproshop - Step 2:

 

1. open checkout_process and find this:

 

	if(MODULE_PAYMENT_AUTHORIZENET_STATUS) {
 include(DIR_WS_MODULES . 'authorizenet_direct.php');
}

 

Replace with this:

 

if(MODULE_PAYMENT_AUTHORIZENET_STATUS) {
 include(DIR_WS_MODULES . 'authorizenet_direct.php');
 require(DIR_WS_MODULES . 'maxmind/maxmind.php');  
}

 

Run a test order and check the database to see if that order_maxmind table was populated with your test order.

 

2. Report your findings here.

[nrlatsha]

magicshoppro - Step 3 (Sorry, getting ahead of myself)

 

1. in admin/orders.php

 

find this:

 

  <td><table border="0" cellspacing="0" cellpadding="2">
   <tr>
   <td class="main"><b><?php echo ENTRY_PAYMENT_METHOD; ?></b></td>
   <td class="main"><?php echo $order->info['payment_method']; ?></td>
 </tr>
<?php

 

Add the code you added before after that, like this:

 

  <td><table border="0" cellspacing="0" cellpadding="2">
   <tr>
   <td class="main"><b><?php echo ENTRY_PAYMENT_METHOD; ?></b></td>
   <td class="main"><?php echo $order->info['payment_method']; ?></td>
 </tr>

<? // Addition for MaxMind CC check

$check_maxmind_query = tep_db_query("select distance, country_match, country_code, free_mail, anonymous_proxy, score, bin_match, bin_country, err, proxy_score, spam_score, bin_name, ip_isp, ip_org from " . TABLE_ORDERS_MAXMIND . " where order_id = '" . (int)$oID . "'");
$maxmind_query = tep_db_fetch_array($check_maxmind_query);


?>
         </tr>
   </table>
   <table width="75%">
   <tr>
  	 <td class="main"><?php echo '<br><br><b>MAXMIND</b>' . '   ' . MAXMIND_SCORE . '<b>' . $maxmind_query['score'] . '</b>'; ?></td>
   </tr>
   <tr>
     <td class="main"><?php echo MAXMIND_DISTANCE . '<b>' . $maxmind_query['distance'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_COUNTRY . '<b>' . $maxmind_query['country_match'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_CODE . '<b>' . $maxmind_query['country_code'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_FREE_EMAIL . '<b>' . $maxmind_query['free_mail'] . '</b>'; ?></td>
   </tr>
   <tr>
     <td class="main"><?php echo MAXMIND_ANONYMOUS . '<b>' . $maxmind_query['anonymous_proxy'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_BIN_MATCH . '<b>' . $maxmind_query['bin_match'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_BIN_COUNTRY . '<b>' . $maxmind_query['bin_country'] . '</b>'; ?></td>
     <td class="main"><?php echo MAXMIND_ERR . '<b>' . $maxmind_query['err'] . '</b>'; ?></td>
   </tr>
   <tr> 
	 <td class="main"><?php echo MAXMIND_PROXY_SCORE . '<b>' . $maxmind_query['proxy_score'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_SPAM . '<b>' . $maxmind_query['spam_score'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_BIN_NAME . '<b>' . $maxmind_query['bin_name'] . '</b>'; ?></td>
	 <td class="main"><?php echo MAXMIND_IP_ISP . '<b>' . $maxmind_query['ip_isp'] . '</b>'; ?></td>
   </tr>
   <tr>
	 <td class="main"><?php echo MAXMIND_IP_ISP_ORG . '<b>' . $maxmind_query['ip_org'] . '</b>'; ?></td>
   </tr>
 
<?php // End addition for MaxMind

 

Don't forget to delete the code you added to keep this file clean.

 

Now when you go into admin, you should see the MaxMind addition....hopefully.

 

Let me/thread know...

[magicproshop]

Noel,

 

When I go into the admin I do see the MaxMind Info however it is not displaying properly.

MAXMIND?  MAXMIND_SCORE

MAXMIND_DISTANCE MAXMIND_COUNTRY MAXMIND_CODE MAXMIND_FREE_EMAIL

MAXMIND_ANONYMOUS MAXMIND_BIN_MATCH MAXMIND_BIN_COUNTRY MAXMIND_ERR

MAXMIND_PROXY_SCORE MAXMIND_SPAM MAXMIND_BIN_NAME MAXMIND_IP_ISP

MAXMIND_IP_ISP_ORG

Now when I try to place an order I get the following error. This error is genereated when I hit the "confirm order" button.

Warning: main(includes/modules/maxmind/maxmind.php): failed to open stream: No such file or directory in /home/talk2mag/public_html/newstore2/checkout_process.php on line 113

 

Fatal error: main(): Failed opening required 'includes/modules/maxmind/maxmind.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/talk2mag/public_html/newstore2/checkout_process.php on line 113

 

Any ideas?

Edited May 24, 2004 by magicproshop

[nrlatsha]

Noel,

 

When I go into the admin I do see the MaxMind Info however it is not displaying properly. 

MAXMIND?? MAXMIND_SCORE

MAXMIND_DISTANCE MAXMIND_COUNTRY MAXMIND_CODE MAXMIND_FREE_EMAIL

MAXMIND_ANONYMOUS MAXMIND_BIN_MATCH MAXMIND_BIN_COUNTRY MAXMIND_ERR

MAXMIND_PROXY_SCORE MAXMIND_SPAM MAXMIND_BIN_NAME MAXMIND_IP_ISP

MAXMIND_IP_ISP_ORG

Now when I try to place an order I get the following error. This error is genereated when I hit the "confirm order" button.

Warning: main(includes/modules/maxmind/maxmind.php): failed to open stream: No such file or directory in /home/talk2mag/public_html/newstore2/checkout_process.php on line 113

 

Fatal error: main(): Failed opening required 'includes/modules/maxmind/maxmind.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/talk2mag/public_html/newstore2/checkout_process.php on line 113

 

Any ideas?

You need to make sure you added the lines to admin's english.php per the instructions.

 

Make sure those files are there in catalog/includes/modules/maxmind/ folder.

[bglkk]

Hi Noel.

 

Nice contribution, thanks. It's working fine with Linkpoint. The Bin Match, Bin Country, and Bin Name fields aren't populating, but it turns out that only registered MaxMind users get Bin Match, and only paid users get Bin Country and Bin Name.

[stevel]

I'm a registered, free user and I get Bin Country and Bin Name just fine.

[nrlatsha]

bglkk - Glad you like it

 

I don't get Bin Name at all, Bin Match and Bin Country yeah, but not Bin Name...

 

Alright, Linkpoint, Authorize.net and default CC module down, 8 million more to go...

[nrlatsha]

I just upgraded to premium services.

 

It offers the following:

 

Bank Name

Credit Card's registered address city

IP address region (It shows state for me)

IP address Latitude and Longitude (Put your finger right on them!)

 

Thought that was pretty cool.

 

I will be updating this contrib over the next couple of days with this new information in case any other store owners want to upgrade, its already included in the files...

 

You can see what the new parts will look like here: http://www.nabcomdiamonds.com/catalog/images/maxmind2.jpeg

 

Right now though.... gotta go to work :(

[stevel]

To Maxmind, "region" = state.

[stevel]

I have found a major problem with this contribution - I don't know if it's generic or due to a change I made. The issue is that with the contribution installed, one does not get the "split credit card" emails from the default cc module. I don't know why this is - all I can think of is that something is stomping on a variable that the "after_process" code in cc.php uses. If I move the use of maxmind.php to after all the processing, it works (I have modified it to pull all the info out of $order rather than $sql_data_array.) Curiously, the customer e-mail works fine.

 

I stared at this for a while and can't figure it out. I may not have time in the near future to debug this.

[kenb]

I installed the Maxmind contribution and did not see anything in the orders detail screen. I ran the test script you provided for magicproshop and got returns from Maxmind as well as data in the database in the orders_maxmind table. After this, I moved the code in admin/orders.php as suggested to magicproshop:

 

AFTER:

<td><table border="0" cellspacing="0" cellpadding="2">
  <tr>
  <td class="main"><b><?php echo ENTRY_PAYMENT_METHOD; ?></b></td>
  <td class="main"><?php echo $order->info['payment_method']; ?></td>
</tr>
<?php

 

I ADDED:

<td><table border="0" cellspacing="0" cellpadding="2">
  <tr>
  <td class="main"><b><?php echo ENTRY_PAYMENT_METHOD; ?></b></td>
  <td class="main"><?php echo $order->info['payment_method']; ?></td>
</tr>

<? // Addition for MaxMind CC check

$check_maxmind_query = tep_db_query("select distance, country_match, country_code, free_mail, anonymous_proxy, score, bin_match, bin_country, err, proxy_score, spam_score, bin_name, ip_isp, ip_org from " . TABLE_ORDERS_MAXMIND . " where order_id = '" . (int)$oID . "'");
$maxmind_query = tep_db_fetch_array($check_maxmind_query);


?>
        </tr>
  </table>
  <table width="75%">
  <tr>
   <td class="main"><?php echo '<br><br><b>MAXMIND</b>' . '   ' . MAXMIND_SCORE . '<b>' . $maxmind_query['score'] . '</b>'; ?></td>
  </tr>
  <tr>
    <td class="main"><?php echo MAXMIND_DISTANCE . '<b>' . $maxmind_query['distance'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_COUNTRY . '<b>' . $maxmind_query['country_match'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_CODE . '<b>' . $maxmind_query['country_code'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_FREE_EMAIL . '<b>' . $maxmind_query['free_mail'] . '</b>'; ?></td>
  </tr>
  <tr>
    <td class="main"><?php echo MAXMIND_ANONYMOUS . '<b>' . $maxmind_query['anonymous_proxy'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_BIN_MATCH . '<b>' . $maxmind_query['bin_match'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_BIN_COUNTRY . '<b>' . $maxmind_query['bin_country'] . '</b>'; ?></td>
    <td class="main"><?php echo MAXMIND_ERR . '<b>' . $maxmind_query['err'] . '</b>'; ?></td>
  </tr>
  <tr>
 <td class="main"><?php echo MAXMIND_PROXY_SCORE . '<b>' . $maxmind_query['proxy_score'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_SPAM . '<b>' . $maxmind_query['spam_score'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_BIN_NAME . '<b>' . $maxmind_query['bin_name'] . '</b>'; ?></td>
 <td class="main"><?php echo MAXMIND_IP_ISP . '<b>' . $maxmind_query['ip_isp'] . '</b>'; ?></td>
  </tr>
  <tr>
 <td class="main"><?php echo MAXMIND_IP_ISP_ORG . '<b>' . $maxmind_query['ip_org'] . '</b>'; ?></td>
  </tr>

<?php // End addition for MaxMind

 

After doing this, I see the titles on the order details page but no data is present. I am sure my problem is due to the use of SurePay as my credit card processor. The SurePay contribution I have installed is available at:

 

http://www.oscommerce.com/community/contri...ons,412/page,11

 

I think my only problem is where to put:

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

in order to connect it with the SurePay module. Any help is greatly appreciated!

[sefu]

Great mod!!

I had no problem installing it on MS1, so far so good!

I currently have a mod installed which is prohibiting the BIN search to work. I have a mod which encryptes the cc number into the DB and requires a line of code to decrypt it. The mod is found here

http://www.oscommerce.com/community/contri...arch,encryption

 

I have a feeling that the cc is be encrypted and then being sent to maxmind, and of course it will not work as they are not valid cc numbers being sent. Does anyone know how to solve this problem?

[stevel]

You could split off the first six digits for the BIN before the encryption and save it.

[nrlatsha]

Sorry for the late replies here guys. I've had back problems and an highly medicated. As you can guess, its hard to try to look at code when you're highly medicated...

 

kenb - Try the same example you used, but use it with an order id already in your orders table. It should put it into your maxmind table (Like you tested already.) Then when you go into admin, it should be able to pull up the maxmind info for that order. Then we can see if the problem is when it is getting called for a new order, or if its a problem with the query. You're probably right, its a problem with where its getting called in the order process. I didn't see any changes that were made to order conf with surepay though. Unless I missed something, which I very well could have...

 

sefu -Try changin this part in maxmind.php:

 

$string = $sql_data_array['cc_number'];
$cc = substr($string, 0, 6);

 

To this:

 

$cc = substr($plain_data, 0, 6);

 

stevel -I'll have to look at that one more, but it does seem weird, all variables are different and I don't see anything that would stop it from getting those emails out...

 

magicproshop - Did the final changes get everything to work?

 

Let me know if this stuff works guys. I'm not in the best mind state right now, but didn't want to leave anybody hanging.

[kenb]

nrlatsha - Thanks for the reply! Hope all goes well with your back! I tried the maxmind.php change you suggested, and it did not work. I also ran the test script in reference to an existing order and the data did not get displayed in the order details. One thing I noticed is that during the checkout process or any other time, I am not trying to access www.maxmind.com. I have been keeping an eye on my browser's status bar and have not seen any attempts to connect to Maxmind. I'm stumped!