Jump to content
Sign in to follow this  
bmcewan

[Contribution] CC_CVV_start date plus credit card blacklist

Recommended Posts

If i remember right there were only minor changes to bring it into line with ms1. To take it backwards you would have to watch out for the changes that are made in the order class and any changes i have listed that read, update or add to the database.

 

hope this helps

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

cheers dude.

 

I am gonna take a look and see how it goes.

Test server here I come! :D

 

CC.

Share this post


Link to post
Share on other sites

Barry, one question

 

You say your site is live, but why dont you offer SSL on the payment page?

 

Surely that is a GOT TO HAVE these days...

 

I'm puzzled.

 

CC.

Share this post


Link to post
Share on other sites

Hi Barry,

 

Great mod - I'm not sure whether I have installed it correctly though.

 

Should the Issue number be validated if a Switch card number is input?

 

jb

Share this post


Link to post
Share on other sites

it is not set up to check if an issue number has been input or not.

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

Well that would be a tricky thing to add, as it would need to check out dynamically if the card you were using was actually a Switch card or not, and then recall the fact that the Issue field was blank or not.

 

It cant be added to the check script as it isnt required for Credit Cards...

 

Quite a tricky one to sort out really.

 

CC.

Share this post


Link to post
Share on other sites
Well that would be a tricky thing to add, as it would need to check out dynamically if the card you were using was actually a Switch card or not, and then recall the fact that the Issue field was blank or not.

 

It cant be added to the check script as it isnt required for Credit Cards...

 

Quite a tricky one to sort out really.

 

CC.

 

I totally agree with you, hence why i have not even considered it thus far.

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

Could it not be added at the second stage of verification - at the moment, if you do not enable Switch payments, your mod kicks up an error message saying something like "The card number you entered is a UK Switch. At the moment, we do not accept UK Switch".

 

So you have verified that the card is a switch - could a check not be added at this stage for the issue number? I think this is in the cc_validation.php class.

Share this post


Link to post
Share on other sites

I suppose this function could be added, but it is not something that i need to develop for my own site at this time.

 

If you need further help or want to discuss it further please contact me via private message.

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

One thing I should say about this mod, is that the Issue number for Switch card transactions only has a field with a max of 1.

 

I have altered this to 2 on my site, as this WILL cause you problems later.

 

For example some cards have a 2 digit number for issue numbers, like so: '06' and some banks will not accept a payment made via a PDQ machine if the issue number is written without the '0' in front of the six, they need it exact.

 

Also I own a card that is on issue '11' so I wouldnt be able to input the correct issue number for my card into a site with a field of 1, so I would in general either call up (hassle for the store owner) or I would just go somewhere else. (Bad for the store owner)

 

So I would suggest if you are using this mod, that you extend this field to 2 to save all the possbile hassles above.

 

HTH

 

CC.

Share this post


Link to post
Share on other sites

although i was aware of that fact, for some reason i totally blanked it, dunno why, early signs of dementia me thinks :?

 

point noted.

 

steve, could you possibly post the code changes for this for easy reference for other users.

 

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

Yeh sure mate.

 

in catalog/includes/modules/payment/cc.php

 

This code sits between lines 125-139:

// ++ issue ++ cvv ++ start date

     $selection = array('id' => $this->code,

                        'module' => $this->title,

                        'fields' => array(array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_OWNER,

                                                'field' => tep_draw_input_field('cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname']) . ' ' . MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_OWNER_NOTE),

                                          array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_NUMBER,

                                                'field' => tep_draw_input_field('cc_number')),

            array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_START,

               'field' => tep_draw_pull_down_menu('cc_start_month', $start_month) . ' ' . tep_draw_pull_down_menu('cc_start_year', $start_year)),

                                          array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_EXPIRES,

                                                'field' => tep_draw_pull_down_menu('cc_expires_month', $expires_month) . ' ' . tep_draw_pull_down_menu('cc_expires_year', $expires_year)),

            array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_CVV,

               'field' => tep_draw_input_field('cc_cvv', '', 'size=3 maxlength=3') . ' ' . MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_CVV_NOTE),

            array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_ISSUE,

               'field' => tep_draw_input_field('cc_issue', '', 'size=1 maxlength=2') . ' ' . MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_ISSUE_NOTE)));

 

The easiest thing to do is open the file and alter the number 1 on line 139 to a number 2 in the field, and the job is done.

 

Please dont just copy my code, as I have added some new notes to my site to enable ppl to understand where the CVV is etc....

So if you copy my code you will get the words:

MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_ISSUE_NOTE written after your issue number field.

 

Basically you need line 139 changed to this:

 'field' => tep_draw_input_field('cc_issue', '', 'size=1 maxlength=2'))));

 

Cheers

CC.

Share this post


Link to post
Share on other sites

Thanks for the update Steve.

 

Barry, I guess it is not desperate to collect the issue number, but it just adds another layer of hassle for offline processing if the customer forgets to put it in. My project is going live too soon for me to work on the facility, but I would be interested in developing or helping to develop this functionality at a later date. I'll pm you when I am in a position to look at it if that's OK.

 

Thanks again for a life-saving contribution!

 

jb

Share this post


Link to post
Share on other sites

Hi Barry,

 

First off thanks for your great contribution. I've just added the encryption capability but when it decrypt's in Admin it only shows 16 digits of the card number, obviously Solo and most Switch cards have 18-19 digits but it seems to cut the last 2-3 numbers off. If I switch encryption off it displays the full number?

 

Any advice?

 

TIA,

 

Paul

Share this post


Link to post
Share on other sites

Interesting...

 

I have never noticed a switch/solo card with that many digits...

 

I have certainly never owned one.

 

I'm gonna take a look at that, cos it could be a problem for some buyers.

I'll report back.

 

CC.

Share this post


Link to post
Share on other sites

I had the same problem this week and had to contact the customer to get the full number. I'm pretty swamped this week so i'm not sure if i'll get to it for a while

 

CC, if you get a fix could you post it. Thinking through the process the only thing that springs to mind is the database field for storing the cc number is set to a 32 length, this may need increased to say 64 to accomodate the encypted data.

 

 

HTH

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

hmmm...

 

where abouts did you put the CC number limit in?

 

I cant find it, and the script is stopping me inputting the wrong number of digits....

 

I need to increase the number of digits...

 

ta.

Share this post


Link to post
Share on other sites

i didn't put a limit it, sorry it appears i wasn't clear at all.

 

You'll need to alter the properties of database field cc number in the orders table.

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

ok the fix that should do it is:-

 

in orders change cc_number from VARCHAR 32 to VARCHAR 64

 

this will alllow the encryption of a longer than normal number

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

Hi Barry

 

No I didnt mean on the encryption of the cc number, I know you meant to change this in the DB.

I have already altered that.

 

What I mean is when I try and checkout with a card number longer than 16 digits the site tells me I have input the wrong number of digits.

It would appear anything longer than 16 is invalid.

 

Are you saying you did not integrate this feature in your mod?

 

If not it might be the OSC code overwriting it...

 

CC.

Share this post


Link to post
Share on other sites

cc, i think its got something to do with the mod10 algorithm, i have seen a post on this recently i'll try and find it

 

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

yep, its the mod 10.

 

I remember some months ago a post regarding some uk switch cards did not conform to the mod10 standards, i had forgotten about that until a day or so ago but it still didn't register until just now.

 

Find below the fix, posted in another topic;

 

It's simple to bypass mod10 competely.

 

In cc_validation.php, find the function is_valid()

 

After the first {

add

return (TRUE);

 

That's all it takes.

 

hope this helps

 

cheers

barry


"A lie gets halfway around the world before the truth has a chance to get its pants on."

 

"I don't want to achieve immortality through my work; I want to achieve immortality through not dying."

Share this post


Link to post
Share on other sites

Good skills and well spotted mate. :wink:

Share this post


Link to post
Share on other sites

Hey Steve. Did you ever get the latest version of this contribution to work on a Nov or Dec 2002 snapshot? I'd like to get it working on Ian's Loaded 4 release (based on late Nov 2002 snapshot with new checkout), but I don't have the skills necessary to "downgrade" the contribution.

 

Any suggestions, pointers, code, etc., would be greatly appreciated!

 

Thanks,

 

Justin

Share this post


Link to post
Share on other sites

Has anyone installed only the lastest version on a clean MS1 install? Everything seems to work but the cc.php in the catalog directory is not working - it does not add the required fields to the order process for the customer and also in the admin, the only thing I see in Authorize.net as a payment module - even then it removes the ability to edit anything with authorize net either- very odd - is the cc.php with the contrib meant to be a replacement for existing file? I have tried to overwrite as well as merge the two and still no luck.

 

encryption also isn't working...

 

any help is greatly appreciated!!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×