Jump to content
nrlatsha

[Contribution] Credit Card Fraud Detection Service

Recommended Posts

Hi,

Love the contrib but as of 8/24/05 it stopped working on my 2 sites (different servers) both displaying "Invalid Key". I entered my key (and un remarked the statement in catalog/includes/maxmind/maxmind.php since finding out that maxmind requires a key now for everybody.

 

now... all I get on an order is this:

 

Error: COUNTRY_REQUIRED

 

 

Any suggestions are much appreciated!

 

Thanks, KJ


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

No response??

 

Any chage to Maxmind on anybody else's contib w. osC???

 

--KJ


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites
No response??

 

Any chage to Maxmind on anybody else's contib w. osC???

 

--KJ

We've got our own custom version of this and it has stopped working too.

 

The error says that we need a licence key. We've registered and now have 1000 free checks but thats the limit. We'll need to pay from then on.

Edited by emanresu

Citizen of US Minor Outlying Islands

Share this post


Link to post
Share on other sites

Hello, I use this contrib and think it is a great one. I was using it with no problem until lately. I have received an e-mail from MaxMind stating they have updated there system. The contrib seems not to work now. All the areas are now blank. I was wondering if there is going to be an update to this anytime soon. I hope there will be as this is a very useful contrib. Thanks in advance.

Share this post


Link to post
Share on other sites

Hi

I have installed everything but it is messing with my checkout. When the customer clicks continue to confirm the order on checkout_success.php it fails.

The error i get is

Fatal error: Cannot redeclare class httpbase in /home/daniel/public_html/catalog/includes/modules/maxmind/HTTPBase.php on line 25

 

My httpbase page code is

<?php



/* HTTPBase.php

*

* Copyright (C) 2004 MaxMind LLC

*

* This library is free software; you can redistribute it and/or

* modify it under the terms of the GNU General Public

* License as published by the Free Software Foundation; either

* version 2.1 of the License, or (at your option) any later version.

*

* This library is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

* Lesser General Public License for more details.

*

* You should have received a copy of the GNU General Public

* License along with this library; if not, write to the Free Software

* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/



$server = array("www.maxmind.com", "www2.maxmind.com");

$numservers = 2;

$API_VERSION = 'PHP/1.2';

class HTTPBase{

 var $server;

 var $numservers;

 var $url;

 var $queries;

 var $allowed_fields;

 var $num_allowed_fields;

 var $outputstr;

 var $isSecure;

 var $timeout;

 var $debug;

 function HTTPBase() {

   $isSecure = 0;

   $debug = 0;

   $timeout = 0;

 }



 // this function sets the allowed fields

 function set_allowed_fields($i) {

   $this->allowed_fields = $i;

   $this->num_allowed_fields = count($i);

 }



 //this function queries the servers

 function query() {

   //query every server in the list

   for ($i = 0; $i < $GLOBALS['numservers']; $i++ ) {

     $result = $this->querySingleServer($GLOBALS['server'][$i]);

     if ($this->debug == 1) {

       print "server: " . $GLOBALS['server'][$i] . "\nresult: " . $result . "\n";

     }

     if ($result) {

       return $result;

     }

   }

   return 0;

 }



 //this function takes a input hash and stores it in the hash named queries

 function input($vars) {

   $numinputkeys = count($vars);  // get the number of keys in the input hash

   $inputkeys = array_keys($vars);   // get a array of keys in the input hash

   for ($i = 0; $i < $numinputkeys; $i++) {

     $key = $inputkeys[$i];

     if ($this->allowed_fields[$key] == 1) {

       //if key is a allowed field then store it in 

       //the hash named queries

       if ($this->debug == 1) {

  print "input $key = " . $vars[$key] . "\n";

}

       $this->queries[$key] = urlencode($vars[$key]);

     } else {

       print "invalid input $key - perhaps misspelled field?";

return 0;

     }

   }

   $this->queries["clientAPI"] = $GLOBALS['API_VERSION'];

 }



 //this function returns the output from the server

 function output() {

   return $this->outputstr; 

 }



 //this function query a single server

 function querySingleServer($server) {

   //check if we using the Secure HTTPS proctol

   if ($this->isSecure == 1) {

     $scheme = "https://";  //Secure HTTPS proctol

   } else {

     $scheme = "http://";   //Regular HTTP proctol

   }



   //build a query string from the hash called queries

   $numquerieskeys = count($this->queries);//get the number of keys in the hash called queries

   $querieskeys = array_keys($this->queries);//get a array of keys in the hash called queries

   if ($this->debug == 1) {

     print "number of query keys " + $numquerieskeys + "\n";

   }

   for ($i = 0; $i < $numquerieskeys; $i++) {

     //for each element in the hash called queries 

     //append the key and value of the element to the query string

     $key = $querieskeys[$i];

     $value = $this->queries[$key];

     //encode the key and value before adding it to the string

     //$key = urlencode($key);

     //$value = urlencode($value);

     if ($this->debug == 1) {

       print " query key " . $key . " query value " . $value . "\n";

     }

     $query_string = $query_string . $key . "=" . $value;

     if ($i < $numquerieskeys - 1) {

       $query_string = $query_string . "&";

     }

   }



   $content = "";



   //check if the curl module exists

   if (extension_loaded('curl')) {

     //use curl

     if ($this->debug == 1) {

       print "using curl\n";

     }



     //open curl

     $ch = curl_init();



     $url = $scheme . $server . "/" . $this->url;



     //set curl options

     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

     curl_setopt($ch, CURLOPT_URL, $url);

     curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);



     //this option lets you store the result in a string 

     curl_setopt($ch, CURLOPT_POST,          1);

     curl_setopt($ch, CURLOPT_POSTFIELDS,    $query_string);



     //get the content

     $content = curl_exec($ch);



     // For some reason curl_errno returns an error even when function works

     // Until we figure this out, will ignore curl errors - (not good i know)

//      $e = curl_errno($ch);//get error or sucess



     if (($e == 1) & ($this->isSecure == 1)) {

       // HTTPS does not work print error message

         print "error: this version of curl does not support HTTPS try build curl with SSL or specify \$ccfs->isSecure = 0\n";

     }

     if ($e > 0) {

       //we get a error msg print it

       print "Received error message $e from curl: " . curl_error($ch) . "\n";

return 0;

     }

     //close curl

     curl_close($ch);

   } else {

     //curl does not exist

     //use the fsockopen function, 

     //the fgets function and the fclose function

     if ($this->debug == 1) {

       print "using fsockopen\n";

     }



     $url = $scheme . $server . "/" . $this->url . "?" . $query_string;

     if ($this->debug == 1) {

       print "url " . $url . " " . "\n";

     }



     //now check if we are using regular HTTP

     if ($this->isSecure == 0) {

       //we using regular HTTP



       //parse the url to get

       //host, path and query

       $url3 = parse_url($url);

       $host = $url3["host"];

       $path = $url3["path"] . "?" . $url3["query"];



       //open the connection

       $fp = fsockopen ($host, 80, $errno, $errstr, $this->timeout);

       if ($fp) {

         //send the request

         fputs ($fp, "GET $path HTTP/1.0\nHost: " . $host . "\n\n");

         while (!feof($fp)) {

           $buf .= fgets($fp, 128);

         }

         $lines = split("\n", $buf);

         // get the content

         $content = $lines[count($lines)-1];

         //close the connection

         fclose($fp);

       } else {

  return 0;

}

     } else {

       //secure HTTPS requires CURL

       print "error: you need to install curl if you want secure HTTPS or specify the variable to be $ccfs->isSecure = 0";

       return 0;

     }

   }



   if ($this->debug == 1) {

     print "content = " . $content . "\n";

   }

   // get the keys and values from

   // the string content and store them

   // the hash named outputstr



   // split content into pairs containing both 

   // the key and the value

   $keyvaluepairs = explode(";",$content);



   //get the number of key and value pairs

   $numkeyvaluepairs = count($keyvaluepairs);



   //for each pair store key and value into the

   //hash named outputstr

   for ($i = 0; $i < $numkeyvaluepairs; $i++) {

     //split the pair into a key and a value

     list($key,$value) = explode("=",$keyvaluepairs[$i]);

     if ($this->debug == 1) {

       print " output " . $key . " = " . $value . "\n";

     }

     //store the key and the value into the

     //hash named outputstr

     $this->outputstr[$key] = $value;

   }

   //check if outputstr has the score if outputstr does not have 

   //the score return 0

   if ($this->outputstr["score"] == "") {

     return 0;

   }

   //one other way to do it

   //if (!array_key_exists("score",$this->outputstr)) {

   //  return 0;

   //}

   return 1;

 }

}

?>

 

I saw the above fix suggestions for this problem, first being to check for duplicate httpbase calling but there wasnt, any ideas?

The order is also recorded at this point, and the max mind info is all showing in the admin section (i am a fraud risk of "2") but the error wont go away.

I dont know what "Changed the maxmind.php and func called checkout_process.php. It's seems to be working now." that "SSD" suggested, so if I could get a clarification on that it would be great as that may be my problem.

Thanks

Share this post


Link to post
Share on other sites

RE my above post.

Fixed.

 

Tried the

 

if (tep_not_null($sql_data_array['cc_number'])) {

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

}

 

instead of

if (tep_not_null($order->info['cc_number'])) {

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

}

on my checkout_process page

and it worked.....

Share this post


Link to post
Share on other sites

I just added this contrib to my site but it appears to not be working. I have the same error that a previous poster noted -- in the admin panel when I look at the order, all the max fields are blank except the one marked "error:" and it says "COUNTRY_REQUIRED".

 

Is anyone around to help out?

 

Thanks in advance!

 

Robert

Aartech Canada

Share this post


Link to post
Share on other sites
I just added this contrib to my site but it appears to not be working. I have the same error that a previous poster noted -- in the admin panel when I look at the order, all the max fields are blank except the one marked "error:" and it says "COUNTRY_REQUIRED".

 

Is anyone around to help out?

 

Thanks in advance!

 

Robert

Aartech Canada

 

Yes, still have a blank screen in admin like yours (only displays COUNTRY_REQUIRED)

 

Would be nice to have this contrib back up and running!

 

KJ (top_speed)


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

1146 - Table 'XXXXXX_osc1.TABLE_ORDERS_MAXMIND' doesn't exist

select distance, country_match, country_code, free_mail, anonymous_proxy, score, bin_match, bin_country, err, proxy_score, spam_score, bin_name, cust_phone, ip_city, ip_latitude, ip_longitude, ip_region, ip_isp, ip_org, hi_risk from TABLE_ORDERS_MAXMIND where order_id = '8602'

 

I keep getting this error, I had Maxmind working great for the passed 6 months I made some updates to orders.php had some problems, and updated orders.php with the back up before the changes. Now I get this message when I uploaded the backup of orders.php

 

Any ideas why? I have tried:

 

Removing SQL Table

Adding SQL Table Back in

Full Reinstalling MaxMind

 

 

Nothing seems to work any ideas?

Share this post


Link to post
Share on other sites
1146 - Table 'XXXXXX_osc1.TABLE_ORDERS_MAXMIND' doesn't exist

select distance, country_match, country_code, free_mail, anonymous_proxy, score, bin_match, bin_country, err, proxy_score, spam_score, bin_name, cust_phone, ip_city, ip_latitude, ip_longitude, ip_region, ip_isp, ip_org, hi_risk from TABLE_ORDERS_MAXMIND where order_id = '8602'

 

I keep getting this error, I had Maxmind working great for the passed 6 months I made some updates to orders.php had some problems, and updated orders.php with the back up before the changes. Now I get this message when I uploaded the backup of orders.php

 

Any ideas why? I have tried:

 

Removing SQL Table

Adding SQL Table Back in

Full Reinstalling MaxMind

Nothing seems to work any ideas?

 

In orders.php try moving

  // Maxmind Mod Noel Latsha
 if (tep_not_null($order->info['cc_number'])) {
require(DIR_WS_MODULES . 'maxmind/maxmind.php');
 }
 // End Maxmind Mod Noel Latsha

 

to the lines just below

 

  tep_db_perform(TABLE_ORDERS, $sql_data_array);
 $insert_id = tep_db_insert_id();

 

I think $sql_data_array is being clobbered before maxmind.php can pick up and read the array.

Share this post


Link to post
Share on other sites
1146 - Table 'XXXXXX_osc1.TABLE_ORDERS_MAXMIND' doesn't exist

This means that you have not defined 'TABLE_ORDERS_MAXMIND' in catalog/admin/includes/database_tables.php and catalog/includes/database_tables.php

Share this post


Link to post
Share on other sites

Hi,

 

I want to instal this system but was just wondering if it will work with paypal IPN as we do not get any of the credit card details back from them once the payment has been processed.

 

Thanks.

Share this post


Link to post
Share on other sites

As Noel suggested (earlier in this thread) I replaced the maxmind.php file with this one and everything seems to be working fine again. :D

 

Don't forget to uncomment out the licsence key line and add you key#

 

<?php
/*
$Id: maxmind.php,v 1.5 2004/09/09 22:50:51 hpdl Exp $
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2004 osCommerce
Released under the GNU General Public License
Noel Latsha, www.nabcomdiamonds.com/www.devosc.com

2004/07/18 - amended for cc.php by Stuart Owens
with assistance from Acheron and stevel
Tested on osc2.2 (Dec 2002 version)
*/

// If you have a liscense key, enter it here and uncomment the line
//$h["license_key"] = "XXXXXXXXXXXX";

// *************************************DO NOT MODIFY BELOW THIS LINE (Unless you know what you are doing **********************************	

$check_country_query = tep_db_query("select countries_iso_code_2 from " . TABLE_COUNTRIES . " where countries_name = '" . $order->billing['country']['title'] . "'");
$check_country = tep_db_fetch_array($check_country_query);

$check_state_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_name = '" . $order->billing['state'] . "'");
$check_state = tep_db_fetch_array($check_state_query);

require(DIR_WS_MODULES . 'maxmind/CreditCardFraudDetection.php');
$ccfs = new CreditCardFraudDetection;

//Modify a few variables to match what MaxMind is expecting.
$string = $order->info['cc_number'];
$cc = substr($string, 0, 6); 

$str = $order->customer['email_address'];
list ($addy, $domain) = split ('[@]', $str);

$phstr = preg_replace( '/[^0123456789]/', '', $order->customer['telephone']);
$phone = substr($phstr, 0, 6);

//next we set inputs and store them in a hash
$h["i"] = $REMOTE_ADDR;			   // set the client ip address
$h["domain"] = $domain;				  // set the Email domain 
$h["city"] = $order->billing['city'];			   // set the billing city
$h["region"] = $check_state['zone_code'];		   // set the billing state
$h["postal"] = $order->billing['postcode'];		 // set the billing zip code
$h["country"] = $check_country['countries_iso_code_2'];	  // set the billing country
$h["bin"] = $cc;				 // set bank identification number
$h["custPhone"] = $phone;			  //set customer phone number

// If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed
// uncomment the next line
// $ccfs->isSecure = 0;

//set the time out to be five seconds
$ccfs->timeout = 5;

//uncomment to turn on debugging
// $ccfs->debug = 1;

//next we pass the input hash to the server
$ccfs->input($h);

//then we query the server
$ccfs->query();

//then we get the result from the server
$h = $ccfs->output();

$outputkeys = array_keys($h);
$sql_data_array = array('order_id' => $insert_id,
				   'score' => $h['score'],
				   'distance' => $h['distance'],
				   'country_match' => $h['countryMatch'],
				   'country_code' => $h['countryCode'],
				   'free_mail' => $h['freeMail'],
				   'anonymous_proxy' => $h['anonymousProxy'],
				   'proxy_score' => $h['proxyScore'],
				   'spam_score' => $h['spamScore'],
				   'bin_match' => $h['binMatch'],
				   'bin_country' => $h['binCountry'],
				   'bin_name' => $h['binName'],
				   'err' => $h['err'],
				   'ip_isp' => $h['ip_isp'],
				   'ip_org' => $h['ip_org'],
				   'hi_risk' => $h['highRiskCountry'],
				   'cust_phone' => $h['custPhoneInBillingLoc'],
				   'ip_city' => $h['ip_city'],
				   'ip_region' => $h['ip_region'],
				   'ip_latitude' => $h['ip_latitude'],
				   'ip_longitude' => $h['ip_longitude']);

tep_db_perform(TABLE_ORDERS_MAXMIND, $sql_data_array);
?>

 

AWESOME CONTRIB! Thanks


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

Hi All,

Installed Maxmind 1.52/1.53 perfectly (although someone needs to change directions from catalog/languages/english to admin...)

 

However, results on orders page display blank fields. I have included the license key acquired from maxmind etc. Nada, still empty results as many of you have stated you have here on the forum.

 

Any thoughts on how to resolve this? Sure would like to use this contribution.

 

I also did a testmax.php in admin. These are my results.

 

distance =

countryMatch =

countryCode =

freeMail =

anonymousProxy =

score =

binMatch =

binCountry =

err = COUNTRY_REQUIRED

proxyScore =

spamScore =

ip_region =

ip_city =

ip_latitude =

ip_longitude =

binName =

ip_isp =

ip_org =

binNameMatch =

binPhoneMatch =

binPhone =

custPhoneInBillingLoc =

highRiskCountry =

queriesRemaining = 977

cityPostalMatch =

shipCityPostalMatch =

maxmindID = ABCDEFG

Share this post


Link to post
Share on other sites
Hi All,

Installed Maxmind 1.52/1.53 perfectly (although someone needs to change directions from catalog/languages/english to admin...)

 

However, results on orders page display blank fields. I have included the license key acquired from maxmind etc. Nada, still empty results as many of you have stated you have here on the forum.

 

Any thoughts on how to resolve this? Sure would like to use this contribution.

 

Replace your Maxmind.php file with the above code that is listed right above this post. I had all blank fields until I pasted this code into that file. Make sure you put your key into the XXXXXXXXX location towards the top of the file (backup your orig file first of course)

 

--KJ

Edited by Top_Speed

define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

Hi KJ,

Did that already. Tried again just to be on the safe side....

Same old thing...

 

distance =

countryMatch =

countryCode =

freeMail =

anonymousProxy =

score =

binMatch =

binCountry =

err = COUNTRY_REQUIRED

proxyScore =

spamScore =

ip_region =

ip_city =

ip_latitude =

ip_longitude =

binName =

ip_isp =

ip_org =

binNameMatch =

binPhoneMatch =

binPhone =

custPhoneInBillingLoc =

highRiskCountry =

queriesRemaining = 971

cityPostalMatch =

shipCityPostalMatch =

maxmindID = 8RCDGLQF

 

 

Everything appears to be working..just not data.

Share this post


Link to post
Share on other sites

You dont think it would have anything to do with working locally? I have an always on connection...just wonder if I'm missing something that isnt passing.

 

This is what Thomas from Maxmind said..

 

It appears you are sending blank data to the service:

 

user_ i domain city re postal co

bin

dista sco time pro spa car

12097 127.0.0.1

0 0 2006-03-16 14:14:00 0 0

12097 127.0.0.1

0 0 2006-03-16 14:10:56 0 0

12097 127.0.0.1

0 0 2006-03-16 14:10:52 0 0

12097 127.0.0.1

0 0 2006-03-16 14:10:50 0 0

 

-TJ

 

 

Not very helpful in my quest to get this working but a response none the less.

Share this post


Link to post
Share on other sites

Hi Allison,

I have an "always on" connection also, don't think that has anything to do with the server passing the variables to Max however. As you can see this contrib is barely supported anymore... it may take months before you get a preson that now has the same prob as you (considering you already did the maxmind.php code update.

 

Anything (ideas) from your hosting company? Server parameters, php ver, Apache etc....


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

Oh yeah, BIG YES on the help (or more like the lack of) from Max. Been there, done that. But in their defense they don't know the osc code and your personal settings.

 

On mine personally... it worked (as the contrib is or was downloaded) about 2 years ago. Then one day out of the blue.. bamm! Both my sites were shooting blanks like yours. SO.... I really don't have much faith that this thing will even keep going. I still believe the sudden "drop" of my prior using was MAx doing something different on their end. They said no but I still can't see how 2 different sites of mine (different servers also!) just stopped working.

 

For me, it was the code above that matched what Max wants (for now)!

 

Not that this is really helping, but maybe someone from Maxmind will see this someday and input what they do with data/string/variables changes on their end.


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

Not that this is really helping, but maybe someone from Maxmind will see this someday and input what they do with data/string/variables changes on their end.

 

Thank you for your help. Installed live. Still nothing... Maybe someone will pick up the ball again someday.

Share this post


Link to post
Share on other sites

You may want to contact your web host tech dept. SOme have phpers in-house and maybe could figure out why the results don't get returned to you. It could be their fault so they may do some investigation for you... I know my host has for me several times and they know php very well.

 

Good luck, KJ


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites

Greetings All,

 

I just wanted to say that its very sad to see such a lack of support and interest with this very fine contribution!

Please, don't take that the wrong way... as it is not directed at Noel (nrlatsha). I admire him for all the work he has done. Also cheers to the few people who do try to help.

 

It's just a little confusing as to why the lack of support and interest when this contribution addresses a very important problem that effects all us merchants... FRAUD!

 

Before MaxMind I was at a point where I either had to find a way to stop the huge amount of fraud my store was getting hit with or give up and go out of business!

 

Why so much fraud? Well my store sells a virtual product (online game codes) and PayPal refuses to provide any charge back support for virtual products. Seeing that most of my customers use PayPal I had to continue to accept them as a payment provider but what else could I do?

.... MAXMIND!

 

Since I started using them my fraud has dropped to almost nil. But with this contribution I still had to check all my PayPal orders manually as it does not work for PayPal IPN transactions.

 

My knowledge of PHP and osCommerce is average and getting better every day. I have been successful in modifying this to work with all my other payment options except the PayPal IPN.

 

If you know how to get this working with PayPal IPN, have any suggestions or ideas... PLEASE let me know and post here for all. I will also continue to tinker with it and post my results.

 

... or will I be forced to switch to Algozone?

Share this post


Link to post
Share on other sites

I think you may be going to Algozone then.

 

The support for just the Credit Card detection is lax let alone working ontop (or with) another contrib.


define('PROJECTS', 'Something that goes on forever!');

Share this post


Link to post
Share on other sites
I think you may be going to Algozone then.

 

The support for just the Credit Card detection is lax let alone working ontop (or with) another contrib.

 

Hello KJ,

 

I have finally figured it out!!!

 

I got CCFD to work with PayPal IPN.

 

After I document everything I will post the updated version.

Share this post


Link to post
Share on other sites

Newbie here, Have read a few postings. Is this ready to go or are there lots of things to tinker with to get it to work still?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×