Working With Sessions And Storing Credit Card Info Inside A Session
have a security concern working with sessions and storing credit card info inside a session, going to the payment gateway, redirecting back to my page and doing a soap connection and processing the order with the session variables, and then destroying the session afterwards.
is it safe enough to store credit card information in this manner, can hackers get to this? cause its possible to view POST variables with a firefox plugin.
or is it safer to write it to a temporary database table, do what i need to do and then delete the row?
View Complete Forum Thread with Replies
Related Forum Messages:
Storing Credit Card In Databases?
What is the deal with storing credit card information in a database Can anyone give me some in sight on this. 1.) What is the best way to go about it? 2.) What is use to encrypt and decrypt the info? And anything else that you may think is important on this issue.
View Replies !
Collecting Credit Card Info
I've not done a shopping cart before so I'm not sure what the story is with credit cards. I've collected all the user's personal info and products purchased as variables, do I just do the same with the credit card info (as $_POST variables to keep them hidden)? Is this sufficient? I'm not planning on emailing the info to the store owner just letting them login to an admin area to collect it. Is this secure enough or what should I do differently? What's the deal with security certificates? What do they actually do and are they expensive? Any help you could provide on this would be great.
View Replies !
"curl" Scripting In Credit Card Merchant Not Working.
I'm trying to get a credit card processing script to work. It's with the payQuake or Merchant Partners system. It's suposed to process the credit card transaction without ever having to leave my web site (if I point the form to the quicksale.php script - like it's done below). What its doing is it will run for a few minutes then output "No Response" (the first part of the if clause below). Merchant Partners or payQuake's technical support is not too good. It appears that they assume that everyone already knows how to integrate their software. Does anybody see what I'm doing wrong? PHP Code: ....
View Replies !
Storing Session Info In MySQL
I've written a login system which uses session variables to store details about the user. The site isn't holding sensitive data, so this isn't a problem. What I'd like to do though, is store each login in mySQL and use it to automatically log the user back in next time around. Also want to use the logged in information for statistical information, such as how many registered users are logged in, and how many guests are going around on the site. I know vBulletin uses a system similar to this, by storing the session ID in a database and using it from there. Can anyone explain roughly how this would work for logging in the first time, and relogging in next time?
View Replies !
Credit Card
what should i do if i want to set up a website with credit card service? the hosting server has a module on credit card.. so.. do i need to go to bank to ask for this service to set up to my website? or the hosting server handle for us??
View Replies !
Credit Card Question
I would like to know if a devious user knows only the credit card number, expiration date, and credit card's type, but he doesn't know the credit card's owner's name, can he still do some damage? If no damage, then in the form, I should not ask the user to enter name and credit card info in the same form. I think to make it secure, I will ask the user to enter his/her name in a separate form, and I shouldn't rely only in the username and password.
View Replies !
Credit Card Processing...
I would like my users on my site to be able to pay with credit cards and I need an "immediate" validation and transfer... Can anyone recommend from experience any good and affordable way? Coding PHP is not a problem.....
View Replies !
Credit Card Encryption
We're taking credit card details online and processing them offline, so we need to store them encrypted in the db, but they it needs to be 2-way encryption. So, I'm wondering what the best form of encryption for this would be? I cant remember what I used in ASP - I know I tried blowfish but there were problems with it.
View Replies !
Credit Card Transaction
i wanna learn more about how to process credit card transaction. i under stand i have to create a form whereby the user selects credit card type n enter his/her card number, expiry date.etc. but how do i actually make connection to the merchant n so for?
View Replies !
Credit Card Options
i was wondering if anyone can help me out?i have a dating website that only accepts paypal at this time,what i want to do is keep the paypal payment and add credit card payments to my site can anyone tell me how to go about doing this?thanks..(and if so is there away to make the payments from the credit card go into my paypal account?)
View Replies !
Credit Card Validation
I am creating an e-commerce site and i don't want to have a shopping card, i want the user to be able to buy credits using credit c, paypall, moneybookers etc and with those credits to buy products in the future. I need some general idea how this can be done with php and MySql. For example www.bwin.com once you upload your founds than you can beat online, it is something like cyber cash or I dont know .
View Replies !
Credit Card Verification
i need to make web site that allows people to buy things, i would like to know if anybody knows how i can verify the credit card numbers. Is there some set code that i can use in php that will do this. Also is this how the big online stores do this?
View Replies !
Anyone Using MCVE For Credit-card Processing?
I'm looking for the absolutely cheapest, rock-bottom way of processing credit cards on the web, preferably without monthly charges (only per-transaction fees). Based on what I've read from reasonably happy users, I was all set to sign up with authorize.net when I found the MCVE function in the PHP manual. It sounds like a great way to bypass the gateway middleman and only pay the fees for the merchant account. But there's somewhat scant documentation (apart from an actual step-by-step script, which, if it works is great) and virtually NO discussion of it on these fora or in a Google search. So is this a dead end? I'm a bit uneasy committing my project to this technology if no one else out there is using it.
View Replies !
Security - Credit Card Details
does anyone know how i could send information eg credit card details to my database which is mysql. i know this isnt the most secure database as it is connected via the internet but that doesnt matter to me. any example code would be of great help to me. i will be using drop down menus and forms.
View Replies !
Credit Card Validation From Another Site
I have to validate a credit card account in my site from another web site like 'Bank Of America'[www.bofa.com]. As far i know They used to do this validation. I don't need the credit card validation syntax in javascript or php for 10 modulas alogrithom or length validation. I just need to use another site[as i have mentioned erlier] to validate credit card from my site. How i can do this by php. I have got storeid,userid and password. how it is possible through php?
View Replies !
Secure Credit Card Transactions
I'm looking for some way of organizing secure credit card transactions hopefully via PHP. Are there any good libraries or something out there that would be useful? Obviously, security is the main issue.
View Replies !
Passing Credit Card Data Via URL?
Is it possible to pass credit card data securely from one website to another (on a totally different server)? Basically, a live data feed of orders from external websites, not hosted on the same server where the info is passed onto the gateway? I can't image passing cc info via the url string and expecting that to be secure. for example: https://somesite.com?fname=jon&lname&ccnumber=4111111111111111&exp=MMYY.......... Am I just being paranoid? Or is this ok to do?
View Replies !
CREDIT CARD PHP FORM NEEDED
I'm using a form genretor, I hv 2 service providers. 1 provider it works, but for the other its owned by a non-profit origization: I create the form, link below. Dont fill out the for and hit submit. The provider is valuweb and they dont seem to know hat the problem is. Im not a guru and stubled by this As I was trying to add a Credit Card input field but doens't work. see message I get below. Where it goes to a bin folder where the provider says it not even there and when I look at the 3 files generated does not show it either,. Code:
View Replies !
Passing Credit Card Values Via GET Over SSL
I'm using php to send credit card information. A gateway company requires me to send them the variables for a credit card transaction over SSL but using the GET variable and not POST. I always thought GET's were not secure and the URL could be read by "man in the middle's"? Is this not true?
View Replies !
Verisign Credit Card Alternatives?
I have a client who will be running a charity auction. They want to allow people to pre-register -- if they have to have a valid credit card. At the end of the auction, the winners will have whatever they bid charged to their cards. My problem: Verisign's Payflow Pro system is burdensome. I need to recompile PHP with the pfpro options enabled, install binaries on my server, etc. I'm not having much luck with that. And, Verisign says that there is no way to simply verify a card is legit -- they say I should try to "authorize" for a small amount (like $1), and upon hearing if the transaction is accepted/rejected, void the $1 hold. So here are the questions. Is it true that I cannot verify a card without doing an authorization? And second, is there any simpler system? One that doesn't require PHP to be recompiled or binaries to be placed on the server? I was really hoping to find a simple XML system, maybe doing queries via SSH? What systems have you found to be easy to use with PHP?
View Replies !
Validating Credit Card Numbers
I'm trying to validate the credit card numbers (for example, all Discover cards start with 6011, etc.), but when I submit only a blank page comes up. I've broken it down to be as small as I can for illustrative purposes. Code:
View Replies !
European Credit Card Validation
I'm implementing a simple credit card number check on my website, in order to trap user errors. it doesn't validate with the bank, but validates against certain known rules (e.g. Amex always begins with xxxx) The scripts I've found work fine for Mastercard, Visa, Diner's Club and a few American only cards, but there's nothing on Google about European/UK cards like Solo, Switch and Maestro. Anyone aware of European oriented PHP credit card validation scripts?
View Replies !
Xcart Credit Card Processor
I am trying to accept payments on x-cart script running on my website. For some reason, even after applying correct payment processing details. Xcart does not transact credit cards. : Here is the script, my site is using to transact credit cards on 2checkout --------------------- # # $Id: cc_2checkoutcom.php,v 1.26.2.2 2004/08/19 05:52:43 max Exp $ # ......
View Replies !
Credit Card Number Validation
Just got a request from a client who wants me to include a credit card input field (as well as expiration date and security code field) on a page in his site. He doesn't want e-commerce functionality, he just wants to capture this data to an email that would be sent directly to him, and then manually run the information through himself. Question is: is there any specific (or generic) patterns that I could write a script to check these three pieces of information? The expiration date will be simple enough, but how about the card number? Do I just need to check the credit card number against a 16 digit numeric pattern? What if they put dashes between each set of 4 numbers? Would that be another pattern? Does anyone know if the security code on the back of credit cards is only 3 digits long, or do they vary as well? Is there a tutorial for this someplace? or a very clear explanation of exactly what to do for just capturing the data? It appears to me to be pretty clear, but I just want to check first before I start off.
View Replies !
Credit Card Number Verification
I could do with some serious help, with coverting the Luhn10/Mod10 credit card check to PHP. Is there anyone who has this, or could help convert a PERL version which I can post? I need to pass PHP a string, take out all spaces, dashes, slashes, and then perform the Luhn10 check on the number, and return a TRUE or FALSE value. Anyone that can help?
View Replies !
Credit Card Details Advice
1. I have a form that takes credit card information. 2. Paypal or anything similar to paypal is OUT of the question, client wants us to get the information instead. 3. According to our system administrator, he has already set up a SSL for our server. This form would be processed in a url with https:// 4. Client wants to have all the information stored in a mysql database. I need advice on 1. How do i process the form? Will the https:// be enough? Or do i have any special code to include in my form processing? 2. Do i install the SSL or does the system administrator install it? 3. If i store the information in a database, how do i keep it safe/secure from hackers? 4. If i'm able to convince the client that the processed form would just send the client an email instead of storing the data, will this be secure as well? I mean the transfer from the website to the client's email, will this be secure? 5. If i'm unable to convince the client to just email the data instead of storing it, encrypting the data would make it more secure.. but how do i 'decrypt' it .. so that when the client views the data on our website, he can actually see the REAL data.
View Replies !
Credit Card Encryption In PHP / Mysql
I have a registration form where the user inputs their credit card number. I recently read that the CC number has to be encrypted before submitting a form... has anyone ever done something like this? Just wondering how I can go about encrypting this data on an HTML/PHP form that stores the data in a MySQL DB.
View Replies !
Credit Vs Debit Card Algorithm?
Does anyone know of a script that determines whether a mastercard or visa card is a Debit card? Just as you can tell it's a master card if the starting 4 digits are between 5100 and 5600, and that it's a Visa card if the first digit is a 4, I assume there's some trick to know the difference between a credit and debit card. My bank charges extra for debit cards.
View Replies !
Hide Credit Card Number With Xs
I am making a secure payments website where people pay with their credit cards. If I have the cc number in a variable, how can I display it on the "confirm this information is accurate" page having Xs in place of all but the last 4 digits? (Eg: 1234567890123456 --> xxxxxxxxxxxx3456)
View Replies !
Secure Credit Card Processing
I have a website which sells products, but rather than using a 3rd party site like paypal etc etc, to take my payments i want to make use of my shop terminal instead. This said i need to collected the credit card details on my website and then store them safely. I have seen one contribute for oscommerce, which stores half the credit card numbers in a MYSQL and then emails the other half. My questions are, is there a php script out there which will collect and manage credit card details? If i was to make my own, how would i go about this, in the sence of how does the SSL work? do you have to process information different in forms? to work along side the SSL?
View Replies !
Credit Card Payment Process
i have this process in payment (this is a simulation without sending the real info to verizon, etc): 1. user choses to pay by credit card. 2. user enters credit card number and other info. 3. script validates if the credit card number is valid. 4. any suggestion for the next step?
View Replies !
Keeping Credit Card Details Secure
I'm building a shopping cart for a small site that need to accept credit card payments. The problem is that payment details need to be sent securly by e-mail, or retreived by the store owner from a secure page for manual processing because the sales volume is too low to pay the setup costs for an online system. What is the best way to do this? Currently they use a PERL script that send half of the details by e-mail (not secure) and stores the other half in a file on the host's server. Is this the best way to do it?
View Replies !
PHP + ECommerce (How Can I Process Credit Card Payments?)
I create PHP-based/mySQL-driven sites that have dynamic content (the products) and a shopping cart. When the client choses to complete their order (go to the proverbial checkout), they end up filling in a secured form (on a secured server) that stores their info into a mySQL table. In order for the transaction to be complete, the site owner needs to retrieve the customer's order and payment info via a secure page. They would then use that info to manually complete the transaction. This will not do for a new client. He wants everything to be done hands-free. He wants the payment to be instant. I understand his wishes, but have no idea how to go about fulfilling them! How would I take the customer's CC info and complete a transaction where the payment goes right into the owner's bank account?
View Replies !
Credit Card Processing, Shoping Cart
Like if its a monthly payment plan, do you have to make the script so that it takes money from the credit card everymonth or does the merchant account do that? Also I want to use PHP for the this part, who is compatible with PHP. I mean I need to send and receive data from whoever is checking the credit card.
View Replies !
Credit Card Payment Process Through Nobelpay
I am in photo business site. is their any one done any credit card payment process through nobelpay(one of the payment process like paypal, surepay etc..) in php. If any one have come across this payment process in php. please tell me how to implement the credit card payment process in php using nobelpay payment.
View Replies !
Accepting Credit Card With My PHP Shopping Cart?
I have designed a shopping cart using PHP and alittle javascript. It seems in order so my next step is to work on the CHECK OUT. I know I will need to get a SSL - which I plan on getting through network solutions. I want to use a Gateway to process the credit card right then on the spot instead of a processor. I hope thats ok. 1.) From what I understand I need to get a merchant account. 2.) I need to use a Credit Card gateway company (Like Authorize.net) to process the Credit card from the customer and send the money to my merchant account. 3.) I need to incorporate the gateway code into my checkout php form. Am I right so far? Questions? 1.) Where should I get a merchant account? What are the company names??? 2.) What payment gateway processor is good (ie: Authorize.net) 3.) Is incorporating the gateway or processor code into my php form hard?
View Replies !
Credit Card Monthly Balance Calculator
I want to make a calculator that shows what your interest rate would be. The key is that it would output a new row per month with the interest charge, the next payment, etc. Not the single line, generic ones that are all over the web. Sample: User inputs: - Loan amount - Interest rate - minimum payment rate (usually between 1-3%) - monthly payment desired Here is the meat: The output would return anywhere from 1-400 rows, each explaining the current balance and the interest accrued for that month.
View Replies !
Email Credit Card Numbers Encrypted
I am trying to write a script to email credit card numbers. I tried accessing SSH and creating GNUPG keys, but I couldn't figure it out. I have cPanel which has a get generator in it, but wasn't sure if that was the right method either. Anyhow does anyone have any suggestions on a good way to encrypt -> email -> decrypt credit card numbers securly?
View Replies !
Math Involved In Credit Card Script
I'm really not sure if this is the correct forum, but anyways... http://www.ditech.com/calculators/creditcard.html I'm creating a script that does a similar job to that. It will work out how much a user will have to pay over 12, 24 and 36 months after they have entered their balance and interest rate. But, how does this tool calculate the monthly amount? I thought it would just be balance + interest divided by the amount of months. Obviously that doesn't work though. Would anyone be able to help? It seems more like a math question, although it will be being made into a script...
View Replies !
Saving Data - Credit Card Transaction
Im doing a order.php whereby user insert their info. after a successful validation, the user will be brought to the payment.php for payment. after which, the credit card transaction will be process. if it is successful, the data from order.php and payment.php will be inserted into database. so i wanna noe how to save the data from order.php n bring it ova to payment.php.
View Replies !
Create A Php Site With Credit Card Check Out Functionality
I'd like to create a php site with credit card check out functionality. Some of the sites that I saw which have the credit card functionality use VeriSign Securied. Does anyone know how I can create such functionality? If you can direct me to any documentation or script that are related to building credit card check out functionality,
View Replies !
Sending Credit Card Information Via $_POST And E-mail
I have a form that asks for sensitive information such as credit card number, name on card, ccv, etc. When the user clicks "Continue," it takes them to a page that displays the information they submitted, so they can check it for accuracy. Then, they click Submit to send the information via e-mail through PHP. Of course, I can't just send this information normally, so what are my options here? Is the only really secure option to use an SSL certificate through my web server, or is there something else that is cheaper? If SSL is my only option, where is a cheap place to register the certificate? I am completely new to SSL, so I'm totally lost here. My web host definitely does SSL, but I don't know how to use it. We use Plesk 7.5.4. And lastly, can the first page with the form be outside SSL, but the second confirmation page be in SSL? Once the user clicks the "Continue" button, will the information be visible at all before it hits the page in SSL protection?
View Replies !
|
TRACKER
