Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I got messaged off list which I don't appreciate.
But, yes PHP5 only or you could replace the lines for PHP4 and on:
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
With:
if( !function_exists( mhash ) ) {
$keys[] = sha1( sha1( $array[$x] ) );
} elseif( !function_exists( sha1 ) ) {
$keys[] = md5( md5( $array[$x] ) );
} else {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
That will look to see if the 'mhash()', 'sha1()' functions exist and use
them accordingly. HTH.
Jason Gerfen wrote:
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP
to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
printed format by the merchant. Since my client processes all of the
credit
card orders by hand this seems like an ideal solution.
I had a client that did offline (manual) processing of credit card
orders as well. With liability issues and the problems that others
have already pointed out, storing the credit card information was not
an option, yet my client still needed some way of having the data
available offline.
Consider the following:
ISSUERLENGTH
Diner's Club/Carte Blanche 14
American Express 15
VISA 13 or 16
MasterCard16
Discover 16
Security checks aside (like making sure they selected the type of
card and that it matched the algorithm - VISA beginning with 4 and
being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16,
beginning with 51xx to 55xx, et cetera), I then had a hybrid of
storage and delivery.
Mail the first ? rand(4,6); ? digits to the sales email
address(es) on file. Three addresses on two domains were used for
redundancy in this case. Store the remaining digits in the database.
You could write your own encryption algorithm or use one that is
publicly-available and reversible (Blowfish is what I was using, at
128, key length of 56 lower ASCII characters, padded with 7 on the key
and four on the output - MD5, SHA1, et al are NOT options here).
The sales department then received the first digits of the credit
card number via email, which stated it was an order key. Again, in my
Using the order number as the key is bad practice. Here is a random key
generator that you could use for your public/private keys and still use
the blowfish cipher as your method of encrypting:
?PHP
function ReadFolder( $folder )
{
if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) {
$rand_image = GenerateError( Couldn't open directory );
} else {
$rand_image = array();
if( $handle = opendir( $folder ) ) {
while( false !== ( $file = readdir( $handle ) ) ) {
if( $file != . $file != .. $file != index.html
!is_dir( $file ) ) {
$rand_image[] = $file;
}
}
closedir( $handle );
}
}
return $rand_image;
}
function MakeSuperRandom()
{
return srand( ( double ) microtime( time() ) * 10 );
}
function PickRandomImages( $array )
{
$num1 = count( $array );
$num1 = $num1 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num1 );
$image[] = $array[$img_num];
$num2 = count( $array );
$num2 = $num2 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num2 );
$image[] = $array[$img_num];
$num3 = count( $array );
$num3 = $num3 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num3 );
$image[] = $array[$img_num];
return $image;
}
function ChkArray( $array )
{
if( ( empty( $array ) ) || ( count( $array ) 3 ) ) {
$data = 1;
} else {
$data = 0;
}
return $data;
}
function GeneratePrivKey( $array )
{
if( empty( $array ) ) {
$data = GenerateError( Missing data for GeneratePrivKey function. );
} else {
for( $x = 0; $x count( $array ); $x++ ) {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
for( $y = 0; $y count( $keys ); $y++ ) {
if( count( $keys ) == $keys[$y] ) {
$data .= $keys[$y];
} else {
$data .= $keys[$y] . :;
}
}
}
return $data;
}
function GeneratePubKey( $data )
{
return md5( $data );
}
function EncData( $data, $key )
{
$td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' );
$iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM );
$ks = mcrypt_enc_get_key_size( $td );
@mcrypt_generic_init( $td, $key, $iv );
$encrypted = mcrypt_generic( $td, $data );
echo brbCiphered Text using Random Image Hash as Key:/bpre .
$encrypted . /prebr;
@mcrypt_generic_deinit( $td );
@mcrypt_generic_init( $td, $key, $iv );
$decrypted = mdecrypt_generic(
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What I wrote there will work but I would highly recommend recompiling
PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries
can be found on sourceforge. http://libmcrypt.sourceforge.net
Jason Gerfen wrote:
I got messaged off list which I don't appreciate.
But, yes PHP5 only or you could replace the lines for PHP4 and on:
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
With:
if( !function_exists( mhash ) ) {
$keys[] = sha1( sha1( $array[$x] ) );
} elseif( !function_exists( sha1 ) ) {
$keys[] = md5( md5( $array[$x] ) );
} else {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
That will look to see if the 'mhash()', 'sha1()' functions exist and use
them accordingly. HTH.
Jason Gerfen wrote:
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders
in
the database (product info and customer info) and then using GnuPG or PGP
to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
printed format by the merchant. Since my client processes all of the
credit
card orders by hand this seems like an ideal solution.
I had a client that did offline (manual) processing of credit card
orders as well. With liability issues and the problems that others
have already pointed out, storing the credit card information was not
an option, yet my client still needed some way of having the data
available offline.
Consider the following:
ISSUERLENGTH
Diner's Club/Carte Blanche 14
American Express 15
VISA 13 or 16
MasterCard16
Discover 16
Security checks aside (like making sure they selected the type of
card and that it matched the algorithm - VISA beginning with 4 and
being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16,
beginning with 51xx to 55xx, et cetera), I then had a hybrid of
storage and delivery.
Mail the first ? rand(4,6); ? digits to the sales email
address(es) on file. Three addresses on two domains were used for
redundancy in this case. Store the remaining digits in the database.
You could write your own encryption algorithm or use one that is
publicly-available and reversible (Blowfish is what I was using, at
128, key length of 56 lower ASCII characters, padded with 7 on the key
and four on the output - MD5, SHA1, et al are NOT options here).
The sales department then received the first digits of the credit
card number via email, which stated it was an order key. Again, in my
Using the order number as the key is bad practice. Here is a random key
generator that you could use for your public/private keys and still use
the blowfish cipher as your method of encrypting:
?PHP
function ReadFolder( $folder )
{
if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) {
$rand_image = GenerateError( Couldn't open directory );
} else {
$rand_image = array();
if( $handle = opendir( $folder ) ) {
while( false !== ( $file = readdir( $handle ) ) ) {
if( $file != . $file != .. $file != index.html
!is_dir( $file ) ) {
$rand_image[] = $file;
}
}
closedir( $handle );
}
}
return $rand_image;
}
function MakeSuperRandom()
{
return srand( ( double ) microtime( time() ) * 10 );
}
function PickRandomImages( $array )
{
$num1 = count( $array );
$num1 = $num1 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num1 );
$image[] = $array[$img_num];
$num2 = count( $array );
$num2 = $num2 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num2 );
$image[] = $array[$img_num];
$num3 = count( $array );
$num3 = $num3 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num3 );
$image[] = $array[$img_num];
return $image;
}
function ChkArray( $array )
{
if( ( empty( $array ) ) || ( count( $array ) 3 ) ) {
$data = 1;
} else {
$data = 0;
}
return $data;
}
function GeneratePrivKey( $array )
{
if( empty( $array ) ) {
$data = GenerateError( Missing data for GeneratePrivKey function. );
} else {
for( $x = 0; $x count( $array ); $x++ ) {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
for( $y = 0; $y count( $keys ); $y++ ) {
if( count( $keys ) == $keys[$y] ) {
$data .= $keys[$y];
} else {
$data .= $keys[$y] . :;
}
}
}
return $data;
}
function GeneratePubKey( $data )
{
return md5( $data );
}
function EncData( $data, $key )
{
$td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' );
$iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM );
$ks = mcrypt_enc_get_key_size( $td );
@mcrypt_generic_init( $td, $key, $iv );
$encrypted =
[PHP-DB] Configuring PHP with MySQL
Hi, I have installed following things on windows machine. 1. Apache HTTP Server 2.2.4 2. PHP 5.2.3 3. MySQL 5.0.45 I am getting mysql_connect() not found. I have downloaded libmysql.dll, php_mysql.dll php_mysqli.dll and copied to c:\php\ext. I have uncommented these dll files in php.ini and still getting the same issue. I am not able to see mysql table in phpinfo(), and seeing only mysqli. Could anybody help me on this issue? Not able to resolve this from past 3 days. Any help/suggestions appreciated. Thanks Balaji -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Configuring PHP with MySQL
You should have a line like this in your httpd.conf PHPIniDir C:/Program Files/Apache Group/Apache2.2/php5.2 Make sure that is pointing to the directory where your php.ini is located. Success is the ability to go from one failure to another with no loss of enthusiasm. Sir Winston Churchill -Original Message- From: Balaji A [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 26, 2007 00:04 To: php-db@lists.php.net Subject: [PHP-DB] Configuring PHP with MySQL Hi, I have installed following things on windows machine. 1. Apache HTTP Server 2.2.4 2. PHP 5.2.3 3. MySQL 5.0.45 I am getting mysql_connect() not found. I have downloaded libmysql.dll, php_mysql.dll php_mysqli.dll and copied to c:\php\ext. I have uncommented these dll files in php.ini and still getting the same issue. I am not able to see mysql table in phpinfo(), and seeing only mysqli. Could anybody help me on this issue? Not able to resolve this from past 3 days. Any help/suggestions appreciated. Thanks Balaji -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP-DB] Credit Card Encryption
Instead functions and strategies to hide or divide information, why not using PHP with PECL extension and GnuPG to manage data using public/private key. This way is safer and easier. Only 3 lines of code: $gpg = new gnupg(); $gpg - addencryptkey(43243243243243243243243243243243242); $card_stored = $gpg - encrypt($Customer_card); http://pecl.php.net/package/gnupg http://php.net/manual/en/ref.gnupg.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] XSS
Am facig problem with XSS cross Site scripting general on our web site, and i think its a coding issue since our dedicated server run Linux with apache mysql and php... any recommendation to resolve this issue -- madunix
Re: [PHP-DB] XSS
On Dec 26, 2007 3:05 PM, Mad Unix [EMAIL PROTECTED] wrote: Am facig problem with XSS cross Site scripting general on our web site, and i think its a coding issue since our dedicated server run Linux with apache mysql and php... any recommendation to resolve this issue Recode the site, and next time you need help, ask a more specific question and provide details. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Download google spreadsheet
I would like to get the information in a google spreadsheet (of a client) programatically into my database. I was thinking of using cURL, downloading the file into Excel, then uploading it into my database using a scheduled task, then cronjob some code to make it useful. However, the google spreadsheet displayed is not Excel though it has the option to download as Excel in a menu item. Can someone point me in the right direction on this, via Excel or otherwise? Thanks, John -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Download google spreadsheet
You might check the google documents api: http://code.google.com/apis/documents/overview.html -TG - Original Message - From: ioannes [EMAIL PROTECTED] To: php-db@lists.php.net Date: Wed, 26 Dec 2007 23:59:12 + Subject: [PHP-DB] Download google spreadsheet I would like to get the information in a google spreadsheet (of a client) programatically into my database. I was thinking of using cURL, downloading the file into Excel, then uploading it into my database using a scheduled task, then cronjob some code to make it useful. However, the google spreadsheet displayed is not Excel though it has the option to download as Excel in a menu item. Can someone point me in the right direction on this, via Excel or otherwise? Thanks, John -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
