[PHP-DB] Storing Credit Card info
I have a client that would like to store credit card information online. I have worked with shopping cart type systems in the past, but never stored CC info. What is the best way to do this? I was thinking that I can write and read using include() to a directory that is not available to the web. Then just display these on SSL so that the client can retrieve the numbers. Any ideas? Thanks much, olinux __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Storing Credit Card info
Hi olinux, If I understand what you are saying...I would use mcrypt and encrypt the stored info, keeping the KEY and IV in a separate location for when you need it. Chances that anybody will break the triple des encryption without the KEY and IV are slim to none. That way, you don't have to freak out about moving the information around, that is, until it has been decrypted. In order to convert the KEY and IV into a normal string, you need to use some base64 conversion function, I don't remember where I got that or if it was built into PHP when I did it, but I was able to get it to work pretty quickly. PHPs hooks into the mcrypt libraries are the best. So easy to use(and high quality) compared to anything else I've seen. Hope that helps, -Paul - Original Message - From: olinux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 1:22 PM Subject: [PHP-DB] Storing Credit Card info I have a client that would like to store credit card information online. I have worked with shopping cart type systems in the past, but never stored CC info. What is the best way to do this? I was thinking that I can write and read using include() to a directory that is not available to the web. Then just display these on SSL so that the client can retrieve the numbers. Any ideas? Thanks much, olinux __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Storing Credit Card info - Encryption Functions
Hi olinux, This is what I ended up doing. This will work if you have a PHP that was compiled with mcrypt as it is, just pass the info to your encrypt and decrypt functions. The key I used is 123 but you can use something different. The Initialization Vector is hard coded, but there is a function that will generate a new one for you. Look at the mcrypt_encrypt and mcrypt_decrypt functions at php.net for details. I lifted the hex2bin() from the user comments If I remember correctly. Have Fun... -Paul / function encrypt($plainText) { return(bin2hex(mcrypt_encrypt (MCRYPT_RIJNDAEL_256, 123, $plainText, MCRYPT_MODE_ECB, hex2bin(f6d53befbaac65a609e24d4b3a573ec56618b185280b615b6cde67793c7e4091)) )); } / function decrypt($cipherText) { return(mcrypt_decrypt (MCRYPT_RIJNDAEL_256, 123, hex2bin($cipherText), MCRYPT_MODE_ECB, hex2bin(f6d53befbaac65a609e24d4b3a573ec56618b185280b615b6cde67793c7e4091)) ); } / function hex2bin($data) { $len = strlen($data); for($i=0;$i$len;$i+=2) { $newdata .= pack(C,hexdec(substr($data,$i,2))); } return $newdata; } / - Original Message - From: olinux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 1:22 PM Subject: [PHP-DB] Storing Credit Card info I have a client that would like to store credit card information online. I have worked with shopping cart type systems in the past, but never stored CC info. What is the best way to do this? I was thinking that I can write and read using include() to a directory that is not available to the web. Then just display these on SSL so that the client can retrieve the numbers. Any ideas? Thanks much, olinux __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]