gotts

Thank you - if I do that then I will probably have to pre-create all those cookie files right? Or will they be created automatically? is a better approach to actually provide a cookie name to use which also has a userid in it - will that work?

Here is my dilemma... I basically have a script which by means of CURL posts to a 3rd party website to perform a login and then makes another post to update a users details based on that login session. Now as my site is getting busy I have multiple users doing the same thing and it seems that on occasion curl is getting confused and updating one users details with a different users information. This is causing real problems. It seems to be that the cookie which is being used by a user after one login is being shared by other users and they end up logging in with the same cookie - confusing the 3rd party system. My code is posted below and I need to use the cookiefile and cookiejar to maintain the php session to allow me to do what I need to do. But it seems like the same cookie is being reused by all users.... Does that make sense? Is there anything I can do to change this? Please advise.... Thanks so much! Below is the code i use to both login and post the user update function hitForm($postURL, $postFields, $referer="", $showerr = FALSE, $ispost = TRUE) { global $islocal, $path_escape; $ch = curl_init(); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_URL, $postURL); if ($ispost) curl_setopt($ch, CURLOPT_POST, 1); else curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_REFERER, $referer); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $ret = curl_exec($ch); if ($error = curl_error($ch)) { if ($showerr) echo 'ERROR: ' . $error; return -1; exit; } $CU_header = curl_getinfo($ch); $CU_header["err"] = curl_errno($ch); $CU_header["errmsg"] = curl_error($ch); curl_close($ch); $returnout = $ret; //for debugging purposes for now we are logging all form posts SaveLog("hitform", "F[".$this->curruserid." - ".$this->currfunc." - ".date("d-m-y h:i:s")."]".$postFields); return $ret; }

Hi, I need some serious advice. A client wants me to create a page for him where users can enter credit card details in order to pay for a specific service. The problem is that the client doenst want it paid and processed immediately and therfore things like paypal are not an option. I know there are many major concerns in storing CC information but I thought of a possible solution and I wanted some feedback: Ofcourse using a SSL connection a page will accepts all user details including Credit Card details. PHP wil lthen split the CC number into two parts - The First 12 digits (Part 1) and the last 4 digits (Part 2) A randomly password will then be generated and used to encrypt Part 1 and then Part 1 and all other user details will be stored in mysql database. Another random password will be generated to encrypt Part 2 of CC - the PASSWORD will be stored in the database and Part 2 together with the Expiry date of CC and a userid (generated after inserting above record into DB ) will be EMAILED to the site adminstrator. Also the password from Part 1 will be included in the email. The adminstrator on receiving the email will login to the page and provide to a ssl webpage form the designated USERID, Password for Part 1,Expiry date of Credit Card and the encrypted Part 2. Php will then do the rest - find the record in DB and decrypt both part 1 and part 2 and display all information to user. User will then do a manual credit card process and then all data is deleted from database. I know this is clumsy but my client doesnt mind and it seems like the safest option to me. No full CC number stored on any database. No generally stored password which could be compromised etc. Please give me feedback. Thanks so much.