Jump to content

PHP Decrypt CC's - Pass the Hash

seb213

By seb213
in PHP Coding Help

 Share

Recommended Posts

seb213 Newbie

seb213

Posted
Posted

Im trying to write a script to decrypt my CC#'s, and print them to a table with the unique ID. More accurately, I already have a function to Decrypt the CC's, and the CC's already have a unique ID, but Im at a loss as to how to pass the CC hashes to the function, and return the results in a table(ID, CCNUMBER)

 

Heres what I have thus far

 

<?php
$res3 = $query = "SELECT __UserID, ccnumber FROM DB ";
	$rec3 = $res3->$result = mysql_query($query) OR die(mysql_error());

	if ($rec3["ccnumber"][0] == "_")
	{
		require_once (dirname (__FILE__)."Encryption.php");
		$strErr = "";
		$rec3["ccnumber"] = _DecryptCCNumber ($rec3["ccnumber"], $strErr);
		if (strlen ($strErr))
		{
			echo "Failed to decrypt ccnumber for the user ".$rec["username"]."\n";
			echo $strErr."\n";
			continue;
		}
	}


?>

 

The function that Encrypts/Decrypts CC's is 'Encryption.php', I cant figure out how to pass the hash from the DB to the function, and INSERT both the Unique ID and decrypted CC to a table?

 

Any help would be greatly appreciated :confused: :confused:.

 

Thanks in advance.

Link to comment
https://forums.phpfreaks.com/topic/170743-php-decrypt-ccs-pass-the-hash/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

Credit card number storing is illegal in the U.S. unless your server has been authorized by your credit card agency

I'm pretty sure your not allowed to store the CVV2 data  (last 3 digits on the signature side) but can store the non-CVV2 data, but I'm from the UK and I'm no lawyer.

 

seb213 Newbie

seb213

Posted
  • Author
Posted

Credit card number storing is illegal in the U.S. unless your server has been authorized by your credit card agency (not the service provider, the actual credit card agency).

 

I would recommend using an outside source to store this information (e.g. paypal).

 

Which is precisely why Im writing this script for my client, so they can take their information off site to a PCI compliant merchant. I don't intend to store anything.

 

gergy008 Member

gergy008

Posted
Posted

Credit card number storing is illegal in the U.S. unless your server has been authorized by your credit card agency (not the service provider, the actual credit card agency).

 

I would recommend using an outside source to store this information (e.g. paypal).

 

He's right. Even in the UK too, You have to get a proper SSL certificate from someone like verisign.

MadTechie Regular Member

MadTechie

Posted
Posted

In any case.. I don't think anyone can help without seeing the code in Encryption.php, you know a function name is nice but really doesn't help, and if you didn't write it yourself (which I a have to assume you didn't) then try referring to the documentation/website etc. (which would also mean this should be in the third party section.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.