Jump to content

Encrypting and Decrypting ... Hmmm...

bri0987

By bri0987
in PHP Coding Help

 Share

Recommended Posts

bri0987 Member

bri0987

Posted
  • Author
Posted

what about is:

 

What is the deal with storing credit card information in a database

 

Can anyone give me some in sight on this.

 

1.) What is the best way to go about it?

2.) What is use to encrypt and decrypt the info?

 

 

And anything else that you may think is important on this issue.

 

Let me know

 

thanks

 

BRI

bri0987 Member

bri0987

Posted
  • Author
Posted

I am using paypal

 

Paypal Payments Pro Pay Flow Pro Addition

 

or for short Version2

 

 

With version 2 there is really no online documentation  beside the API stuff

 

 

So what is the best way to send a credit card from one form to another.

 

 

Can I set a session and just pass the string to the second page or is this not recommended???

revraz Member

revraz

Posted
Posted

There is no reason for you to send any CC info to PayPal, they can do all of that through PayPal itself.

 

 

I am using paypal

 

Paypal Payments Pro Pay Flow Pro Addition

 

or for short Version2

 

 

With version 2 there is really no online documentation  beside the API stuff

 

 

So what is the best way to send a credit card from one form to another.

 

 

Can I set a session and just pass the string to the second page or is this not recommended???

bri0987 Member

bri0987

Posted
  • Author
Posted

I was or the phone with paypal so I dont know what your trying to say.

 

 

>>> Let me ask my question in a different way <<<

 

Paypal does not send back the credit card information to a webpage.

 

They only send back a result.

 

>>>>

 

I need to RE show the customers information before they click submit.

 

So on the last page the customer will be able to review their information.

Example:

 

Shipping Info

blah blah

 

Billing Info

Blah Blah

 

Credit Card Info:

xxxx-xxxx-xxxx-1234

Exp Date: 02/2008

blah blah

 

then when they click SUBMIT >>> Paypal will take over and process the Credit card information.

 

Paypal will return a result. ex: "Result = 0" "Result = -1"  "Result = 1" "Result = 2"  etc etc...

 

I will use the result to header locate to the appreciate page.

 

...

 

My question is:

 

What is the most secure way to send the customers credit card information and billing information to the "Review Page"

 

I was just thinking about using $_SESSION variable's and then destroying the variables once the user gets to the review page

 

Does that sound secure or should I go another way...

 

What does everyone think?

 

Thanks

 

BRI

bri0987 Member

bri0987

Posted
  • Author
Posted

Okay let me start over.

 

I am using paypal as a gateway... Thats it. Nothing more.

 

The user (customer) never knows paypal was used in the processing of there credit card.

 

The user never leaves the domain. (Paypal works in the back ground).

 

>>> Here is what I want to happen. <<<

 

... After the user enters in all of their information...

 

The user will sent to a review page.

 

The review page will allow the user to see everything one last time before clicking SUBMIT.

 

>>> My question <<<

 

What is the most secure way to redisplay the information to the user?

 

I was thinking to just set some $_SERVER variables and then display them on the Review Page for the user before they click submit.

Then I will destroy the variables once the page is loaded.

 

 

Does that sound like it is okay or is there a better way of doing it... like Encrypting and Decrypting the data in the $_SERVER variables? >>

 

 

cooldude832 Advanced Member

cooldude832

Posted
Posted

Okay let me explain things this way using paypal because I think you are missing the point, people do not give they numbers to anyone but paypal or special people like newegg, amazon, etc.  I do not know what you run, but assuming you are asking for help on this you do not qualify as a "special persons"  What paypal does is you integrate it into your server, you can do paypal a few ways.  1 way is you add all your items into paypal and pass data to paypal and it computes it based on the quantity/item numbers.  Secondly you can do a single item case where you send paypal a total and finalizes it all there.

 

The second is what I think will work for you, all you need to do is pass to paypal your account number, and your total.  Paypal will be mostly transparent, but not completly as is it shouldn't be so people can see their on paypal's server and its secure (or secure paypal through you), paypal can then return them to your site and give a thank you page.

 

THen once payment clears paypal can be set up to "ping" your action page saying payment cleared on an order and you can ship it do what ever.  You just need to look into paypal and passing a custom variable to it.  I have done this before and it works fine.

bri0987 Member

bri0987

Posted
  • Author
Posted

I dont think you have seen this product from paypal then.

 

The user never knows I am using a paypal gateway to process there order.

 

The user stays on my domain under the SSL

 

I pass a string to paypal using "curl_init()"...

 

for example:

 

USER=SAMPLE&VENDOR=SAMPLE&PARTNER=PayPal&PWD=SAMPLE&TENDER=C&TRXTYPE=A&ACCT=5105105105105100&EXPDATE=1209&STREET=123 Main St.&CVV2=123&VERBOSITY=MEDIUM&AMT=1.00

 

Then PayPal send a result. It is passed back to me inside of a $result variable

 

for example:

 

HTTP/1.1 200 OK Connect: close Server: VPS-3.033.00 X-VPS-Request-ID: 5241f7e9dc17d21571525f80ae0b692e Date: Tue, 13 Nov 2007 00:29:19 GMT Content-type: text/namevalue Content-length: 40 

$RESULT=26&RESPMSG=Invalid vendor account 

 

 

But I dont need to know how to work paypal. I know so far.

 

What I need to know is:

 

What is the most secure way to redisplay sensitive information to the user?

 

I was thinking of just setting some $_SERVER variables (First name, address Credit card info, etc) and then display them on the Review Page for the user before they click submit.

Then I will destroy the variables once the page is loaded.

 

Does that sound like it is okay or is there a better way of doing it... like Encrypting and Decrypting the data in the $_SERVER variables?

 

I'm not sure of this

bri0987 Member

bri0987

Posted
  • Author
Posted

Anyone?

 

What is the most secure way to redisplay sensitive information to the user?

 

I was thinking of just setting some $_SERVER variables (First name, address Credit card info, etc) and then display them on the Review Page for the user before they click submit.

Then I will destroy the variables once the page is loaded.

  • 2 months later...
vinod79 Newbie

vinod79

Posted
Posted

As far as you display the numbers under a SSL connection, there is no problem.

 

A secure connection is established between your client computer and your webserver.

 

1. Clients fill data and submits over secure SSL connection

2. Your confirmation script collects the data and stores in hidden fields and display text for conformation.

3. Clients confirm the data and submit

4. Your processing script enters order details into database and calls paypal pro functions.

 

 

As long as the above  are done on a secure ssl connection, there is no problem.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.