Magento Forum

Where are stored (in which table) credit car numbers? 
 
blekm
Jr. Member
 
Total Posts:  21
Joined:  2008-01-31
 

in which table of magento’s database are saved credit card number?

 
Magento Community Magento Community
Magento Community
Magento Community
 
basedesignsffs
Member
 
Avatar
Total Posts:  31
Joined:  2007-12-18
 

i dont think it stores them.. i would hope not anyway.

 
Magento Community Magento Community
Magento Community
Magento Community
 
pauljosephson
Member
 
Total Posts:  37
Joined:  2007-08-31
 

To save credit card numbers (not done automatically) you have to enable it using a special payment module.  What lies below is probably totally inaccurate smile but, it is a start.

Go to menu item system -> configuration - under Sales on the left side choose the payment method.  On the payment method configuration page there should have the module option for Save CC (I believe it is the first option).  Just fill in your requirements and activate it. Saved value is encrypted/decrypted so you will not be able to view the number in the database.  This module itself just extends the Mage_Payment_Model_Method_Cc but turning on the ability to save the cc # and appears to nothing else different..

I haven’t verified the table but, I suspect it would be an entity in the table sales_order_entity_varchar.  Like I said I don’t have it active so I can’t tell you for sure. Maybe someone else knows exactly.

Hope this is what you are looking for.

 
Magento Community Magento Community
Magento Community
Magento Community
 
blekm
Jr. Member
 
Total Posts:  21
Joined:  2008-01-31
 
PJ - 10 July 2008 05:51 PM

Go to menu item system -> configuration - under Sales on the left side choose the payment method.  On the payment method configuration page there should have the module option for Save CC (I believe it is the first option).  Just fill in your requirements and activate it. Saved value is encrypted/decrypted so you will not be able to view the number in the database.  This module itself just extends the Mage_Payment_Model_Method_Cc but turning on the ability to save the cc # and appears to nothing else different..

it’s just active. where is the encrypting/decrypting function?

PJ - 10 July 2008 05:51 PM

I haven’t verified the table but, I suspect it would be an entity in the table sales_order_entity_varchar.

maybe is this. The credit card number is encrypted, right?  Is this, right?

KZEH886jyWqLrp1PxhV+qg==

?

 
Magento Community Magento Community
Magento Community
Magento Community
 
pauljosephson
Member
 
Total Posts:  37
Joined:  2007-08-31
 

I just did a general look so the flow may actually be different.  Others can correct me if I am way off base.

In the credit card code Magento first calls encrypt app/code/core/Mage/Payment/Model/Method/Cc.php (at line 59)

public function prepareSave()
    
{
        $info 
$this->getInfoInstance();
        if (
$this->_canSaveCc{
            $info
->setCcNumberEnc($info->encrypt($info->getCcNumber()));  /* <-- start here with the whole encrypt process */
        
}
       
// $info->setCcCidEnc([b]$info->encrypt[/b]($info->getCcCid())); 
        
$info->setCcNumber(null)
            ->
setCcCid(null);
        return 
$this;
    
}

which calls, if I am not mistaken, app/code/core/Mage/Core/Helper/Data.php (at line 140-147)

public function encrypt($data)
    
{
        
if (!Mage::app()->isInstalled()) {
            
return $data;
        
}
       $result 
base64_encode($this->_getCrypt()->encrypt((string)$data));       /* <-- ok lets call somebody else to do the work, then use base64  PJ */
        
return $result;
    
}

The _getCrypt a few functions down in the same file.  Calls the configuration to get the key and then returns with the class

protected function _getCrypt($key=null)
    
{
        
if (!$this->_crypt{
            
if (is_null($key)) {
                $key 
= (string)Mage::getConfig()->getNode('global/crypt/key');  
            
}
            $this
->_crypt Varien_Crypt::factory()->init($key);  /* <--- Calls to the actual encryption (see Mcrypt.php)  PJ */
        
}
        
return $this->_crypt;
    
}

Varien_Crypt can be found in /web/lib/Varien/Crypt.php, which by default returns (in this case) the class Varien_Crypt_Mcrypt found in /web/lib/Varien/Crypt/Mycrypt.php which after this long introduction to cc encoding is where the value is encrypted or decrypted. The function below is from Mycrypt.php lines 78-87 a few more lines down you will find the decrypt function of this class.

public function encrypt($data)
    
{
        
if (!$this->getHandler()) {
            
throw new Varien_Exception('Crypt module is not initialized.');
        
}
        
if (strlen($data) == 0{
            
return $data;
        
}
        
return mcrypt_generic($this->getHandler(), $data);     /* <--- Finally calls the encryption routine  PJ */
    
}

For information on the standard mycrypt functions go to .http://us3.php.net/manual/en/book.mcrypt.php

You can look in /code/core/Mage/Sales/Model/Convert/Quote.php for example of how the decryption if pulled in from an order. That process should be similar.  (see: paymentToQuotePayment or paymentToOrderPayment)

I know I got a little carried away with my answer but, I was learning at the same time

maybe is this. The credit card number is encrypted, right?  Is this, right?

KZEH886jyWqLrp1PxhV+qg==

Could be, looks a little small for a encrypted base64 encoded cc, but it is possible.

 
Magento Community Magento Community
Magento Community
Magento Community
 
blekm
Jr. Member
 
Total Posts:  21
Joined:  2008-01-31
 

thanks for your helps, I try to know how (in the code) I can intercept the credit card number and Cvv number before crypting…

can you help me? grin

 
Magento Community Magento Community
Magento Community
Magento Community
 
blekm
Jr. Member
 
Total Posts:  21
Joined:  2008-01-31
 

nobody?..........................

 
Magento Community Magento Community
Magento Community
Magento Community
 
mumrah
Jr. Member
 
Total Posts:  2
Joined:  2008-09-03
 

I was messing around with this today. Be default (I guess), Magento uses MCRYPT_BLOWFISH in MCRYPT_MODE_ECB.

 
Magento Community Magento Community
Magento Community
Magento Community
 
nikefido
Guru
 
Avatar
Total Posts:  481
Joined:  2008-07-11
New Haven, CT
 

There are PCI compliance laws to follow if you choose to store credit cart numbers. Be sure you are current on those.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top