Hello all, have installed and tested this great system, however - I have 2 questions
1) How can I redirect the order information to a PGP encryption for order processing - /usr/local/bin/pgp then sending to us only
2) How can we make sure that the customer email (not encrypted) has their credit card details hidden - as this seems a very big security issue at the moment.
I have looked through the EN help but can't find it.
I never really worked with PGP only done small tests. But I try to give you a direction how to implement.
1) & 2) go together in solution.
In mailer.inc.php you have to build in a condition like
if ($paym==1) { ... }
(ID of creditcard payment should taken as '1' in this example)
You have also to split the $mail_text into one part going with PGP and complete to you and part goes to user with normal mail but not complete; line 28-30.
for ($i=0; $i<$sizeof($pfield); $i++) {
if ($i!<4 or $i>6) { $mail_text_user .= $pfield[$i]; }
$mail_text2U .= $pfield[$i];
}
Perhaps in this case it is better to build some parts more of mailtexts like $mail_text_user_data, $mail_text_item_data ...
Add together what is needed for each mail.
Mail sending is in line 138 to you and 139 to user.
So far about direction, helpfull?
Maybe you or someone else code it and give it back to community?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I also have a question about this interesting topic.
As I know, PGP only encrypts emails ?! But as soon as the customer enters his credit card details an sends the data to the server, the data will be unencrypted. So even using PGP will not solve this security problem. I think it only can be solved via SSL ?
Am I wrong ?
Rainer
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes you are right - I will be using SSL and hopefully if I can diseminate the instructions above (danke Andrea!) the PGP function...
I found something called soupmail which claims to have the PGP function included and I am going to try this if I can get the thing to work - If/when I get it working Andreas, you chaps are welcome to use it haha that would be funny being a PGP and relative PHP MySQL newbie ....
Dank der Deutschen, haben wir jetzt ein technologicaly fhiges Europa
Dimitri :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Oh my God!
This seems very hard to understand for me.
Please if anyone can show the code that needs to go in the mailer.inc.php...
client - send current email as is but remove the last 4 digits (numbers ) of credit card..
and for us the order email to be posted to cgi-bin/soupmail.pl and this will handle the PGP sending.. (possibly will need hidden 'input' form field, but will tackle that later)
If anyone can help that would be great as I can not use this until these issues are dealt with ..
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello all, have installed and tested this great system, however - I have 2 questions
1) How can I redirect the order information to a PGP encryption for order processing - /usr/local/bin/pgp then sending to us only
2) How can we make sure that the customer email (not encrypted) has their credit card details hidden - as this seems a very big security issue at the moment.
I have looked through the EN help but can't find it.
Translate: http://babelfish.altavista.com/tr
Muchos Gracias!
Dimitri
I never really worked with PGP only done small tests. But I try to give you a direction how to implement.
1) & 2) go together in solution.
In mailer.inc.php you have to build in a condition like
if ($paym==1) { ... }
(ID of creditcard payment should taken as '1' in this example)
You have also to split the $mail_text into one part going with PGP and complete to you and part goes to user with normal mail but not complete; line 28-30.
for ($i=0; $i<$sizeof($pfield); $i++) {
if ($i!<4 or $i>6) { $mail_text_user .= $pfield[$i]; }
$mail_text2U .= $pfield[$i];
}
Perhaps in this case it is better to build some parts more of mailtexts like $mail_text_user_data, $mail_text_item_data ...
Add together what is needed for each mail.
Mail sending is in line 138 to you and 139 to user.
So far about direction, helpfull?
Maybe you or someone else code it and give it back to community?
I also have a question about this interesting topic.
As I know, PGP only encrypts emails ?! But as soon as the customer enters his credit card details an sends the data to the server, the data will be unencrypted. So even using PGP will not solve this security problem. I think it only can be solved via SSL ?
Am I wrong ?
Rainer
I think that's right, but with PGP the problem is little bit smaller ;-)
Yes you are right - I will be using SSL and hopefully if I can diseminate the instructions above (danke Andrea!) the PGP function...
I found something called soupmail which claims to have the PGP function included and I am going to try this if I can get the thing to work - If/when I get it working Andreas, you chaps are welcome to use it haha that would be funny being a PGP and relative PHP MySQL newbie ....
Dank der Deutschen, haben wir jetzt ein technologicaly fhiges Europa
Dimitri :)
Oh my God!
This seems very hard to understand for me.
Please if anyone can show the code that needs to go in the mailer.inc.php...
client - send current email as is but remove the last 4 digits (numbers ) of credit card..
and for us the order email to be posted to cgi-bin/soupmail.pl and this will handle the PGP sending.. (possibly will need hidden 'input' form field, but will tackle that later)
If anyone can help that would be great as I can not use this until these issues are dealt with ..