Jump to content

Credit Card Capture automatic delete?


Ray Hill

Recommended Posts

Not having a CC Details tab is not the same as having the tab but the details fields are empty.

Not having a tab means no CC details were databased.

Please confirm that, even though the customer chose Card Capture, the customer did in fact enter credit card details.

Also, look at the admin's Error Log (near the bottom of the left-side navigation panel), System Error Log tab. See if any recent entry has anything to do with the Card Capture or that particular order.

 

Link to comment
Share on other sites

@bsmither - I have news on the missing credit card details - it DOES look like the enc_key is the issue.  I just checked a credit card order for the first time that was aged 14h 20m and the card details were not visible.  I downloaded the database, located and decoded the config data to extract the enc_key and compared it with other backups - the most recent being a week ago.  The enc_key had changed in 3 of the 4 backups that I checked over the past 7 weeks.

I'm going to attempt to insert the previous enc_key to see if that will make the credit card details visible again.

My theory is that CubeCart looks for the enc_key and if it doesn't get the right response then CubeCart creates a new enc_key.  Even if an enc_key already exists, if there is some failure then it gets rewritten.

Can you suggest what to change in the CubeCart code to STOP the enc_key from continually being overwritten? Or maybe a workaround to hard code the key rather than having it drawn from the database.

Link to comment
Share on other sites

You can try this - (be sure to read the note):

In /includes/global.inc.php, add the following:

$glob['enc_key'] = "Whatever_code_you_want_to_use";

Note: You may want to consider what having this in a file may mean - security-wise. Anyone getting this can decode the card details. On the other hand, since this value is in the config array, and the log in details to your database is in this file, this edit has simply removed one or two steps from cracking the details anyway.

If I am not mistaken, there is an advisory on the Card Details page that strongly suggests that once the order is Complete, delete the card details. Keep these details for only as long as is necessary.

What we really need to do is find out what is triggering the changing of the enc_key.

Link to comment
Share on other sites

I've just raised this as a CCv6 issue on GitHub - it's been raised before but it seems to get closed without the underlying issue being resolved. My understanding is that CubeCart checks for an enc_key and if it doesn't get a yes then it creates a new one. Instead of CubeCart rewriting the enc_key on failure, the key should only be created ONCE during a fresh v6 installation or upgrade from v5 or earlier. Remove the ability to rewrite the enc_key, and instead have Cubecart report that there was an error retrieving the card details.  If all details remain the same - order ID, card details and enc_key - then another attempt to load the page would probably show the card details.

Can I use your suggestion of $glob['enc_key'] to attempt to use the previous key from backup (rather than modifying the database) so I can retrieve card details for a recent order? If so, would I need to use the encoded or decoded version of the key?

Link to comment
Share on other sites

Encrypt->getEncryptKey() asks Config if it has the 'enc_key'. If so, get it from the 'config' array and return it. There would be no (obvious) reason for this to fail. The only unobvious reason would be if the Config class object has already been destroyed by PHP during PHP's overall destruction. (Certain events happen during destruction and some classes need to be re-instantiated.) But using the Encrypt class does not happen during destruction.

Use the key as you see it once you have base64_decoded the entire raw value of the 'array' column for the 'config' row.

Key/values entered into the $glob array overwrite, or add to, the Config array -- which gets saved to the config record in the database. (Except the database password which gets unset from the Config array once the Database class is instantiated.)

Link to comment
Share on other sites

I've tried changing the enc_key back to the most recent backup but no luck getting credit card details to show.  Tried my database method and also your $glob array method but inserting the old key didn't work for me - I mean, it was functional and OK and I was able to check that it didn't break anything, but it didn't resurrect the hidden credit card details.

Link to comment
Share on other sites

  • 1 month later...

I have had this issue for a while and spoke to Cubecart, I can recreate the issue now,
If you have  orders and all credit cards show, then go to your admin panel and change a store setting, it will then not show the credit card info after the change.

I just did a fake order I could see my details, went in turned off recaptach and turned it on again, went into fake order and card details were gone.

 

Andy 

 

Link to comment
Share on other sites

  • 8 months later...

Woo hoo, I just came across this issue today.   

A customer ordered some items with a CC. I received the order with credit card details. I changed from recaptcha invisible to V2 and viola, the credit card details were blank.

I then made a dummy order and could repeat the above.

Current CC version is 6.1.8 and Credit card capture 1.0.5

Yes I have a back up as well.

Link to comment
Share on other sites

Clearly I have no idea how to use Github and what ever I have done has disappeared. Frustrating as it may be, I dont find it very user friendly and without some help, I would prefer to leave it to others more competent.

A simple question as to where one starts after logging in would be a good start.

github1.thumb.PNG.33f65043eb328c6746d52e43e39944a3.PNG

 

Any help would be appreciated.

Link to comment
Share on other sites

  • 1 year later...

Further to this string, re credit card details. I am now running the latest version 6.2.2. When I change the order from pending to processing "press save and reload", the credit card details are removed as the order status now says "order complete"

I do not remember this happening in earlier editions. 

Is there an option to have the order status change to processing and the CC details remain until the order status is changed to "order complete". This is my current settings.

image.png.a15f9608a5ab6b90972b5e05e1d021cd.png

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...