Here's my good deed for the day!
I noticed in the archives some warranted concern about storing customers
credit card numbers in the database. With this in mind I put together the
following to allow admin users to clear the credit card number when the
order has been processed:
First make the following ACTION file called CLEAR_CREDITCARD_NUMBER and
place it in modules/actions/ (note that this just writes "Cleared" over the
credit card number)
------------------------------------------------------------------
<?php
/*
** File: CLEAR_CREDITCARD_NUMBER
** Description: Allow company personnel to clear credit card number
** from a particular invoice for security reasons.
** Created: 5/1/2001
** Author: Nick Lo
** Email: [EMAIL PROTECTED]
**
*/
/* Make sure the user has admin rights. */
if( !$UserInfo["Permission"]["Administrate"] )
{
print(L_CLEAR_CREDITCARD_NUMBER_DENIED . "<BR>\n");
}
else
{
$Query = "UPDATE billing ";
$Query .= "SET CreditCardNumber = 'Cleared' ";
$Query .= "WHERE Invoice = " .intval($invoice_ID). " ";
/* Execute the query. */
if (!mysql_query($Query, $DatabaseLink))
{
$ActionResults[] = "Error: " . mysql_errno() . " which means " .
mysql_error() . " Query was: $Query";
}
else
{
$ActionResults[] = L_CLEAR_CREDITCARD_NUMBER_SUCCESS;
}
}
?>
------------------------------------------------------------------
Second, provide a "Clear credit card number" button in edit_invoice. I've
included some of the original code above and below my addition to indicate
where I added my bit.
------------------------------------------------------------------
/* Finish up the form. */
print("<TR><TD COLSPAN=\"2\">\n");
print("<INPUT TYPE=\"SUBMIT\" VALUE=\"" . L_EDITINVOICE_SUBMIT .
"\">\n");
print("<INPUT TYPE=\"RESET\" VALUE=\"" . L_EDITINVOICE_RESET .
"\">\n");
print("</TD></TR>\n");
print("</TABLE>\n");
print("</FORM>\n");
}
/* Lab2: Output the form to allow the user to clear Credit Card
number from billing. */
print(StartForm("edit_invoice", 'post', 'CLEAR_CREDITCARD_NUMBER',
FALSE,
array("invoice_ID"=>$invoice_ID)));
print("<TABLE>\n");
print("<TR><TD><B>" . L_EDITINVOICE_CLEAR_CREDITCARD_NUMBER .
"</B></TD></TR>\n");
print("<TR><TD>\n");
print("<INPUT TYPE=\"SUBMIT\" VALUE=\"" .
L_EDITINVOICE_CLEAR_CREDITCARD_SUBMIT . "\">\n");
print("<INPUT TYPE=\"hidden\" NAME=\"invoiceID\"
VALUE=\"$invoice_ID\">\n");
print("</TD></TR>\n");
print("</TABLE>\n");
print("</FORM>\n");
/* Finish up the overall table. */
print("</TD></TR>\n</TABLE><BR>\n");
}
------------------------------------------------------------------
Third, add a column to the list of invoices in admin_invoice that indicates
whether the credit card no has been cleared or not. This is my code added to
the original code.
------------------------------------------------------------------
/*
** If everything's okay so far, we can output the list of invoices.
** Since there are multiple invoice_status records for every
invoice, we'll
** only output the most current. That means we'll have to skip
several of
** the records.
*/
if ($proceedWithReport)
{
/* Start the table and do the headings. */
print("<TABLE BORDER=\"0\" WIDTH=\"100%\"><TR><TD>\n");
print("<TABLE>\n");
print("<TR><TD COLSPAN=\"3\">\n");
print("<B>" . L_ADMININVOICE_INVOICEREPORT . "</B>\n");
print("</TD></TR>\n");
print("<TR>\n");
print("<TD><B>" . L_ADMININVOICE_INVOICE . "</B></TD>\n");
print("<TD><B>" . L_ADMININVOICE_STATUS . "</B></TD>\n");
print("<TD><B>" . L_ADMININVOICE_DATE . "</B></TD>\n");
print("<TD><B>" . L_ADMININVOICE_NOTES . "</B></TD>\n");
print("<TD><B>" . L_ADMININVOICE_CREDITCARD_CLEARED .
"</B></TD>\n");
print("</TR>\n");
$currentInvoice = -1;
while ($row = mysql_fetch_row($invoiceRecords))
{
/*
** If this is just another status record for the same
invoice,
** skip it.
*/
if ($currentInvoice == $row[0])
{
continue;
}
/* Nope, it's a new invoice. */
else
{
$currentInvoice = $row[0];
/* Parse the row. */
$i = 0;
$ID = $row[$i++];
$Status = $row[$i++];
$Created = $row[$i++];
$Description = $row[$i++];
$CreditCardNumber = $row[$i++];
/*Lab2: Set Credit Card status. */
if ($CreditCardNumber != "Cleared")
{
$CreditCardNumber = "Not Cleared";
}
else
{
$CreditCardNumber = "Cleared";
}
/* Output it. */
print("<TR>\n");
print("<TD><A HREF=\"" . ScreenURL("edit_invoice") .
"&invoice_ID=$ID\">");
print("$ID</A></TD>\n");
print("<TD>" . prepareText($Status) . "</TD>\n");
print("<TD>$Created</TD>\n");
print("<TD>" . prepareText($Description) . "</TD>\n");
print("<TD>" . $CreditCardNumber . "</TD>\n");
print("</TR>\n");
}
}
print("</TABLE>\n");
print("</TD></TR></TABLE><BR>\n");
}
}
?>
------------------------------------------------------------------
Finally add your own text in the language file for all the above, e.g.:
//CLEAR_CREDITCARD_NUMBER
define("L_CLEAR_CREDITCARD_NUMBER_DENIED", "Access denied!");
define("L_CLEAR_CREDITCARD_NUMBER_SUCCESS", "Credit Card Number cleared for
this invoice.");
Hope this is clear and useful (and I hope I've not missed anything), if
anyone has any comments/adjustments/criticisms about my code please let me
know.
Nick Lo
----------------------
Lab2 Design Unit
URL: www.lab2.com.au
e-mail: [EMAIL PROTECTED]
----------------------
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
