Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

CC info not being displayed... Rate Topic   - - - - -

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 06 April 2011 - 02:04 PM #1

...HELP! Site has been fine for years, but now I notice no pending orders are displaying the credit card info. ? When I do a test, my order comes through fine and displays the cc info, but no other orders.

What could be wrong, and what db table can I look in for answers?

Thank you for ANY help you can give... very nervous about this one.

[Edit : running 1.3.4sp3, I know, I know.]

[Edit : to clarify, when viewing order details in admin backend, the payment method line is displayed in full for every pending order. But the credit card, card number, name, date, and ccv fields and data are not displayed at all. Except for my recent test order, in which everything looks fine. ?]

[Edit : just edited a recent order after calling customer back to get cc info, and order processes and displays correctly. So, what may have happened to all of our other orders? Thanks again for any help...]

[Edit : just tried restoring to an earlier backup, both files and db... no joy, payment fields and data still not being displayed in order details, but new or edited orders display/process fine. I'm stumped, and worried about the stability of cart and future storage of numbers (we ship live plants and do not process payment until order ships in spring). Host doesn't see anything peculiar. Thoughts?]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 06 April 2011 - 07:40 PM #2

Ok, thinking I know what happened, or at least I hope I know... the host installed an add-on to another cart, and we're thinking the add-on and/or upgrade in php has now changed the key to how our cart encrypts/decrypts. They did this yesterday, and today is when I started to see the issue. That is why new and edited orders are fine (new key), but old/previous/open orders cannot display the fields properly (originally used an old key).

Does this sound possible?

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 06 April 2011 - 09:54 PM #3

If you didn't change your blowfish encryption key in config.php, it could be that your host has upgraded PHP and the older hash methods used in your script are no longer supported or. they haven't installed the mcrypt module and Crypt_Blowfish was using that engine to encrypt your existing data.
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 06 April 2011 - 11:49 PM #4

S-Combs, so happy to get your response, thank you! That is exactly what it seems has happened. I noticed a PHP 5.2.17 build dated yesterday, which is when I began to get problems, and when I asked about it, that's when the host said they updated it and added a mod. I have not touched my crypt key.

So, loaded question is, how can I/they get the old data back? It can't be as simple as installing the mcrypt module you speak of, can it? If so, how and where?

Thank you again!

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 12:16 AM #5

So, loaded question is, how can I/they get the old data back? It can't be as simple as installing the mcrypt module you speak of, can it? If so, how and where?

Thank you again!


That is difficult to answer and it may not be possible.

The first step will be to figure out if your new server has mcrypt installed.. (It will be listed in phpinfo if it is)

If your old server had the mcrypt php module installed and the new server does not then, recompiling php with mcrypt on the new server 'might' restore your data.

If the opposite is true and your old server didn't have mcrypt and the new one does then this will require some editing of the code in classes/crypt/Blowfish.php and disabling the following conditionals. I honestly don't know if that will restore your missing data but it should force it to use the same method as if on a server without mcrypt.

        if (extension_loaded('mcrypt')) {
$this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
$this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
}
        if (extension_loaded('mcrypt')) {
return mcrypt_generic($this->_td, $plainText);
}
        if (extension_loaded('mcrypt')) {
return mdecrypt_generic($this->_td, $cipherText);
}
        if (extension_loaded('mcrypt')) {
mcrypt_generic_init($this->_td, $key, $this->_iv);
return true;
}

Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 12:44 AM #6

PHP Info states mcrypt 2.5.8 enabled. Not sure what it was before, if any. ?

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 12:56 AM #7

Here is classes/crypt/Blowfish.php from the 1.3.4-sp3 release with the mcrypt conditionals disabled.. First backup your existing file then upload this one and see if you can now view your missing data.. If this doesn't work then restore the other file again.

I don't know what else you could try if this doesn't help

<?php

if ( !defined('IN_CSCART') ) { die('Access denied'); }
//
// $Id: Blowfish.php 1913 2006-06-19 06:08:25Z zeke $
//

/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */

/**
* Crypt_Blowfish allows for encryption and decryption on the fly using
* the Blowfish algorithm. Crypt_Blowfish does not require the
* PHP extension, it uses only PHP.
* Crypt_Blowfish support encryption/decryption with or without a secret key.
*
*
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license/3_0.txt. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to license@php.net so we can mail you a copy immediately.
*
* @category Encryption
* @package Crypt_Blowfish
* @author Matthew Fonda <mfonda@php.net>
* @copyright 2005 Matthew Fonda
* @license http://www.php.net/license/3_0.txt PHP License 3.0
* @version CVS: $Id: Blowfish.php 1913 2006-06-19 06:08:25Z zeke $
* @link http://pear.php.net/.../Crypt_Blowfish
*/

global $classes_dir;
require_once $classes_dir.'pear'.DS.'PEAR.php';


/**
*
* Example usage:
* $bf = new Crypt_Blowfish('some secret key!');
* $encrypted = $bf->encrypt('this is some example plain text');
* $plaintext = $bf->decrypt($encrypted);
* echo "plain text: $plaintext";
*
*
* @category Encryption
* @package Crypt_Blowfish
* @author Matthew Fonda <mfonda@php.net>
* @copyright 2005 Matthew Fonda
* @license http://www.php.net/license/3_0.txt PHP License 3.0
* @link http://pear.php.net/.../Crypt_Blowfish
* @version @package_version@
* @access public
*/
class Crypt_Blowfish
{
/**
* P-Array contains 18 32-bit subkeys
*
* @var array
* @access private
*/
var $_P = array();


/**
* Array of four S-Blocks each containing 256 32-bit entries
*
* @var array
* @access private
*/
var $_S = array();

/**
* Mcrypt td resource
*
* @var resource
* @access private
*/
var $_td = null;

/**
* Initialization vector
*
* @var string
* @access private
*/
var $_iv = null;


/**
* Crypt_Blowfish Constructor
* Initializes the Crypt_Blowfish object, and gives a sets
* the secret key
*
* @param string $key
* @access public
*/
function Crypt_Blowfish($key)
{
/* if (extension_loaded('mcrypt')) {
$this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
$this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
}
*/
$this->setKey($key);
}

/**
* Deprecated isReady method
*
* @return bool
* @access public
* @deprecated
*/
function isReady()
{
return true;
}

/**
* Deprecated init method - init is now a private
* method and has been replaced with _init
*
* @return bool
* @access public
* @deprecated
* @see Crypt_Blowfish::_init()
*/
function init()
{
$this->_init();
}

/**
* Initializes the Crypt_Blowfish object
*
* @access private
*/
function _init()
{
$defaults = new Crypt_Blowfish_DefaultKey();
$this->_P = $defaults->P;
$this->_S = $defaults->S;
}

/**
* Enciphers a single 64 bit block
*
* @param int &$Xl
* @param int &$Xr
* @access private
*/
function _encipher(&$Xl, &$Xr)
{
for ($i = 0; $i < 16; $i++) {
$temp = $Xl ^ $this->_P[$i];
$Xl = ((($this->_S[0][($temp>>24) & 255] +
$this->_S[1][($temp>>16) & 255]) ^
$this->_S[2][($temp>>8) & 255]) +
$this->_S[3][$temp & 255]) ^ $Xr;
$Xr = $temp;
}
$Xr = $Xl ^ $this->_P[16];
$Xl = $temp ^ $this->_P[17];
}


/**
* Deciphers a single 64 bit block
*
* @param int &$Xl
* @param int &$Xr
* @access private
*/
function _decipher(&$Xl, &$Xr)
{
for ($i = 17; $i > 1; $i--) {
$temp = $Xl ^ $this->_P[$i];
$Xl = ((($this->_S[0][($temp>>24) & 255] +
$this->_S[1][($temp>>16) & 255]) ^
$this->_S[2][($temp>>8) & 255]) +
$this->_S[3][$temp & 255]) ^ $Xr;
$Xr = $temp;
}
$Xr = $Xl ^ $this->_P[1];
$Xl = $temp ^ $this->_P[0];
}


/**
* Encrypts a string
*
* @param string $plainText
* @return string Returns cipher text on success, PEAR_Error on failure
* @access public
*/
function encrypt($plainText)
{
if (!is_string($plainText)) {
PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE);
}

/* if (extension_loaded('mcrypt')) {
return mcrypt_generic($this->_td, $plainText);
}
*/
$cipherText = '';
$len = strlen($plainText);
$plainText .= str_repeat(chr(0),(8 - ($len%8))%8);
for ($i = 0; $i < $len; $i += 8) {
list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8));
$this->_encipher($Xl, $Xr);
$cipherText .= pack("N2", $Xl, $Xr);
}
return $cipherText;
}


/**
* Decrypts an encrypted string
*
* @param string $cipherText
* @return string Returns plain text on success, PEAR_Error on failure
* @access public
*/
function decrypt($cipherText)
{
if (!is_string($cipherText)) {
PEAR::raiseError('Chiper text must be a string', 1, PEAR_ERROR_DIE);
}

/* if (extension_loaded('mcrypt')) {
return mdecrypt_generic($this->_td, $cipherText);
}
*/
$plainText = '';
$len = strlen($cipherText);
$cipherText .= str_repeat(chr(0),(8 - ($len%8))%8);
for ($i = 0; $i < $len; $i += 8) {
list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8));
$this->_decipher($Xl, $Xr);
$plainText .= pack("N2", $Xl, $Xr);
}
return $plainText;
}


/**
* Sets the secret key
* The key must be non-zero, and less than or equal to
* 56 characters in length.
*
* @param string $key
* @return bool Returns true on success, PEAR_Error on failure
* @access public
*/
function setKey($key)
{
if (!is_string($key)) {
PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE);
}

$len = strlen($key);

if ($len > 56 || $len == 0) {
PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE);
}

/* if (extension_loaded('mcrypt')) {
mcrypt_generic_init($this->_td, $key, $this->_iv);
return true;
}
*/
global $classes_dir;
require_once $classes_dir.'crypt'.DS.'DefaultKey.php';
$this->_init();

$k = 0;
$data = 0;
$datal = 0;
$datar = 0;

for ($i = 0; $i < 18; $i++) {
$data = 0;
for ($j = 4; $j > 0; $j--) {
$data = $data << 8 | ord($key{$k});
$k = ($k+1) % $len;
}
$this->_P[$i] ^= $data;
}

for ($i = 0; $i <= 16; $i += 2) {
$this->_encipher($datal, $datar);
$this->_P[$i] = $datal;
$this->_P[$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[0][$i] = $datal;
$this->_S[0][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[1][$i] = $datal;
$this->_S[1][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[2][$i] = $datal;
$this->_S[2][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[3][$i] = $datal;
$this->_S[3][$i+1] = $datar;
}

return true;
}

}

?>

Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 01:01 AM #8

Ok, so we're just trying to comment those 4 areas out. I'll try anything at this point... be back asap...

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 01:18 AM #9

S-Combs, you are a freaking rock star!

All older orders now display the payment info! I can't tell you how much I appreciate this! Tested with a new order and it too displays properly!

There are just a few newer orders I will need to get into and edit, but you have saved me hours of work and embarrassment calling customers!

Anything else I need to do in the future to prevent this? (Besides switch to you for hosting?) Will this edited file be ok for future "upgrades"?

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 01:28 AM #10

I'm glad it worked for you

You can switch the files back in order to copy the info of the new orders then switch back again when done and update those records...

You will need to modify the Blowfish.php file again to disable those mcrypt conditionals when you do upgrade because, there are a couple path changes and it has been relocated to the lib/crypt directory in newer versions.
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 01:36 AM #11

When you speak of newer versions, are you speaking of

a) newer versions of CS?

B) when things change (php, etc.) on our server without our knowing?

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 01:38 AM #12

And does this edited file/blowfish/key thing have anything to do with PayPal? Seems like stuff isn't displaying in that either, but not a big deal.

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 01:42 AM #13

New CS upgrades.

I do need to warn you though about future PHP upgrades because the next one might kill your store. CS-Cart v1.x is not compatible with PHP 5.3 and the PHP 5.2 tree was discontinued last month..

You really must start thinking about upgrading before it's too late
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 01:44 AM #14

And does this edited file/blowfish/key thing have anything to do with PayPal? Seems like stuff isn't displaying in that either, but not a big deal.


No this should have no impact on Paypal
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 01:47 AM #15

Ok then, I'm not sure if this should be discussed here, but I really am interested in hosting by you, if you are interested in hosting a small-time store like ours. Especially since you helped me out in such a big way.

If I can get through this season (done shipping by mid-end of summer), then what are the costs of upgrading (if I can't do myself), and, what are your hosting fees for a small 200-500 product store?

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 07 April 2011 - 01:55 AM #16

Our plans are priced on the site and are a bit higher than many but so are our expenses since we are a specialized service.

I'd be happy to quote an upgrade for you but would need to first take a look through your site and gather some info about your existing modifications.
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 07 April 2011 - 02:03 AM #17

Well, I will definitely look you up. Our version has been fine up until now, and I knew it was going to have to go at some point. We just didn't need any other capabilities, and I didn't want the reported drop in SEO with newer versions.

Thank you so much for your help. Can't believe how great a community this is, especially with my outdated cart... wasn't expecting any help at all, much less a resolution. Very cool.

Thank you again!