Community Add-Ons
Add file to this packageCVV for cc.php
for osCommerce Online Merchant v2.2
This Mod allows you to collect and store the CVV number from credit cards for those who use the generic cc.php payment module, allowing you to manually input the CVV number into your offline merchant terminal.
*** Use only if your Bank allows you to temporarily store the CVV number***
Download 
Report
I had problems with the cvv not being stored in the database, it was because I had a regiter globals off patch.
to get round this find
in includes/classes/order.php you will need to add around line 30 under link_post_variable('ccexpires');
link_post_variable('cvvnumber');
that did the trick for me.
file attached is blank
I have enhanced the removal.
Just add some code to "admin/orders.php"
==========Find============
// begin cvv contribution
case 'deletecvv':
$oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);
$cvvnumber = tep_db_prepare_input ($HTTP_POST_VARS['cvvnumber']);
tep_db_query("update " . TABLE_ORDERS . " set cvvnumber = null " . tep_db_input($cvvnumber) . " where orders_id = '" . tep_db_input($oID) . "'");
$order_updated = true;
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action')) . 'action=edit'));
break;
---------------Insert-------------------
// begin Remove cc number
case 'deletecc':
$oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);
$cc_number = tep_db_prepare_input ($HTTP_POST_VARS['cc_number']);
tep_db_query("update " . TABLE_ORDERS . " set cc_number = null " . tep_db_input($cc_number) . " where orders_id = '" . tep_db_input($oID) . "'");
$order_updated = true;
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action')) . 'action=edit'));
break;
// begin Remove cc expires
case 'deleteccexp':
$oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);
$cc_expires = tep_db_prepare_input ($HTTP_POST_VARS['cc_expires']);
tep_db_query("update " . TABLE_ORDERS . " set cc_expires = null " . tep_db_input($cc_expires) . " where orders_id = '" . tep_db_input($oID) . "'");
$order_updated = true;
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action')) . 'action=edit'));
break;
==========Find============
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_NUMBER; ?></td>
<td class="main"><?php echo $order->info['cc_number']; ?></td>
</tr>
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_EXPIRES; ?></td>
<td class="main"><?php echo $order->info['cc_expires']; ?></td>
</tr>
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_CVVNUMBER; ?></td>
<td class="main"><?php echo $order->info['cvvnumber']; ?></td>
<td colspan="2"> <?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deletecvv') . '">' . tep_image_button('button_removecvv.gif', X) . ' </a>';?></td>
</tr>
-----------------Replace With------------
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_NUMBER; ?></td>
<td class="main"><?php echo $order->info['cc_number']; ?></td>
<td colspan="2"> <?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deletecc') . '">' . tep_image_button('button_removecvv.gif', X) . ' </a>';?></td>
</tr>
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_EXPIRES; ?></td>
<td class="main"><?php echo $order->info['cc_expires']; ?></td>
<td colspan="2"> <?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deleteccexp') . '">' . tep_image_button('button_removecvv.gif', X) . ' </a>';?></td>
</tr>
<tr>
<td class="main"><?php echo ENTRY_CREDIT_CARD_CVVNUMBER; ?></td>
<td class="main"><?php echo $order->info['cvvnumber']; ?></td>
<td colspan="2"> <?php echo '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $HTTP_GET_VARS['oID'] . '&action=deletecvv') . '">' . tep_image_button('button_removecvv.gif', X) . ' </a>';?></td>
</tr>
-----------------That's it!------------
Regards
Andrew
Added a spanish version:
not to admin
I just have extended the CVV removal to remove completely the credit card info, so limiting the risk and improving compliance to PCI requirements.
Just add some code to "orders.php" in the admin section:
search for:
// begin cvv contribution
case 'deletecvv':
$oID = tep_db_prepare_input($HTTP_GET_VARS['oID']);
$cvvnumber = tep_db_prepare_input ($HTTP_POST_VARS['cvvnumber']);
insert following code:
tep_db_query("update " . TABLE_ORDERS . " set cc_number = null " . tep_db_input($cvvnumber) . " where orders_id = '" . tep_db_input($oID) . "'");
$order_updated = true;
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
You may also want to change the button image to be "Remove CC info"
That's it!
Just an update for Milestone 2. Sorry for the long delay on this, but there were only 2 lines in 2 files that needed to be changed from 1.23a and I was kind of hoping people could figure it out by looking at the surrounding code, lol. Only took me 6 months to update the text files and get this uploaded!
Fixed a typo in the popup help window.
Added a CVV maximum length to the configuration table so you can select both a min and a max length for the CVV number in your admin tool/panel. This is a workaround for those wishing to accept American Express which uses a 4-digit number instead of 3.
Changed javascript check on the length to reflect above DB change. And added a second JS error message to the defines.
If you have already downloaded v1.23 for MS1 there is a "Patch for AMEX" text file that documents the few changes you need to make rather than re-installing the whole contribution.
Contribution re-written specifically for OSC Milestone Release #1. I will no longer be supporting older versions of this contribution as the daily snapshot codebase was too much of a moving target. Please do not e-mail for help if you are using a daily snapshot before or after MS1. I will continue to re-write for each Milestone Release and offer support as they are released. Bottom line, if you want to make sure it works --use it on a Milestone Release! ;o) If you have a problem using it on MS1, by all means please let me know.
This 1.23 release package Contains:
Complete php files to simply replace your current files if it is a new install without any previous file edits.
Filename.txt files to just show what edits were performed if you have already modified your files and do not want to replace the complete file.
SQL commands to perform the database modifications needed.
Enhancements added since v 1.21/2:
Popup help window for the CVV along with new images (fixed non-ssl security warning as well).
Moved admin "Remove CVV button" to a more convenient location next to the CVV field in admin->edit->orders
Remove button now completely deletes the CVV number by changing it to null at the press of a button.
CVV number minimum length can be changed in the Configuration->Minimum Values section of your admin panel (no need to dig through files or open DB to change).
Fixed bug in javascript that gave 2 warning popups if CVV field was left blank during checkout.
All file edits are clearly marked within each php file.
Contribution Credits:
Original creator: Steve Kemp
cvv popup window: jchasick
This 1.22 release package Contains:
Mod install text files, optimized CVV example image and new Remove CVV # button for admin.
Does not contain:
PHP files from version 1.21
Version 1.22 is the update from version 1.21. I've added (filename.php.txt) files detailing what code should be added, at what line in each necessary file, as well as,
a mySQL.sql file with a example of the code you will have to enter into your database.
(Note: You will have to tweak it to match the format of your database configuration table.)
[[Use at your own risk]]
Updated version that adds on a java check for the CVV number of digits and also adds a button into the admin that allows you to easily remove the CVV number from the database after processing by changing it to '000'.
Many thanks and full credit to Steve Kemp for the original CVV! This is a modification of his contribution to allow the collection of the 3-digit credit card validation code on the new checkout process post November 2002. Please see warnings in his files regarding bank security. Feel free to run sample/test orders at http://www.diyreef.com/development/catalog/default.php using the CVV code.
This Mod allows you to collect and store the CVV number from credit cards for those who use the generic cc.php payment module, allowing you to manually input the CVV number into your offline merchant terminal.
*** Use only if your Bank allows you to temporarily store the CVV number***
Includes Minor Bugfix in readme and is now built on the snapshot from 28/04/2002
This Mod allows you to collect and store the CVV number from credit cards for those who use the generic cc.php payment module, allowing you to manually input the CVV number into your offline merchant terminal.
*** Use only if your Bank allows you to temporarily store the CVV number***