Re: Last Four of Credit Card in Invoice Emails
 

Yes, if you truncate the card number to the last 4 digits it is no longer considered a card number and you can store it. print it, etc. without worrying about PCI requirements.

Re: Last Four of Credit Card in Invoice Emails
 

ok, thanks Ralph. Can you tell me which php file I can modify the cc number is before its being written to the db?

Re: Last Four of Credit Card in Invoice Emails
 

Near the top of payment/payment_ccend.php is the code that stores the cc number.

Re: Last Four of Credit Card in Invoice Emails
 

Sorry, that is where it is stored in the customer table. payment/payment_cc.php stores it in the order. Search for store_cc to find the spot in the code that stores it.

Re: Last Four of Credit Card in Invoice Emails
 

Thanks again, Ralph. I had modified that file already but didn't seem to write the "new card number":

$blank_card_number="1234";
if ($store_cc) {
$query_data = array(
"card_name" => $card_name,
"card_type" => $card_type,
#rs - blank out credit number in database
"card_number" => addslashes(text_crypt($blank_card_number)),
#"card_number" => addslashes(text_crypt($card_number)),
#/rs

Will this only rewrite using a gateway, i.e. authorize.net or will it also write the card number here when using credit credit manual payment method?

Also you mentioned payment/payment_ccend.php stores the cc number in the customer table as well; in order to be fully compliant, should I modify the cc code in this file as well? - I had also modified this file (same code as above) as well to no avail.... but haven't tried to process an order within our authorize.net gateway.

Re: Last Four of Credit Card in Invoice Emails
 

I double-checked using our authorize.net payment gateway and its still writing the complete credit card number. Could X-Cart possibly be writing the cc number to mysql somewhere else??

Re: Last Four of Credit Card in Invoice Emails
 

Yeah, I forgot about the goofy way the credit card number storage is done in 4.1. The spot you modified in payment_cc.php is for storing the cc number into the customer table for manual credit card processing. There is similar code in payment_ccend.php for storing the cc number into the customer table for gateway transactions. You should modify both.

The saving of the cc info into the orders table is the goofy part. This code in payment_cc.php is what does that:
It builds the order_details column for the orders table using the fields defined in func_order_details_fields. It would probably be best to modify $card_number to what you want stored in the orders table before this code and restore it afterwards to avoid problems elsewhere.

Re: Last Four of Credit Card in Invoice Emails
 

Thanks Ralph. Working in CC Manual mode right now. I now see that I can modify and write the last 4 digits to the customers table, but I'm having troubles with the code to modify card_number in the orders table.

This is what I have ...



thanks.

Re: Last Four of Credit Card in Invoice Emails
 

Your if is testing the wrong variable/value. But just make life easier and move the code above the foreach loop and get rid of the if.

Re: Last Four of Credit Card in Invoice Emails
 

Thanks Ralph! That was it. I tested for both manual and gateway processing and it works fine.

Thanks again for your help!