[ic] orders always encrypt credit card number
Curt Hauge
interchange-users@interchange.redhat.com
Thu Nov 8 14:26:01 2001
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01C16858.81F655E0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
> Quoting Curt Hauge (chc@mninter.net):
> > I recently upgraded to 4.8.2 from 4.6.5. I am receiving my
> orders with both
> > credit card AND the invoice encrypted. I would like just the whole order
> > encrypted. The docs stated to set either encrypt OR credit card to 1 (or
> > both to encrypt both). Am I missing something else? I have restarted
> > Interchange after making changes. The variables listed are set in
> > variable.txt as such:
> > ENCRYPTOR /usr/local/bin/gpg
> > PGP_KEY orders@mysite.com
> > ORDERS_TO orders@mysite.com
> You don't mention that you tried running gpg from the command
> line, *as the Interchange UID*, with:
>
> echo test | /usr/local/bin/gpg --always-trust -e -a -r
> 'orders@mysite.com'
>
> If that doesn't yield an encrypted message, you probably have a
> GPG keyring
> problem.
Thanks for your response, Mike. Yes, the encryption is working fine (and the
test yielded 'test'). However, it is encrypting the card and then the whole
order even though I have credit card set to 0 and encrypt set to 1. I want
it to encrypt the order only. I'm using a 4.6.5 catalog.cfg with the order
routine from 4.8.2 catalog.cfg. I have attached it if anyone cares to have a
look. I have looked for duplicate entries, but perhaps I am missing a key
variable? This is not a major problem, more likely 'wishing it worked like
before the upgrade'. =)
Curt Hauge
------=_NextPart_000_000A_01C16858.81F655E0
Content-Type: application/octet-stream;
name="catalog.cfg"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="catalog.cfg"
# Set the sitewide information. The initial settings
# in the "variable" table are shown below; subsequent
# changes are only in the database, not below.
VariableDatabase variable
### These reflect the initial settings set above;
### if you uncomment them they will override it.
#
#Variable SERVER_NAME www.mysite.com
#Variable CGI_URL /cgi-bin/mysite
#Variable SECURE_SERVER http://www.mysite.com
#Variable ORDERS_TO chc@inter.net
#Variable IMAGE_DIR /mysite/images
#Variable DOCROOT /home/mysite/www
#Variable SAMPLEHTML /home/mysite/www/mysite
#Variable SAMPLEURL http://www.mysite.com/mysite
#
#Variable COMPANY My Site Test
#Variable ENCRYPTOR none
#
#Variable SOMESQL =20
#Variable MYSQL =20
#Variable PGSQL =20
#Variable ORACLE =20
#Variable SQLDSN =20
#Variable SQLDB =20
#Variable SQLUSER =20
#Variable SQLPASS =20
## END SITE CONFIGURATION
ParseVariables Yes
#########
######### Set the catalog URLS, using the Variable settings above.
#########
##
## The URLs which are written to call the CGI link script.
##=20
VendURL http://__SERVER_NAME____CGI_URL__
SecureURL __SECURE_SERVER____CGI_URL__
## Set the image path for relative images
ImageDir __IMAGE_DIR__/
ImageDirInternal http://__SERVER_NAME____IMAGE_DIR__/
##
#########
#########=20
#########
#########
######### Some user session related settings...
#########
#
#
## Whether to encrypt passwords in UserDB
## We usually don't for users, so we can mail them their password
## We DO in admin, that is set in catalog_after.cfg
UserDB default crypt 0
## Change a field to something that doesn't conflict in MySQL
UserDB default time_field mod_time
## Don't want people setting their credit limit or dealer status =
directly
UserDB default scratch "dealer credit_limit"
### minimal login stuff for affiliate
UserDB affiliate user_field affiliate
UserDB affiliate database affiliate
UserDB affiliate time_field none
UserDB affiliate crypt 0
## Set some initial values
ScratchDefault mv_add_dot_html 1
ScratchDefault mv_no_session_id 1
ScratchDefault mv_no_count 1
ScratchDefault order_style 1
ValuesDefault mv_shipmode uspsi=20
ValuesDefault show_basket 1
#
#
#########
#########
#########
################################################################
######## These define the variables for templating ########
######## You see them in pages with __LEFTRIGHT_TOP__ ########
######## ########
######## Files are actually in templates/regions dir ########
######## ########
################################################################
## Define some colors
##
Variable HEADERBG BGCOLOR=3D"#669999"
Variable HEADERTEXT #FFFFFF
Variable TITLEBG BGCOLOR=3D"#669999"
Variable TITLETEXT #FFFFFF
## Put in memory with high traffic settings
## Better performance this way
## TRAFFIC is defined in interchange.cfg
##
## Variables used in these files must have been previously defined
#ifdef @TRAFFIC =3D~ /high/i
ParseVariables Yes
ConfigDir templates/regions
Variable NOLEFT_TOP <NOLEFT_TOP
Variable NOLEFT_BOTTOM <NOLEFT_BOTTOM
Variable LEFTRIGHT_TOP <LEFTRIGHT_TOP
Variable LEFTRIGHT_BOTTOM <LEFTRIGHT_BOTTOM
Variable LEFTONLY_TOP <LEFTONLY_TOP
Variable LEFTONLY_BOTTOM <LEFTONLY_BOTTOM
Variable SEL_LEFT_TOP <SEL_LEFT_TOP
Variable SEL_LEFT_BOTTOM <SEL_LEFT_BOTTOM
Variable SEL_ALL_TOP <SEL_ALL_TOP
Variable SEL_ALL_BOTTOM <SEL_ALL_BOTTOM
Variable INDEX_BOTTOM <INDEX_BOTTOM
ConfigDir config
#endif
## Use [include ...] with low traffic settings, file read every time
## template changes show up immediately this way
## TRAFFIC is defined in interchange.cfg
##
#ifdef @TRAFFIC =3D~ /low/i
Variable NOLEFT_TOP [include templates/regions/NOLEFT_TOP]
Variable NOLEFT_BOTTOM [include templates/regions/NOLEFT_BOTTOM]
Variable LEFTRIGHT_TOP [include templates/regions/LEFTRIGHT_TOP]
Variable LEFTRIGHT_BOTTOM [include =
templates/regions/LEFTRIGHT_BOTTOM]
Variable LEFTONLY_TOP [include templates/regions/LEFTONLY_TOP]
Variable LEFTONLY_BOTTOM [include =
templates/regions/LEFTONLY_BOTTOM]
Variable SEL_LEFT_TOP [include templates/regions/SEL_LEFT_TOP]
Variable SEL_LEFT_BOTTOM [include =
templates/regions/SEL_LEFT_BOTTOM]
Variable SEL_ALL_TOP [include templates/regions/SEL_ALL_TOP]
Variable SEL_ALL_BOTTOM [include =
templates/regions/SEL_ALL_BOTTOM]
Variable INDEX_BOTTOM [include templates/regions/INDEX_BOTTOM]
#endif
#
################################################################
################################################################
ParseVariables Yes
# Sets Interchange to not parse <BODY MV=3D"body 1"> and other tags =
within
# HTML tags, use [pragma no_html_parse 0] to enable on a page
Pragma no_html_parse
MailOrderTo __ORDERS_TO__
################################################################
######## DATABASE SETUP ########
######## ########
######## When you defined your catalog, you specified ########
######## a database type. This region uses #include ########
######## to include the database definitions based ########
######## on that choice. ########
######## ########
######## See the directories in dbconf/ for the ########
######## different types. ########
######## ########
################################################################
##
##
#ifndef SQLDSN
Variable SQLDSN =20
#endif
#####
##### MySQL
#####
#ifdef MYSQL
Message Using MySQL, DSN=3D__SQLDSN__.
# Tell the default DBM we are using something else...
Variable SOME_DATABASE 1
# Uncomment if needed
#Variable SQLUSER foo
#Variable SQLPASS bar
# The table defs are in separate files in the dbconf/mysql directory,
# the ones kept in DBM are in TABLENAME.dbm files.
#include dbconf/mysql/*
#endif
#####
##### PostgreSQL
#####
#ifdef PGSQL
Message Using PostgreSQL, DSN=3D__SQLDSN__.
# Tell the default DBM we are using something else...
Variable SOME_DATABASE 1
# Uncomment and edit if needed
#Variable SQLUSER foo
#Variable SQLPASS bar
# The table defs are in separate files in the dbconf/pgsql directory,
# the ones kept in DBM are in TABLENAME.dbm files.
#include dbconf/pgsql/*
#endif
#####
##### Oracle
#####
#ifdef ORACLE
Message Using Oracle, DSN=3D__SQLDSN__.
# Tell the default DBM we are using something else...
Variable SOME_DATABASE 1
# Oracle considers 'session', 'size', and 'comment' to be reserved
# words. Since we use those as column names, attach this arbitrary
# string to the end of each word to make it acceptable to Oracle.
# Note that this must be defined before the #include below.
Variable FIELDMUNGE =20
# Uncomment and edit if needed
#Variable SQLUSER foo
#Variable SQLPASS bar
# The table defs are in separate files in the dbconf/oracle directory,
# the ones kept in DBM are in TABLENAME.dbm files.
#include dbconf/oracle/*
#endif
#####
##### Default DBM if nothing else defined
#####
#ifndef SOME_DATABASE
# The table defs are in separate files in the dbconf/dbm directory.
Message Using default DBM database.
#include dbconf/default_db/*
#endif
ProductFiles products
##
##
################################################################
######## end database setup #######
################################################################
AlwaysSecure ord/checkout multi/checkout
AsciiTrack logs/tracking.asc
################################################################
######## Pricing setup #######
################################################################
######## #######
######## In the construct demo, if the user is logged #######
######## in and is marked as a "dealer" (1 in the #######
######## dealer field in the userdb database) then #######
######## they are given quantity discounts based on #######
######## price groups. (All products except gift_cert #######
######## are in price group 1 as distributed.) If #######
######## the quantity is 1, then pricing comes from #######
######## the "wholesale" field in the products #######
######## database. #######
######## #######
######## If the user is not a dealer (or not logged in) #######
######## then pricing just comes from "price". #######
######## #######
######## There is an Autoload routine that determines #######
######## the dealer status and changes the PriceField #######
######## definition if they are. #######
######## #######
######## The "gift_cert" AutoModifier allows special #######
######## receipt, basket, and checkout display handling #######
######## for items defined as a gift_cert. #######
######## #######
PriceField price
CommonAdjust pricing:price_group,q5,q10: ;:wholesale ;$
AutoModifier pricing:price_group
AutoModifier products:gift_cert
UserDB default scratch dealer
Autoload <<EOR
[perl]
if($Scratch->{dealer}) {
$Config->{PriceField} =3D 'no_price';
}
[/perl]
EOR
######## #######
################################################################
## Set this to No if you don't want auto-login capability for users
CookieLogin Yes
# This sets up the new payment charge mode in Interchange 4
# You set it to "custom name", where name is the name of a GlobalSub
# that performs the charge operation. If it is not "custom", then
# it will use the CyberCash routines.
#
# "minivend_test" is special, and the demo order profile
# works with the demo order form to test
#
#Variable MV_PAYMENT_MODE minivend_test
# Uncomment to use creditCardAuto if you want, now handled better in
# order profiles with "&credit_card=3Dstandard".
#CreditCardAuto Yes
# These are usually all you need for CyberCash 3
# Uncomment and edit to suit; make sure you remove CreditCardAuto =
somehow
#
#Variable CYBER_CONFIGFILE =
/home/you/yourid75/mck-cgi/merchant_conf
#Variable CYBER_VERSION 3.2
#Variable CYBER_MODE mauthonly
#ifdef CYBER_MODE
Variable MV_PAYMENT_MODE mauthonly
CreditCardAuto No
#endif
EncryptProgram __ENCRYPTOR__
EncryptKey __PGP_KEY__
# Uncomment only if you have these locales on your system
#Locale de_DE
#Locale de_DE LC_CTYPE de_DE
#Locale fr_FR
#Locale en_US
Locale en_US LC_CTYPE C
LocaleDatabase locale
Onfly onfly
OrderCounter etc/order.number
OrderLineLimit 25
OrderProfile etc/profiles.order etc/profiles.login etc/profiles.misc
# This makes CommonAdjust effective, since no_price doesn't exist
ReadPermission group
RobotLimit 50
# Here we override Interchange's normal order routine
ActionMap order <<EOR
sub {
#Log('in order action');
if($CGI->{mv_nextpage} ne 'order') {
# Do nothing
}
elsif($Values->{no_basket}) {
$CGI->{mv_nextpage} =3D 'ord/nobasket';
}
else {
$CGI->{mv_nextpage} =3D 'ord/basket';
}
$CGI->{mv_order_item} =3D $CGI->{mv_arg}
if ! $CGI->{mv_order_item};
$Tag->update('values');
return 1;
}
EOR
ActionMap deliver <<EOR
sub {
my $deliverable =3D shift;
$Scratch->{deliverable} =3D $CGI->{mv_arg};
$CGI->{mv_nextpage} =3D 'deliver';
return 1;
}
EOR
ActionMap get_password <<EOR
sub {
$Config->{NoSearch} =3D '';
$CGI->{mv_nextpage} =3D $CGI->{mv_search_page} =3D =
'action/get_password';
$CGI->{mv_todo} =3D 'search';
$Tag->update('process');
return;
}
EOR
ParseVariables Yes
Route log attach 0
Route log cybermode ""
Route log empty 1
Route log encrypt 0
Route log increment 0
Route log report etc/log_transaction
Route log supplant 0
Route log track logs/log
Route log_entry attach 0
Route log_entry cybermode ""
Route log_entry empty 1
Route log_entry encrypt 0
Route log_entry increment 0
Route log_entry report etc/log_entry
Route log_entry supplant 0
Route log_entry track logs/log
Route copy_user attach 0
Route copy_user cybermode ""
Route copy_user empty 1
Route copy_user encrypt 0
Route copy_user increment 0
Route copy_user report etc/mail_receipt
Route copy_user supplant 0
Route copy_user track logs/log
# Main route must be last to make default
Route main attach 0
Route main credit_card 0
Route main cybermode ""
Route main default 1
Route main email '__ORDERS_TO__'
Route main encrypt 1
Route main errors_to '__ORDERS_TO__'
Route main increment 0
Route main pgp_cc_key '__PGP_KEY__'
Route main pgp_key '__PGP_KEY__'
Route main receipt etc/receipt.html
Route main report etc/report
Route main supplant 1
Route main individual_track orders
Route main track logs/tracking.asc
# Order routes can be maintained in a database, empty in demo
# CHANGES TO THIS WILL OVERRIDE THE ROUTES ABOVE
RouteDatabase route
SalesTax __TAXFIELD__
FractionalItems Yes
SeparateItems Yes=20
SpecialPage catalog index
SpecialPage report ../etc/report
SpecialPage receipt ../etc/receipt
NoCache admin config multi ord query reconfig special
Static __CATALOG_STATIC__
StaticLogged __LOGGED_STATIC__
StaticAll Yes
StaticDBM static
StaticDepth 2
StaticDir __SAMPLEHTML__/pages
StaticFly Yes
StaticPath __SAMPLEURL__/pages
TaxShipping __TAXSHIPPING__
#ifdef UI_TRAFFIC_STATS
TrackFile __UI_TRAFFIC_STATS__
#endif
UpsZoneFile products/554.csv
UseModifier size color
History 10
UserTag history-scan Order find exclude default
UserTag history-scan addAttr
UserTag history-scan Routine <<EOR
my %var_exclude =3D ( qw/
mv_credit_card_number 1
mv_pc 1
mv_session_id 1
/);
sub {
my ($find, $exclude, $default) =3D @_;
my $ref =3D $Vend::Session->{History}
or return $Tag->area($default || $Config->{SpecialPage}{catalog});
my ($hist, $href, $cgi);
$exclude =3D qr/$exclude/ if $exclude;
for(my $i =3D $#$ref; $i >=3D 0; $i--) {
#Log("checking $ref->[$i][0] for $exclude");
if ($exclude and $ref->[$i][0] =3D~ $exclude) {
next;
}
if($find) {
next unless $ref->[$i][0] =3D~ /$find/;
}
($href, $cgi) =3D @{$ref->[$i]};
last;
}
return $Tag->area($default || $Config->{SpecialPage}{catalog})
if ! $href;
my $form =3D '';
for(grep !$var_exclude{$_}, keys %$cgi) {
$form .=3D "\n$_=3D";
$form .=3D join("\n$_=3D", split /\0/, $cgi->{$_});
}
return $Tag->area( { href =3D> $href, form =3D> $form} );
}
EOR
WritePermission group
# Here you can set up fatal errors if a necessary sub or usertag
# doesn't exist, uncomment one of next lines to test
#
#Require globalsub nevairbe
#Require usertag nevairbe
Require usertag email
Require usertag email_raw
Require usertag var
Require usertag loc
Require usertag summary
Require usertag button
------=_NextPart_000_000A_01C16858.81F655E0--