osCommerce: Mask credit card numbers for old orders

I recently discovered that osCommerce does not automatically remove credit card information for old orders. Here is a little script that I dropped into admin/orders.php that silently masks credit card numbers for orders older than 14 days. One day, I will learn how to create a legitimate module.

$cc_numbers_query = tep_db_query("select orders_id, cc_number from " . TABLE_ORDERS . " where orders_status=3 AND last_modified < (DATE_ADD(NOW(), INTERVAL -14 DAY))"); while ($cc_num = tep_db_fetch_array($cc_numbers_query)) { $fullcc = $cc_num['cc_number']; if ($fullcc && (!strstr($fullcc, 'x'))) { // hasn't previously been processed $newcc=''; for ($a=0;$a<(strlen($fullcc)-4);$a++) { $newcc .= 'x'; } $newcc .= substr($fullcc,-4); $editcc_query = tep_db_query("update " . TABLE_ORDERS . " set cc_number = '" . $newcc . "' where orders_id = " . $cc_num['orders_id']); } }

2 comments

  1. Jamie says:

    Hi,

    What part of the code did you insert this in? What line and what is the code above or the code that was replaced? This is exactly what I have been looking for!

  2. rkassissieh says:

    I created a new script file admin/expirecc.php and then invoked it from admin/orders.php, so that it would execute whenever the staff check pending orders.

    admins/orders.php, line 14: require_once(‘expirecc.php’);