it is forbidden to store CVV2 number in the database

[FrankZoid]

Yes, I just upgraded a site and had to edit the files to remove CVV2 data. I prefer to edit these manually, in case something has changed as far as line numbers or such. Use ps_checkout.php.forbiddencvv2.diff.txt as a guide, you will see the line being edited, and the replacement code.

[Karl Kawano]

Great, thanks FrankZoid!!!

[winfreepcs]

Yes.

Mine works in J 1.0.12 and VM 1.0.9

I also manage to hide all the numbers except last 4 of the cc number in the email.

Make sure you can read the full cc number and CVV in the order list in the backend.

JSG

[FavoriteU]

Can someone please update this??  I am using 1.0.10 and the patch listed in this thread did not work.  I received the following error:

Hunk #1 succeeded at 864 (offset -7 lines).
Hunk #2 FAILED at 1523.
Hunk #3 succeeded at 2199 with fuzz 2 (offset 85 lines).
1 out of 3 hunks FAILED -- saving rejects to file ps_checkout.php.rej

This is a VERY important issue, and I am a bit surprised it hasn't been fixed in a release yet, and there is not more documentation concerning it.  I'm not trying to come across as a jerk, I just hate to think many people might be in violation of the T.O.S. and may not even know it. 

[Pat]

Hi,

I just manually applied the patch to ps_checkout.php VM 1.0.12 and it works fine. I think the reason it doesn't work on 1.0.12 is that the line numbers are different.

To apply manually, do this:

- make a backup of ps_checkout.php; it's located in
/administrator/components/com_virtuemart/classes/

- Find this line:

Code Select Expand

$q .= "'" . $d["order_payment_code"] . "', ";

- Change to:

Code Select Expand

$q .= "'', ";

- Find this line:

Code Select Expand

$payment_info_details .= 'CVV code: '.$_SESSION['ccdata']['credit_card_code'].'<br />';

- Change to:

Code Select Expand

//$payment_info_details .= 'CVV code: '.$_SESSION['ccdata']['credit_card_code'].'<br />';

Thanks a LOT for the patch. I don't need to get busted for story cc info.

[guilliam]

this post has been very helpful.
guess next releases should take a serious look into this issue?

- g

[Frogdog]

Is this issue still open on the later versions? I'm running VM 1.1.12... I did a quick search for CVV in my db, and found no tables. Thanks in advance for replying.

[guilliam]

Is this issue still open on the later versions? I'm running VM 1.1.12... I did a quick search for CVV in my db, and found no tables. Thanks in advance for replying.

its because its encrypted.

- g

[Frogdog]

Ah...and now I see the post right above mine (duh) and the manual patch...will apply. I agree with FavoriteU, I'm surprised this is not already setup in the core VM files this way. Thanks for the reply, will fix right now.

[QubeSys Technologies]

Well, My questions is, if Im switching off the encryption on backend, and I want to store the full credit card details on the database, then where is it stored ?