Index: /changelog =================================================================== --- /changelog (revision 7714) +++ /changelog (revision 7715) @@ -360,2 +360,3 @@ - Bugfix: Checkboxen an WP Layout 5.3 angepasst - Bugfix: "Rechnungen ansehen" ÃŒber mehrere Rechnungen funktioniert wieder / Task #733 +- Bugfix: Updtate der VerschlÃŒsselung innerhalb Kreditkartenmodul / Task #727 Index: /controller/wpsg_SystemController.class.php =================================================================== --- /controller/wpsg_SystemController.class.php (revision 7714) +++ /controller/wpsg_SystemController.class.php (revision 7715) @@ -98,6 +98,6 @@ // Not valid - - $GLOBALS['wpsg_sc']->addBackendError(__('Ihre Eingaben in den markierten Feldern waren ungÃŒltig, bitte ÃŒberprÃŒfen.', 'wpsg').$key.$value); + + $GLOBALS['wpsg_sc']->addBackendError(__('Ihre Eingaben in den markierten Feldern waren ungÃŒltig, bitte ÃŒberprÃŒfen.', 'wpsg')); $_SESSION['sanitization_err_fields'][$key] = 0; Index: /lib/wpsg_cache.class.php =================================================================== --- /lib/wpsg_cache.class.php (revision 7714) +++ /lib/wpsg_cache.class.php (revision 7715) @@ -168,5 +168,5 @@ "); - if (intval($this->_arProducts[$product_id]['id']) !== $product_id) throw new \wpsg\Exception(wpsg_translate( + if (intval($this->_arProducts[$product_id]['id']) !== intval($product_id)) throw new \wpsg\Exception(wpsg_translate( __('Produkt #1# konnte nicht geladen werden', 'wpsg'), $product_id Index: /mods/wpsg_mod_creditcard.class.php =================================================================== --- /mods/wpsg_mod_creditcard.class.php (revision 7714) +++ /mods/wpsg_mod_creditcard.class.php (revision 7715) @@ -16,6 +16,5 @@ * Costructor */ - public function __construct() - { + public function __construct() { parent::__construct(); @@ -27,6 +26,5 @@ } // public function __construct() - public function install() - { + public function install() { require_once(WPSG_PATH_WP.'/wp-admin/includes/upgrade.php'); @@ -36,10 +34,10 @@ */ $sql = "CREATE TABLE ".WPSG_TBL_ORDER." ( - mod_creditcard_typ VARCHAR(255) NOT NULL, - mod_creditcard_inhaber VARCHAR(255) NOT NULL, - mod_creditcard_knr VARCHAR(255) NOT NULL, - mod_creditcard_pruefz VARCHAR(255) NOT NULL, - mod_creditcard_gueltigm VARCHAR(255) NOT NULL, - mod_creditcard_gueltigj VARCHAR(255) NOT NULL + mod_creditcard_typ BLOB NOT NULL, + mod_creditcard_inhaber BLOB NOT NULL, + mod_creditcard_knr BLOB NOT NULL, + mod_creditcard_pruefz BLOB NOT NULL, + mod_creditcard_gueltigm BLOB NOT NULL, + mod_creditcard_gueltigj BLOB NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;"; @@ -52,4 +50,5 @@ $this->shop->checkDefault('wpsg_mod_creditcard_mwst', '0'); $this->shop->checkDefault('wpsg_mod_creditcard_mwstland', '0'); + $this->shop->checkDefault('wpsg_mod_creditcard_schluessel', wpsg_genCode(256)); } // public function install() @@ -62,6 +61,5 @@ } - public function settings_save() - { + public function settings_save() { $this->shop->update_option('wpsg_mod_creditcard_bezeichnung', $_REQUEST['wpsg_mod_creditcard_bezeichnung'], false, false, WPSG_SANITIZE_TEXTFIELD); @@ -72,9 +70,9 @@ $this->shop->update_option('wpsg_mod_creditcard_mwstland', $_REQUEST['wpsg_mod_creditcard_mwstland'], false, false, WPSG_SANITIZE_CHECKBOX); $this->shop->update_option('wpsg_mod_creditcard_schluessel', $_REQUEST['wpsg_mod_creditcard_schluessel'], false, false, WPSG_SANITIZE_TEXTFIELD); - + } // public function settings_save() - public function addPayment(&$arPayment) { - + public function addPayment(&$arPayment) { + if (is_admin() || $this->shop->get_option('wpsg_mod_creditcard_aktiv') == '1') { @@ -105,5 +103,5 @@ public function checkCheckout(&$state, &$error, &$arCheckout) { - if(wpsg_isSizedString($arCheckout['payment'])) { + if (wpsg_isSizedString($arCheckout['payment'])) { if ($arCheckout['payment'] != $this->id) return; @@ -155,6 +153,5 @@ if ($this->checkCreditCardNumber($typ, $knr) == false) { $_SESSION['wpsg']['errorFields'][] = 'mod_creditcard_knr'; $this->shop->addFrontendError(__('Bitte die Kartennummer ÃŒberprÃŒfen (Kreditkarte)', 'wpsg')); $error = true; } - //checkCreditCardNumber($typ, $knr); - + } @@ -200,8 +197,10 @@ // Daten in die Bestelltabelle hinzutragen - + + /* Alter Algorithmus < PHP 7.1 //AES256 //string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] ) $key = $this->shop->get_option("wpsg_mod_creditcard_schluessel"); + $iv = mcrypt_create_iv(16, MCRYPT_RAND); @@ -214,11 +213,22 @@ $db_data['mod_creditcard_inhaber'] = base64_encode($iv.mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $checkout['mod_creditcard_inhaber'], MCRYPT_MODE_CBC, $iv)); $db_data['mod_creditcard_knr'] = base64_encode($iv.mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $checkout['mod_creditcard_knr'], MCRYPT_MODE_CBC, $iv)); - + */ + + $key = $this->shop->get_option("wpsg_mod_creditcard_schluessel"); + $iv = random_bytes(16); + $encrypt_method = "AES-256-CBC"; + + $db_data['mod_creditcard_typ'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_typ'], $encrypt_method, $key, 0, $iv)); + $db_data['mod_creditcard_pruefz'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_pruefz'], $encrypt_method, $key, 0, $iv)); + $db_data['mod_creditcard_gueltigm'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_gueltigm'], $encrypt_method, $key, 0, $iv)); + $db_data['mod_creditcard_gueltigj'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_gueltigj'], $encrypt_method, $key, 0, $iv)); + $db_data['mod_creditcard_inhaber'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_inhaber'], $encrypt_method, $key, 0, $iv)); + $db_data['mod_creditcard_knr'] = wpsg_q($iv.'|'.$encrypt_method.'|'.openssl_encrypt($checkout['mod_creditcard_knr'], $encrypt_method, $key, 0, $iv)); + } } - public function order_view_afterpayment(&$order_id) - { + public function order_view_afterpayment(&$order_id) { $order_data = $this->shop->cache->loadOrder($order_id); @@ -226,74 +236,14 @@ if ($order_data['type_payment'] != $this->id) return; - $this->shop->view['wpsg_mod_creditcard']['typ'] = $order_data['mod_creditcard_typ']; - $this->shop->view['wpsg_mod_creditcard']['pruefz'] = $order_data['mod_creditcard_pruefz']; - $this->shop->view['wpsg_mod_creditcard']['gueltigm'] = $order_data['mod_creditcard_gueltigm']; - $this->shop->view['wpsg_mod_creditcard']['gueltigj'] = $order_data['mod_creditcard_gueltigj']; - $this->shop->view['wpsg_mod_creditcard']['inhaber'] = $order_data['mod_creditcard_inhaber']; - $this->shop->view['wpsg_mod_creditcard']['knr'] = $order_data['mod_creditcard_knr']; + $this->shop->view['wpsg_mod_creditcard']['typ'] = $this->decrypt($order_data['mod_creditcard_typ']); + $this->shop->view['wpsg_mod_creditcard']['pruefz'] = $this->decrypt($order_data['mod_creditcard_pruefz']); + $this->shop->view['wpsg_mod_creditcard']['gueltigm'] = $this->decrypt($order_data['mod_creditcard_gueltigm']); + $this->shop->view['wpsg_mod_creditcard']['gueltigj'] = $this->decrypt($order_data['mod_creditcard_gueltigj']); + $this->shop->view['wpsg_mod_creditcard']['inhaber'] = $this->decrypt($order_data['mod_creditcard_inhaber']); + $this->shop->view['wpsg_mod_creditcard']['knr'] = $this->decrypt($order_data['mod_creditcard_knr']); $this->shop->render(WPSG_PATH_VIEW.'/mods/mod_creditcard/order_view_afterpayment.phtml'); } // public function order_view_afterpayment(&$order_id) - - public function make_iban($blz, $kontonr, $land_kuerzel) - { - - $blz8 = str_pad ( $blz, 8, "0", STR_PAD_RIGHT); - $kontonr10 = str_pad ( $kontonr, 10, "0", STR_PAD_LEFT); - $bban = $blz8 . $kontonr10; - $pruefsumme = $bban."131400"; - $modulo = (bcmod($pruefsumme,"97")); - $pruefziffer =str_pad ( 98 - $modulo, 2, "0",STR_PAD_LEFT); - $iban = $land_kuerzel.$pruefziffer.$bban; - - return $iban; - - } // public function make_iban($blz, $kontonr) - - public function test_iban($iban) - { - - $iban = str_replace(' ', '', $iban); - $iban1 = substr($iban, 4).strval(ord($iban{0}) - 55).strval(ord($iban{1}) - 55). substr($iban, 2, 2); - - for ($i = 0; $i < strlen($iban1); $i++) - { - - if(ord($iban1{$i}) > 64 && ord($iban1{$i}) < 91) - { - - $iban1 = substr($iban1, 0, $i).strval(ord($iban1{$i}) - 55).substr($iban1, $i + 1); - - } - - } - - $rest = 0; - - for ($pos=0; $pos < strlen($iban1); $pos += 7) - { - - $part = strval($rest).substr($iban1, $pos, 7); - $rest = intval($part) % 97; - - } - - $pz = sprintf("%02d", 98-$rest); - - if (substr($iban, 2, 2) == '00') - { - - return substr_replace($iban, $pz, 2, 2); - - } - else - { - - return ($rest == 1)?true:false; - - } - - } // public function test_iban( $iban ) /** @@ -302,14 +252,6 @@ * @see wpsg_mod_basic::wpsg_mod_export_loadFields() */ - public function wpsg_mod_export_loadFields(&$arFields) - { - /* - mod_creditcard_typ VARCHAR(255) NOT NULL, - mod_creditcard_inhaber VARCHAR(255) NOT NULL, - mod_creditcard_knr VARCHAR(255) NOT NULL, - mod_creditcard_pruefz VARCHAR(255) NOT NULL, - mod_creditcard_gueltigm VARCHAR(255) NOT NULL, - mod_creditcard_gueltigj VARCHAR(255) NOT NULL - */ + public function wpsg_mod_export_loadFields(&$arFields) { + $arFields[10]['fields']['mod_creditcard_typ'] = __('Kreditkartentyp', 'wpsg'); $arFields[10]['fields']['mod_creditcard_inhaber'] = __('Kreditkarteninhaber', 'wpsg'); @@ -321,40 +263,35 @@ } // public function wpsg_mod_export_loadFields(&$arFields) - public function wpsg_mod_export_getValue(&$return, $field_value, $o_id, $p_id, $productkey, $product_index, $profil_separator) - { + public function wpsg_mod_export_getValue(&$return, $field_value, $o_id, $p_id, $productkey, $product_index, $profil_separator) { $arOrder = $this->shop->cache->loadOrder($o_id); $value = ""; - - if ($field_value == 'mod_creditcard_typ') - { - $value = $arOrder['mod_creditcard_typ']; - } - if ($field_value == 'mod_creditcard_inhaber') - { - $value = $arOrder['mod_creditcard_inhaber']; - } - if ($field_value == 'mod_creditcard_knr') - { - $value = $arOrder['mod_creditcard_knr']; - } - if ($field_value == 'mod_creditcard_pruefz') - { - $value = $arOrder['mod_creditcard_pruefz']; - } - if ($field_value == 'mod_creditcard_gueltigm') - { - $value = $arOrder['mod_creditcard_gueltigm']; - } - if ($field_value == 'mod_creditcard_gueltigj') - { - $value = $arOrder['mod_creditcard_gueltigj']; - } - + + switch ($field_value) { + + case 'mod_creditcard_typ': $value = $this->decrypt($arOrder['mod_creditcard_typ']); break; + case 'mod_creditcard_inhaber': $value = $this->decrypt($arOrder['mod_creditcard_inhaber']); break; + case 'mod_creditcard_knr': $value = $this->decrypt($arOrder['mod_creditcard_knr']); break; + case 'mod_creditcard_pruefz': $value = $this->decrypt($arOrder['mod_creditcard_pruefz']); break; + case 'mod_creditcard_gueltigm': $value = $this->decrypt($arOrder['mod_creditcard_gueltigm']); break; + case 'mod_creditcard_gueltigj': $value = $this->decrypt($arOrder['mod_creditcard_gueltigj']); break; + + } + $return = $value; } // public function wpsg_mod_export_getValue(&$return, $field_value, $o_id, $p_id, $productkey, $product_index, $profil_separator) - + + private function decrypt($string) { + + $arString = explode('|', $string); + $key = $this->shop->get_option("wpsg_mod_creditcard_schluessel"); + $iv = $arString[0]; + $m = $arString[1]; + $t = implode('', array_slice($arString, 2)); + + return openssl_decrypt($t, $m, $key, 0, $iv); + + } + } // class wpsg_mod_creditcard extends wpsg_mod_basic - -?> Index: /views/mods/mod_creditcard/paymenthint.phtml =================================================================== --- /views/mods/mod_creditcard/paymenthint.phtml (revision 7714) +++ /views/mods/mod_creditcard/paymenthint.phtml (revision 7715) @@ -11,11 +11,7 @@