This is a function I use to check that a card is valid:
function order_check_card($cc_number) {
$temp_cc=ereg_replace(" ", "", $cc_number);
$temp_cc=ereg_replace("-", "", $cc_number);
$length=strlen($temp_cc);
if ($length<16) {
return FALSE;
}
$str1="";
$sum2=0;
for ($i=($length-2);$i>=0;$i=$i-2) {
$val1=substr($temp_cc, $i, 1);
$sum1=intval($val1)*2;
$sum1=strval($sum1);
$str1.=$sum1;
$val2=substr($temp_cc, ($i+1), 1);
$sum2+=intval($val2);
$j=$i+1;
}
//Check for odd digit cc nos (AMEX/VISA)
//if so, we add on the '0th' element that is missed from above
$check=$length/2;
if ($check!=floor($check)) {
$val2=substr($temp_cc, 0, 1);
$sum2+=intval($val2);
}
$length2=strlen($str1);
for ($i=($length2-1);$i>=0;$i--) {
$val3=substr($str1, $i, 1);
$sum3+=intval($val3);
}
//Check it is divisible by 10
$card_total=$sum2+$sum3;
$fraction=$card_total/10;
if ($fraction!=floor($fraction)){
return FALSE;
}
return TRUE;
}
Storing credit cards is never totally secure, but I do it sometimes for clients who can't afford setting up a merchant account. The way I do it is to store cards in a BLOB field encoded, there is an encode function in MYSQL where you can specify the salt, ie
INSERT INTO table VALUES ($order_number, encode('$card_no','$salt'));
You can retrieve it by using a select:
SELECT *, decode(card_no,'$salt') as card_number from table where...
I think this is correct syntax, it is off the top of my head.
As a security measure I send the client an e-mail when the order arrives. They go online into a secure, password protected area, and view the order. Once the order is viewed the card is removed from the system.
Hope this is useful,
Chris
