CVV Field required

**wkdwich** · 03-07-2011, 10:31 AM

First, please no lectures about PCI compliance, my client is absolutely PCI compliant, as well this mod ensures this..

Last year, after trying to get other CVV mod's installed, I combined 2 older mods which perform like so

adds CVV field to payment checkout
CVV is never written to DB but only emailed to merchant along with the middle 8 credit card numbers, even though there was a DB field created for it
check boxes on admin order to remove the remaining CC info (1st 4 & last 4 of the card # & exp date) when updating status

The problem is the CVV field is not required, the customer can proceed without filling out the field.. I (my client) need it required.

The 2 mods I combined are:

o http://www.oscommerce.com/community/contributions,4377
o http://www.oscommerce.com/community/contributions,1227

I believe in catalog/includes/classes/cc_validation.php
near:

Code:

 $l = strlen($cvv);
 if (strlen($cr_card_type) > 0 && ($this->cc_type != $cr_card_type)) {
  return -5;
 }

I need something to the effect of this (which I found in another mod) but my coding skills suck and I am unclear how to change this to make it work for my needs.

Code:

      $this->cc_cvv = $cvv;
      if ((MODULE_PAYMENT_CC_CVV == 'True') && ($cvv_length > 0)) { // using CVV and card is known to have CVV
        if (strlen($cvv) != $cvv_length) { // bad length
          $this->errmsg = sprintf(CCERR_BAD_CVV, $this->cc_type, $cvv_length);
          return -5;

If I can make this part work I will bundle the mod and post it..

Thanks..

**wkdwich** · 03-10-2011, 06:05 AM

I really would like to get this done.. if someone can give me a pointer where to start I would appreciate that.. the urnacy however is gone because the merchant didn't notice that now the CVV was coming in the email, so they are getting it, just not all the time because the field is not required.

thanks

**pgmarshall** · 03-10-2011, 09:24 AM

Which module are you collecting the credit card details in? It might be easier to add a simple javascript to check the field is filled in ...

Regards,

**wkdwich** · 03-10-2011, 09:44 AM

/catalog/modules/payment/cc.php

Code:

   $confirmation = array('fields' => array(array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_OWNER,
                                                    'field' => tep_draw_input_field('cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname'])),
                                              array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_NUMBER,
                                                    'field' => tep_draw_input_field('cc_number_nh-dns')),
                                           array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_CVV  . ' ' .'<a href="javascript:CVVPopUpWindow(\'' . tep_href_link(FILENAME_POPUP_CVV, '', 'SSL') . '\')">' . MODULE_PAYMENT_CC_TEXT_CVV_LINK . '</a>',
                                                 'field' => tep_draw_input_field('cc_cvv', '', 'size=4 maxlength=4')),
                                              array('title' => MODULE_PAYMENT_CC_TEXT_CREDIT_CARD_EXPIRES,
                                                    'field' => tep_draw_pull_down_menu('cc_expires_month', $expires_month) . '&nbsp;' . tep_draw_pull_down_menu('cc_expires_year', $expires_year))));

And then in /catalog/classes/cc_validation.php:

Code:

// LINE MODIFIED: Added $cvv, $cr_card_type
    function validate($number, $expiry_m, $expiry_y, $cvv, $cr_card_type) {
      $this->cc_number = ereg_replace('[^0-9]', '', $number);

then further down in the same file:

Code:

  class cc_validation {
    var $cc_type, $cc_number, $cc_expiry_month, $cc_expiry_year;

// BOF: MOD - CVV
 $l = strlen($cvv);
 if (strlen($cr_card_type) > 0 && ($this->cc_type != $cr_card_type)) {
  return -5;
 }
 switch($cr_card_type) {
  case 'Amex':
   $len = 4;
   break;
  case 'Discover':
   $len = 3;
   break;
  case 'Mastercard':
   $len = 3;
   break;
  case 'Visa':
   $len = 3;
   break;
 }
 if ($len != $l) {
  return -6;
 }
// EOF: MOD - CVV
      return $this->is_valid();

But.. now it looks to me like the input field in cc.php is called 'cc_cvv' and in the cc_validation.php it is simply $cvv ... is that my problem???

And hum.. I never documented the change to cc_validation.php so I can't say for sure where that came from or if even needed

My documentation as it stands shows I modified:
MOD catalog/includes/modules/cc.php
MOD catalog/admin/includes/classes/order.php
MOD catalog/admin/includes/languages/english/orders.php
MOD catalog/admin/orders.php
MOD catalog/checkout_process.php
MOD catalog/includes/classes/order.php
plus a small SQL change