- Timestamp:
- 01/01/10 11:51:27 (2 years ago)
- Location:
- trunk/phpbms
- Files:
-
- 1 added
- 4 modified
-
include/session.php (modified) (2 diffs)
-
install/index.php (modified) (1 diff)
-
install/update.php (modified) (2 diffs)
-
modules/bms/adminsettings.php (modified) (2 diffs)
-
modules/mailchimp/install/update.php (added)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/include/session.php
r648 r699 239 239 var $type = "ERROR"; 240 240 var $value = ""; 241 242 /** 241 242 /** 243 243 * $userid 244 244 * @var string user's uuid … … 479 479 if(defined("ENCRYPTION_KEY_PATH")) 480 480 if(is_file(ENCRYPTION_KEY_PATH)){ 481 $res = fopen(ENCRYPTION_KEY_PATH, "r"); 481 482 $res = @ fopen(ENCRYPTION_KEY_PATH, "r"); 483 482 484 if($res !== false){ 485 486 if(@filesize(ENCRYPTION_KEY_PATH)) 483 487 define("ENCRYPTION_KEY",trim(fread($res, filesize(ENCRYPTION_KEY_PATH)))); 484 }elseif(ENCRYPT_PAYMENT_FIELDS){ 485 new appError(-229, "encryption key path setting is not a valid path"); 488 else 489 $error = new appError(-230, "Cannot open path '".ENCRYPTION_KEY_PATH."' or file has zero length ", "Invalid Encryption Key File", true, true); 490 491 } elseif(ENCRYPT_PAYMENT_FIELDS){ 492 493 $error = new appError(-229, "Invalid encryption file or cannot open '".ENCRYPTION_KEY_PATH."'", "Invalid Encryption Key File", true, true); 494 486 495 }else{ 487 define("ENCRYPTION_KEY", ""); 496 497 define("ENCRYPTION_KEY", ""); 498 488 499 }//end if 489 }elseif(ENCRYPT_PAYMENT_FIELDS){ 490 new appError(-228, "encryption key path setting is not a valid path");491 }else{ 492 define("ENCRYPTION_KEY", "");493 }//end if500 501 }elseif(ENCRYPT_PAYMENT_FIELDS) 502 $error = new appError(-228, ENCRYPTION_KEY_PATH." missing or invalid.", "Cannot Open Encryption Key File", true, true); 503 else 504 define("ENCRYPTION_KEY", ""); 494 505 495 506 // This following code is for windows boxen, because they lack some server varables as well -
trunk/phpbms/install/index.php
r672 r699 384 384 </ul> 385 385 386 <h2> SuggestedSecurity Steps</h2>386 <h2>Additional Security Steps</h2> 387 387 388 388 <ul> 389 <li> 390 <h3>Payment Information Encryption</h3> 391 <p> 392 If you plan on storing sensitive payment information such as credit card 393 numbers make sure to enable the encrption option in the configuration page 394 underneath the BMS module section. You will also need to create and link 395 to an external file on the server that contains the encryption key. Typically, 396 encyrption key files are text files containing a 64-128 character hash. 397 </p> 398 </li> 399 389 400 <li> 390 401 <h3>Run phpBMS On a Secure Connection (SSL)</h3> -
trunk/phpbms/install/update.php
r642 r699 223 223 <h1>Update Modules</h1> 224 224 225 <p> 226 To install a module that is not currently installed, wait unitl the update process 227 has completed successfully. Then run the installation script and skip to the "install 228 modules" section. 229 </p> 230 225 231 <?php $updater->showModulesUpdate(); ?> 226 232 … … 292 298 </p> 293 299 </li> 300 <li> 301 <h3>Payment Information Encryption</h3> 302 <p> 303 If you store sensitive payment information such as credit card 304 numbers make sure to enable the encrption option in the configuration page 305 underneath the BMS module section. You will also need to create and link 306 to an external file on the server that contains the encryption key. Typically, 307 encyrption key files are text files containing a 64-128 character hash. 308 </p> 309 </li> 294 310 295 311 </ul> -
trunk/phpbms/modules/bms/adminsettings.php
r646 r699 29 29 if(is_file($path)) 30 30 if(is_readable($path)) 31 if(filesize($path) > 0) 31 32 $theReturn = true; 32 33 … … 444 445 <p><?php echo $theform->showField("encrypt_payment_fields");?></p> 445 446 <p class="notes"> 446 Withe this option enabled,sensitive payment information in sales orders and447 receipts with a `type` of 'Order' will be encrypted.<br/>448 449 Also, payment fields in sales orders and receipts records of `type`447 Enabling this option encrypts sensitive payment information in sales orders and 448 receipts with a `type` of 'Order'.<br/> 449 450 In addition, payment fields in sales orders and receipts records of `type` 450 451 'Invoice' will be removed or obfuscated when a sales order or receipt 451 is posted as an invoice or voided/deleted. <strong>This type of obfuscation, 452 is not reversible</strong> 453 452 is posted as an invoice or voided/deleted. 454 453 </p> 454 455 <p class="notes"><strong>Obfuscation is not reversible.</strong></p> 455 456 456 457 <input type="hidden" name="encryptionPathChanged" id="encryptionPathChanged" value="0" /> 457 458 <p><?php echo $theform->showField("encryption_key_path");?></p> 459 460 <p class="notes"> 461 Typically, encyrption key files are text containing a 64-128 character hash. Good security practices include regularly 462 rotating key files. Do not delete the old key until the new key has been accepted and processed by phpBMS. The system will 463 decrypt data using the old key and then re-encrypt it using the new key. 464 </p> 465 466 <p class="notes"><strong>Always keep back ups of your key file(s). Losing them may result in unencryptable data.</strong></p> 458 467 459 468 </fieldset>
