Re: Problem with simple credit card validation

Does the store, ideally, have encryption enabled? If so, you'll have to enter the pass phrase before it will reveal card info; there should be a box above the order details where that can be input. The data, regardless, should be in the orders.dbf/dbt files, which is a proprietary format, but can generally be viewed using dbfutils.

Re: Problem with simple credit card validation

We do not have encryption enabled (the store setup pre-dates me by at least 5 years). I can see transaction/card details up to 11/17/14, which was the day before we did a basket cleanup/store pack. Could that have somehow damaged the .dbf file or upset its permissions so that it would no longer be readable?

Re: Problem with simple credit card validation

If every order since that date has not recorded the payment information, there definitely could be a database problem. Do the store databases pack successfully under the Utilities menu for "Pack store databases"? And is it definitely using the built in simple validation mod, not a third party one which may store the payment data in its own database? There are several of those.

Re: Problem with simple credit card validation

Also, stop what you're doing.

Clear out your old card numbers and turn on encryption, immediately.

As in right now.

Because I can't even begin to describe the risk you're currently undertaking.

Other than suddenly have to go to the hospital for some reason, this should be your number one most important item on your list.

Re: Problem with simple credit card validation

Since the store is offline anyway, I deleted expired baskets and repacked the store files. No errors were reported. The module is the standard "Credit Card Payment with Simple Validation" that appears in the list of modules.

Also, I would like to delete any old credit card data, but is there a way to do that within the admin or do I need to edit one of the DBF files manually?

Re: Problem with simple credit card validation

What specific version of Merchant is this?

Re: Problem with simple credit card validation

Version 4.22/MVM 5.06

Re: Problem with simple credit card validation

Also, permissions for the orders.dbf and .dbt files are set to 600; most of the dbf files in the mivadata/Merchant2/00000001directory are set that way.

Re: Problem with simple credit card validation

Those permissions are correct in most cases. The best way to have the Miva engine set up is to run as each individual site user, in which case the permissions should be 600 to ensure other users on the server cannot access them. If the permissions were wrong on those but not anything else, you should get a fatal error when placing an order.

That version of Merchant should be storing the payment data in the orders.dbf and orders.dbt files. Unfortunately there is no safe way to edit payment information out of them with a database editor because the format used for the dbt memo file is proprietary, so if you were to save them with dbfutils and put them back on the site, the data would end up corrupted.

There was a module called UltraBatch from Truxoft that could delete order data from all orders in that version of Merchant, but I don't see that it's still sold by anyone. A third party module developer, such as PCINet http://www.pcinet.com/, could probably write a module for you that would delete the order data but preserve the orders.

It is definitely worth opening the orders.dbf/dbt in dbfutils (http://www.dbfutils.com/) though to see if payment information is present. Hopefully it isn't, but if it is, then you would want to go the above route with a custom mod, enable encryption and see if the data gets encrypted, or simply delete all orders and batches to purge them.

Going forward, if the store needs to open back up immediately before a new store can be developed, I'd use a payment gateway and not store card data; there are a few that still work in version 4, such as Payflow Pro, Paypal, Authorize.net.

Re: Problem with simple credit card validation

We have been using PayFlow Pro for a number of years, but it no longer works as of today. When PayPal ended support for SSL 3.0 (because of the poodle virus), we tested our cart according to their instructions, and though it was still working, we decided it was time to migrate to Miva 5.5. Everything has continued to work normally while we've set up a schedule for the migration, as of last night, the PayFlow module is no longer able to communicate with the PayPal URL. PayPal's claim as to why it stopped working is that the module is not TSL compliant. Apparently they made further adjustments last night which broke the connection.

We are still wanting to proceed with our upgrade to Miva 5.5, but obviously I need to find a quick solution to receiving payments. The simple payment validation seems like the best way for us to proceed for a few days while we fast-track getting the store upgraded.

Re: Problem with simple credit card validation

The issue with Payflow not working is your Miva Empresa (MvM) version being 5.06. Versions prior to 5.17 used SSL by default, 5.17+ use TLS by default. 5.17 was released several years back, 5.06 is nearing 10 years old if I remember correctly. Putting 5.20 on would likely clear up the issue, just make sure to not store card numbers.

The 5.20 can be downloaded from http://www.miva.com/support/downloads and your host should be able to upgrade you, or whomever maintains the server. Typically it's just some file replacement when it's over top of an existing install.

Re: Problem with simple credit card validation

Thanks, David. I will pass this along to our web host and see if that will fix the problem.

Re: Problem with simple credit card validation

i've forwarded this to our host and he is happy to do the upgrade, but the Impresa package only includes full install instructions. Is there a link to instructions for upgrading to 5.20? If not, what would be the timeline for a paid Miva Tech upgrade?

Re: Problem with simple credit card validation

If you mean this (http://www.miva.com/products/MIVA-SUPPT_VM_INSTALL) install service, typically it will be a same day install if we can get all the pertinent server access information and it is what we'd call a "standard mode" installation where each website has its own copy of Empresa that runs independently of any other, and each website has its own mivavm.conf confing file, NOT the config stored as environment variables in the web server config file. In those standard mode / standard config installs, typically the process is:

1) Replace the mivavm binary with the new 5.20 binary; or replace it on each site that needs it
2) Replacing the libmivaconfig.so file with the new 5.20 version
3) Copy in the commerce libraries and SSL root certs
4) Update the mivavm.conf to reflect the correct version and location of new commerce libs and SSL root certs