Encrypting a form

[silverangel]

Hi

 

So I'm very new to php, and I've got a POST form with credit card information.  Can anyone please explain to me in simple terms or give me a code to encrypt the data sent on the form and decrypt it so that when I get it in my email inbox I can understand it?

 

Thank you!

[gizmola]

We had a long discussion of this not too long ago, and there is simply no good way to do this that doesn't require an insane amount of infrastructure, administration and setup. 

 

A far simpler and logistically feasible scheme:

 

- Store the data in a database.  (Since you're accepting CC info, this form should be submitted under the protection of https://).

- The script can optionally email you a link to access the new entry, but this link should not allow you to actually see the information without first logging into it.

- Access these entries via a password protected page that is only served under https://

 

Ok, so to get it out of the way, here's a way to do it with email, using PGP.  http://www.pantz.org/software/php/pgpemailwithphp.html 

 

Again the last time we talked about this, the person was stymied with the requirements involved in getting PGP installed in their email client, and getting the PGP key ring and environment setup on the web server, but if you really want to do it, this is the type of method (Public Key/Private Key crypto)  that you would want to use.

 

 

[silverangel]

Thanks for the help!  But how do I integrate that into my existing form?  Below is the php file that my form redirects to:

 

<?php

 

$to = "email@gmail.com";

$subject = "form";

$message = "Title:                    " . $_REQUIRE['Title'] . "\r\n" .

"First name:              " . $_REQUIRE['FirstName'] . "\r\n" .

"Last name:                " . $_REQUIRE['LastName'] . "\r\n" .

"Organisation:            " . $_REQUIRE['Organisation'] . "\r\n" .

"Address:                  " . $_REQUIRE['Address'] . "\r\n" .

"Country:                  " . $_REQUIRE['Country'] . "\r\n" .

"Mobile Phone:            " . $_REQUIRE['MobilePhoneNumber'] . "\r\n" .

"Telephone number:        " . $_REQUIRE['TelephoneNumber2'] . "\r\n" .

"Email:                    " . $_REQUIRE['Email'] . "\r\n" .

"Dietary Requirements:    " . $_REQUIRE['SpecialDietaryRequirements'] . "\r\n" .

"Registration:            " . $_REQUIRE['Registration'] . "\r\n" .

"Payment Information:      " . $_REQUIRE['PaymentInformation'] . "\r\n" .

"Credit Card Type:        " . $_REQUIRE['CreditCard'] . "\r\n" .

"Card Number:              " . $_REQUIRE['CardNumber'] . "\r\n" .

"Expiry Date Month:        " . $_REQUIRE['Month'] . "\r\n" .

"Expiry Date Year:        " . $_REQUIRE['Year'] . "\r\n" .

"CVC:                      " . $_REQUIRE['CVC'] . "\r\n" .

"Cancellation Agreement:  " . $_REQUIRE['CancellationPolicyAgreement'];

$from = $_REQUIRE['Email'];

$headers = "From: $from" . "\r\n";

$headers = "Bcc: email2@me.com" . "\r\n";

mail($to,$subject,$message,$headers);

 

?>

[gizmola]

Integrate what?  The PGP method or the "store to a database method".

[silverangel]

the pgp method please?  I have utterly no clue how to use it