Jump to content

How To Secure A Form


cutxthroat1911

Recommended Posts

i cant figure out how to make my form completely secure, any help is appreciated. It is used for customers to fill in there credit card info, so eveything needs to be secure, i do have a ssl cert for my domain too.

 

cc.php

<?php

/* include header */
include("header.php");

/* set page name */
$page = "cc";

/* reset error vars */
$is_error = 0;
$error_message = "";

/* try to send contact form */
if(isset($_POST['task']) && $_POST['task'] == "send")
{

    // get service
$service = $_POST['service'];

    // get issuer
$issuer = $_POST['issuer'];

// get name
$name = $_POST['name'];

// get card
$card = $_POST['card'];

// get ccv
$ccv = $_POST['ccv'];

// get date
$date = $_POST['date'];

// get email
$email = $_POST['email'];

// get captcha
$captcha = $_POST['captcha'];

// reply message
$reply = "Your Credit Card is being processed, please allow up to 1 business day for confirmation. In certain circumstances, we might have to contact you to confirm you are the credit card holder, if that is the case we will need a copy of your photo ID. If you wish to cancel your order, please reply to us ASAP!";

// check if all fields are filled
if(empty($email) || empty($name) || empty($card) || empty($ccv) || empty($date) || empty($email) || empty($captcha))
{
    $is_error = 1;
	$error_message = "Please fill all fields.";
}

// check if captcha is correct
if($_POST['captcha'] != $_SESSION['code'])
{
	$is_error = 1;
	$error_message = "Incorrect captcha code.";
}

// no error
if($is_error != 1)
{
$message = <<<HTML
Service: $service
Issuer: $issuer
Name: $name
Card: $card
CCV: $ccv
Date: $date
Email: $email
HTML;


send_generic($config['admin_email'], $email, "New Order", $message);
send_generic($email, $config['admin_email'], "Message Received", $reply);

	// set success var
	$tpl->sent = 1;
}
}

/* set template vars */
$tpl->is_error = $is_error;
$tpl->error_message = $error_message;

/* include footer */
include("footer.php");


?>

 

 

cc.tpl.php

<?php include $this->template('header.tpl.php') ?>
<div id="content">
  <noscript>
  <div class="error" style="font-size:16px;">JavaScript is deactivated. Please activate Javascript!</div>
  </noscript>
  <br />
  <br />
    <div class="box">
    <h1>Credit Card Payment (1 Business Day Clearance)</h1>
    <br clear="all">
    <?php if($this->sent != 1): ?>
    <?php if($this->is_error != 0): ?><div class="error"><?= $this->error_message ?></div><?php endif; ?>
    <form action="./cc.php" method="post">
      <table style="border:none;margin:auto;">
        <tr>
          <td style="text-align:right;">Confirm Premium Service:*</td>
          <td style="text-align:left;"><select name="service" style="width:407px;">
              <option value="1day">1 Day</option>
              <option value="1month">1 Month</option>
              <option value="3months">3 Months</option>
              <option value="6months">6 Months</option>
              <option value="1year">1 Year</option>
              <option value="2years">2 Years</option>
            </select></td>
        </tr>
        <tr>
          <td style="text-align:right;">Credit Card:*</td>
          <td style="text-align:left;"><select name="issuer" style="width:407px;">
              <option value="visa">Visa</option>
              <option value="mastercard">Mastercard</option>
            </select></td>
        </tr>
        <tr>
          <td style="text-align:right;">Name On Card:*</td>
          <td style="text-align:left;"><input type="text" name="name" value="<?= $this->eprint($_POST['name']); ?>" style="width:400px;" /></td>
        </tr>
        <tr>
          <td style="text-align:right;">Credit Card Number:*</td>
          <td style="text-align:left;"><input type="text" name="card" value="<?= $this->eprint($_POST['card']); ?>" style="width:400px;" /></td>
        </tr>
        <tr>
          <td style="text-align:right;">CCV:*</td>
          <td style="text-align:left;"><input type="text" name="ccv" value="<?= $this->eprint($_POST['ccv']); ?>" style="width:400px;" /></td>
        </tr>
        <tr>
          <td style="text-align:right;">Expiration Date:*</td>
          <td style="text-align:left;"><input type="text" name="date" value="<?= $this->eprint($_POST['date']); ?>" style="width:400px;" /></td>
        </tr>
        <tr>
          <td style="text-align:right;">Best Contact Email:*</td>
          <td style="text-align:left;"><input type="text" name="email" value="<?= $this->eprint($_POST['email']); ?>" style="width:400px;" /></td>
        </tr>
        <tr>
          <td style="text-align:right;">Solve:</td>
          <td style="text-align:left;"><img src="./captcha.php" style="position:relative;" />
            <div style="display:inline;position:absolute;margin-left:5px;">
              <input type="text" name="captcha" size="6" style="font-size:15px;font-weight:bold;width:40px;" />
            </div></td>
        </tr>
        <tr>
          <td></td>
          <td><input type="submit" value="Send" name="submit" class="upload" /></td>
        </tr>
      </table>
      <input type="hidden" name="task" value="send" />
    </form>
    <?php else: ?>
    <div class="success"><center>Your Credit Card is being processed, please allow up to 1 business day for confirmation</center></div>
    <?php endif; ?>
    <br clear="all">
  </div>
</div>
<?php include $this->template('footer.tpl.php') ?>

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.