Post by larenewadespitler » Sun Jun 26, 2022 3:25 am

Step 5: Payment Method

PayPal Credit Card / Debit Card / Bill Me Later (PayPal may take up to 5 hours to authorize payment)
PayPal Express Checkout Credit Card / Debit Card / PayPal (Requires a PayPal account - Instant Approval)
Authorize.net Credit Card / Debit Card
Check
Bank Transfer
Phone Order

I don't want the following fields to display:
* Card Holder:
Name on Card
* Card Number:
****************
* Card exp:
Mth
Year
* CVV:
123

Where is this code created?

Larene
Add Comments About Your Order

New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by straightlight » Sun Jun 26, 2022 5:36 am

OC version.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by paulfeakins » Mon Jun 27, 2022 6:29 pm

larenewadespitler wrote:
Sun Jun 26, 2022 3:25 am
Where is this code created?
You don't know where the code is but you're planning on making adjustments to a payment gateway? Doesn't sound like a very good idea to me.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by larenewadespitler » Tue Jun 28, 2022 4:22 am

Opencart 2.3.0.2

When I disabled PayPal, the credit card info on the Payment quit showing.

PayPal Payflow Pro PayPal Website Payment Pro Disabled

New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by Cue4cheap » Tue Jun 28, 2022 5:50 am

larenewadespitler wrote:
Sun Jun 26, 2022 3:25 am
Step 5: Payment Method

PayPal Credit Card / Debit Card / Bill Me Later (PayPal may take up to 5 hours to authorize payment)
PayPal Express Checkout Credit Card / Debit Card / PayPal (Requires a PayPal account - Instant Approval)
Authorize.net Credit Card / Debit Card
Check
Bank Transfer
Phone Order

I don't want the following fields to display:
* Card Holder:
Name on Card
* Card Number:
****************
* Card exp:
Mth
Year
* CVV:
123

Where is this code created?

Larene
Add Comments About Your Order
Please state a bit better what you are asking. You now have included what opencart version but not which paypal extension you are using.
Please be a bit more clear in what you are asking. BUT most likely you are asking about something that is displayed from the .tpl file and as others said that might not be the best thing to change because why would you NOT want to get the credit card number? How would anything get processed for payment?
Mike

cue4cheap not cheap quality


Expert Member

Posts

Joined
Fri Sep 20, 2013 4:45 am

Post by larenewadespitler » Wed Jun 29, 2022 3:41 am

I think my website was hacked, but I cannot find the incriminating code.

Opencart 2.3.0.2
PHP 7.1

When the Payment Method:
PayPal Payflow Pro iFrame
is enabled, there is a form for filling in credit card information on the Checkout page Step 5 Payment Method. This should not be there. A form for entering credit card info should not appear until Step 6 Confirm Order where it inserts an iFrame.

Is this clear enough?

Larene

New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by ADD Creative » Wed Jun 29, 2022 7:35 am

You may have already done this, but first check the pp_payflow_iframe.php files in the controller, model and language extension/payment folders. Compare them against a clean download. You could also compare all your files.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by larenewadespitler » Thu Jun 30, 2022 1:21 am

I grabbed the original Opencart 2.3.0.2 PayPal files for Controller, Language, Model, and View and replaced them in my Document Root Catalog folder. It didn't help.

I looked at checkout.tpl to see if there was something funny in the jQuery code, but nothing stood out.

If there is someone with professional experience stopping a hacked website, I would be willing to pay them.

Larene

New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by ADD Creative » Thu Jun 30, 2022 3:11 am

larenewadespitler wrote:
Thu Jun 30, 2022 1:21 am
I grabbed the original Opencart 2.3.0.2 PayPal files for Controller, Language, Model, and View and replaced them in my Document Root Catalog folder. It didn't help.
Did you check for those files in storage/modification for any changes?

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by larenewadespitler » Thu Jun 30, 2022 5:47 am

I checked /system/storage/modifications/catalog for the Paypal files. I didn't notice anything.

Larene

New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by JNeuhoff » Thu Jun 30, 2022 7:56 pm

You still haven't explained why this an issue at all. If you use any payment method with an IFRAME then of course it should display the name and card number fields. How else can a user do a payment without providing the details for the payment gateway?

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by larenewadespitler » Sat Jul 02, 2022 2:18 am

The customer sees a credit card form to fill out and does so. The information is not being sent to our payment processor. Then when I display the iframe, they say, I already filled in the form. We lose their sale. In the meantime, I believe their credit card information is being stolen by a hacker.

This is a BIG problem!!!!

Larene

Attachments

hack2.PNG

hack2.PNG (77.42 KiB) Viewed 795 times

hack1.PNG

hack1.PNG (45.74 KiB) Viewed 795 times


New member

Posts

Joined
Thu Apr 20, 2017 11:39 pm

Post by ADD Creative » Sat Jul 02, 2022 4:52 pm

Have you tried disabling all your payment methods one by one, to see it the injected form goes away? And the same with all your modules and extensions.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: Amazon [Bot] and 60 guests