Rasclatt Rasclatt - 2 months ago 8
PHP Question

Retrieving Card Verification Number In Magento produces empty result

I am have inherited a Magento server for one of our e-commerce ventures and we have some fraud that was happening. There is a custom API that we use for CC processing and DB management and so forth, which we have to assign all the ordering and payment variables to feed into this API from Magento values.

We want to add the Card Verification field because we haven't required it to this point. Anyway, I activated the

Request Card Security Code
field in the
Payment Methods
section of the Magento Configuration and it does show up on the check-out screen now...however, when the submit is clicked and I try to retrieve the value by using
$payment->getCcCid()
on the
success.phtml
the security code is blank. When I do a debug (as suggested on other SO posts
$_order->getPayment()->debug()
) it doesn't show anywhere. I have
print_r($payment)
to see if the value is contained in their somewhere, but alas it is not.

DEBUG ON SUBMISSION

$_order->getPayment()->debug()
produces:

Array
(
[entity_id] => 4619
[parent_id] => 4619
[base_shipping_amount] => 0.0000
[shipping_amount] => 0.0000
[base_amount_ordered] => 74.9500
[amount_ordered] => 74.9500
[cc_exp_month] => 3
[method] => ccsave
[cc_last4] => 1111
[cc_owner] => Andrew
[cc_type] => VI
[cc_exp_year] => 2016
[cc_number_enc] => xSIyni0Ndvnaa4RZxLZS/w==
[additional_information] => Array
(
)
)


../template/checkout/success.phtml

I can retrieve all these other fields, no problem, the security code is eluding me. I asked the folks who worked on this originally and their response was "That should work" when referring to what I did to retrieve:

// Value is assigned properly
$CC_NAME_1 = $payment->getCcOwner();
// Value is assigned properly
$CC_NUM_1 = preg_replace("[^0-9]", "", $payment->getCcNumber());
// Value is blank
$CSVCODE_1 = $payment->getCcCid();


On a side note, there are no errors when assigning the
$payment->getCcCid()
so it's coming through blank. Any help from professional Magento developers who might know what I am missing would be great.

Answer

As suggested in comments, I had to retrieve and forward the CID from:

/app/code/core/Mage/Checkout/controllers/OnepageController.php

For anyone interested, this was the flow:

I created a custom class that added a salt and prepended it to the CID, encoded this new value, saved it to a session variable, then on the success.php page, I decoded, split out the salt, assigned the CID to a variable from the session, destroyed the session variable, then forwarded the new CID variable to the custom API for third party processing.

Thanks to those who commented, information supplied helped figure it out.

EDIT:

Since posting this, I have recreated this project and have hopefully implemented it a little better. I used an Observer on an event at the time of payment submission using the sales_order_place_before event allowing me to apply all the API at this point and use the success page as a success page.