Since the credit card type selection was removed from our credit card forms (users now just enter in their credit card #s w/o selecting the cc type from a drop-down), the back-end form validation no longer properly verifies credit card numbers.
This is resulting in a very high number of failed transactions due to unsupported credit card types.
Currently, the code in DonationInterface/payflowpro_gateway/payflowprog_gateway.body.php that is deprecated and no longer works is:
<code>
// validate that credit card number entered is correct for the brand
switch( $data['card'] ) {
case 'american':
// pattern for Amex
$pattern = '/^3[47][0-9]{13}$/';
// if the pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-amex' );
}
break;
case 'mastercard':
// pattern for Mastercard
$pattern = '/^5[1-5][0-9]{14}$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-mc' );
}
break;
case 'visa':
// pattern for Visa
$pattern = '/^4[0-9]{12}(?:[0-9]{3})?$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-visa' );
}
break;
case 'discover':
// pattern for Discover
$pattern = '/^6(?:011|5[0-9]{2})[0-9]{12}$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-discover' );
}
break;
} // end switch</code>
$data['card'] will no longer carry a useful value due to the form changes.
We should probably be detecting the credit card type based on the credit card BIN and determining card-type validity based off the result.
Version: unspecified
Severity: enhancement