I'm new to PHP, and I'm developing a web app for one of my subjects in college. The web app consists in platform to book nature activities. My problem is in one of the requirements, "encrypt/decrypt data", in which I need to encrypt the credit card data before it goes to the DB. For simplicity, the credit card fields are in the reservation table. This is my code:
$fieldsReservation = array(
'idUser' => $idUser,
'idActivity' => $idActivity,
'reservationDate' => $reservationDate,
'state' => 'reserved',
'cardName' => $cardName,
'cardType' => $cardType,
'cardNumber' => $cardNumber,
'cardExpiry' => $cardExpiry,
'cardCVV' => $cardCVV);
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
// password must be exact 32 chars (256 bit)
$password = substr(hash('sha256', $password, true), 0, 32);
// IV must be exact 16 chars (128 bit)
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
foreach ($fieldsReservation as $key => $value){
$fieldsReservation[$key] = base64_encode(openssl_encrypt($value, $method, $password, OPENSSL_RAW_DATA, $iv));
}
I already have tried with a foreach, but with a foreach, all data is encrypted, and i just want to encrypt the credit card data.
If anyone could help me, I would be grateful!
It appears you would like to encrypt only the fields that contain card-related data, such as cardName, cardType, cardNumber etc. How about this:
foreach ($fieldsReservation as $key => $value){
if (substr($key, 0, 4) == "card") {
$fieldsReservation[$key] =
base64_encode(openssl_encrypt($value, $method, $password, OPENSSL_RAW_DATA, $iv));
}
}
By looking at the each key, the code checks to see if it starts with "card". If so, its gets encrypted.