Hi - I'm a PHP noob!

I'm running on a windows swerver with php4.xx and am putting together a
hotel booking system for a small hotel. I'd like to be able to send out
encrypted reservation requests that contain the booking details
[including credit card info] to the hotel.

For other sites using classic asp I've successfully used AspEncrypt -
is there anything similar hidden within the depths?

TIA!


--
Buzby
There's nothing more dangerous than a resourceful idiot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Buzby wrote:
> I'm running on a windows swerver with php4.xx and am putting together a
> hotel booking system for a small hotel. I'd like to be able to send out
> encrypted reservation requests that contain the booking details
> [including credit card info] to the hotel.
>
> For other sites using classic asp I've successfully used AspEncrypt -
> is there anything similar hidden within the depths?

Try mcrypt <http://us3.php.net/manual/en/ref.mcrypt.php>. Warning: it is
a general purpose encryption library, so you'll need to integrate it
with your mailing capabilities.

- --
Edward Z. Yang GnuPG: 0x869C48DA
HTML Purifier <htmlpurifier.org> Anti-XSS HTML Filter
[[ 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA ]]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVzEoqTO+fYacSNoRAnxOAJ0afRw9nIALSjpaIIby7727+GPXsgCd HrVc
OBDLUl2VnW/CClqEA0Ivu9M=
=0j9R
-----END PGP SIGNATURE-----

On May 25, 9:41 am, "Buzby" <g... [at] pumpupthe.net> wrote:
> Hi - I'm a PHP noob!
>
> I'm running on a windows swerver with php4.xx and am putting together a
> hotel booking system for a small hotel. I'd like to be able to send out
> encrypted reservation requests that contain the booking details
> [including credit card info] to the hotel.
>
> For other sites using classic asp I've successfully used AspEncrypt -
> is there anything similar hidden within the depths?
>
> TIA!
>
> --
> Buzby
> There's nothing more dangerous than a resourceful idiot

1st, are you using ssl? If so great. next does the hotel have a
keypair so they can use their private key to decrypt the message, if
so great. If not get them to generate one from openssl for instance,
and install it into their email client.
Now do you have sendmail.exe on the php server, great!
For complete security why not run stannel on the server, and use it to
proxy your mails to gmails SSL smtp server, (or the hotels SSL email
smtp server if they have one) and then the hotel should use SSL POP to
collect their mail, preferraly using a POP server on the same net as
the SMTP server, that would all be nice and secure if something went
wrong.
Also remember your keys need renewing every so often, so make a note
in your diary so everyon's happy and you don't get a nasty surprise.


$name = 'customer';
$email = 'customer [at] theiremail.com';
[at] file_put_contents('msg.txt',$body);

$public_key = file_get_contents('public_cert.pem');
if(openssl_pkcs7_encrypt(
'msg.txt',
'enc.txt',
$public_key,
array(
'To' => 'bookings <bookings [at] hotel.com>',
'From' => '{$name} <{$email}>',
'Subject' => 'yipee - a booking')
)
)
{
$sendmail_exe = 'C:/path/to/sendmail.exe -t';
exec($sendmail_exe . ' < "enc.txt"', $result);
unlink('enc.txt');
unlink('msg.txt');

make sure you check the $email and $name and trim off null chars (\r
\n etc), make sure you check that enc.txt and msg.txt are certainly
deleted each time. Use $result as you see fit.
Remember to check that the mail has been successfully encrypted (see
renewing your keys above) so you are warned if something is going
wrong.

You can sign and encrypt, provided you sign first, and encrypt the
smime.p7s (instead of the body), but for that you will need to store
the private key and its passphrase on the server, you might not want
to do that, as if it is pinched, you will have to revoke your keys.

On May 31, 4:29 pm, shimmyshack <matt.fa... [at] gmail.com> wrote:
> On May 25, 9:41 am, "Buzby" <g... [at] pumpupthe.net> wrote:
>
> > Hi - I'm a PHP noob!
>
> > I'm running on a windows swerver with php4.xx and am putting together a
> > hotel booking system for a small hotel. I'd like to be able to send out
> > encrypted reservation requests that contain the booking details
> > [including credit card info] to the hotel.
>
> > For other sites using classic asp I've successfully used AspEncrypt -
> > is there anything similar hidden within the depths?
>
> > TIA!

[snip]

oops, should have ben stunnel not stannel.
also
'From' => '{$name} <{$email}>',
should have been
'From' => "{$name} <{$email}>",
and there are double quotes around the enc.txt in
exec($sendmail_exe . ' < "enc.txt"', $result);
because it might be a path with spaces in it, and I wanted to make
that clear.