{"id":1823,"date":"2012-11-15T12:10:52","date_gmt":"2012-11-15T16:10:52","guid":{"rendered":"http:\/\/pro-webs.net\/blog\/?p=1823"},"modified":"2012-11-15T12:10:52","modified_gmt":"2012-11-15T16:10:52","slug":"pci-pia","status":"publish","type":"post","link":"https:\/\/pro-webs.net\/blog\/2012\/11\/15\/pci-pia\/","title":{"rendered":"PCI PIA"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1825\" title=\"donkey\" src=\"http:\/\/pro-webs.net\/blog\/wp-content\/uploads\/2012\/11\/donkey.jpg\" alt=\"\" width=\"179\" height=\"220\" \/>PCI Compliance is a struggle for all merchants. The time, cost and knowledge needed is perhaps excessive when you factor in that no one is policing the rules. Having said that we have recently come across a really stupid pain in the ass new fail for scans from a few of the PCI scanning companies. The fail is simple&#8230;. Your Zen Cart contact form is now supposed to be protected under SSL.<\/p>\n<p>So I argued this with the scanning company CSR on the phone, but the fact is, fail is fail and they are not budging&#8230;. even though they are using a GIGANTIC amount of imagination to interpret the PCI Standards. So yes it&#8217;s completely asinine, it is NOT sensitive information and people using the form are not even necessarily customers who have or will checkout. In fact I suspect many are idiot spammers selling you PPC with their highly professional GMAIL business email =) &#8230;. But, even the stupid must be protected from nothing I suppose.<\/p>\n<p><strong>So, making your Zen Cart secure your contact page under SSL is a PIA.<\/strong><\/p>\n<p>The absolutely easiest thing to do is to secure the whole catalog front end under SSL. This is done by editing includes\/configure.php and completing the following.<\/p>\n<p><span style=\"color: #ff0000;\">On lines 15 you will make the following edits.<\/span><\/p>\n<p>define(&#8216;HTTP_SERVER&#8217;, &#8216;http<span style=\"color: #ff0000;\"><strong>s<\/strong><\/span>:\/\/domain.com);<\/p>\n<p><span style=\"color: #ff0000;\">On line 19 just verify that the value is true and not false.<\/span><\/p>\n<p>define(&#8216;ENABLE_SSL&#8217;, &#8216;<span style=\"color: #ff0000;\"><strong>true<\/strong><\/span>&#8216;);<\/p>\n<p>Now this method while easy to accomplish has some pitfalls. Your urls will ALL change, some server&#8217;s SSL config can be significantly slower and you&#8217;ll have to properly secure all of your resources or face the &#8220;<a title=\"This page contains both secure and nonsecure items. Do you want to display the nonsecure items?\" href=\"http:\/\/pro-webs.net\/blog\/2009\/08\/26\/ecommerce-checkout-suicide\/\">Broken Lock of Death<\/a>&#8220;. If you want to avoid these pitfalls, the task is a genuine, annoying PIA to complete.<\/p>\n<p><strong>Turning Your Contact Page to SSL the Hard Way<\/strong><\/p>\n<ul>\n<li>First open up your admin and go to Tools &gt;&gt; Developers Tool Kit<\/li>\n<li>Now scroll down to the last field and enter <strong><span style=\"color: #ff0000;\">zen_href_link(FILENAME_CONTACT_US<\/span><\/strong> and set it for PHP files only and Catalog only.<\/li>\n<li>This search is going to bring up all the link references for the contact us page, so we can hunt them all down and edit them like crazy people. I could just tell you where they are, but then you would miss template and override files.<\/li>\n<\/ul>\n<p><span style=\"color: #ff0000;\">For each of these instances you will change the code from<\/span><\/p>\n<p>&lt;a href=&#8221;&#8216; . zen_href_link(FILENAME_CONTACT_US) . &#8216;&#8221;&gt;<\/p>\n<p><span style=\"color: #ff0000;\">to<\/span><\/p>\n<p>&lt;a href=&#8221;&#8216; . zen_href_link(FILENAME_CONTACT_US, &#8221;, &#8216;SSL&#8217;) . &#8216;&#8221;&gt;<\/p>\n<ul>\n<li>No that the references are now trained to be SSL we have to change the actual form action to be SSL as well. In theory this is <strong>ALL<\/strong> that should be required, but the idiots at the scanning companies cannot teach their pet tool to recognize that the function itself is secured, so the page doesn&#8217;t need to be.<\/li>\n<\/ul>\n<p><span style=\"color: #ff0000;\">In \/public_html\/includes\/templates\/your_template\/templates\/tpl_contact_us_default.php on line 17 locate the following.<\/span><\/p>\n<p>&lt;?php echo zen_draw_form(&#8216;contact_us&#8217;, zen_href_link(FILENAME_CONTACT_US, &#8216;action=send&#8217;)); ?&gt;<\/p>\n<p><span style=\"color: #ff0000;\">replace it with<\/span><\/p>\n<p>&lt;?php echo zen_draw_form(&#8216;contact_us&#8217;, zen_href_link(FILENAME_CONTACT_US, &#8216;action=send&#8217;,&#8217;SSL&#8217;)); ?&gt;<\/p>\n<p>That&#8217;s all, now you can rescan and have a beer, you earned it!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PCI Compliance is a struggle for all merchants. The time, cost and knowledge needed is perhaps excessive when you factor in that no one is policing the rules. Having said that we have recently come across a really stupid pain in the ass new fail for scans from a few of the PCI scanning companies. [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[260,9,171],"tags":[2544,2543,1115,2626],"class_list":["post-1823","post","type-post","status-publish","format-standard","hentry","category-small-business","category-store-development","category-zen-cart","tag-contact-page","tag-pci-fail","tag-ssl","tag-zen-cart"],"_links":{"self":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts\/1823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/comments?post=1823"}],"version-history":[{"count":0,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts\/1823\/revisions"}],"wp:attachment":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/media?parent=1823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/categories?post=1823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/tags?post=1823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}