Storing clients' credit card numbers on file

Planyo supports different ways to take online payments. As an alternative, you may want to store clients's credit card numbers on file instead of accepting an online payment. This way you can charge the customer's card using an offline terminal. To implement this, you'll need to have an SSL certificate (parts of your site must be accessible through the HTTPS protocol: https://yoursite.com/). Your server must also support PHP and MySQL (a vast majority of servers do support these technologies). The credit card numbers will be stored on your server and only you will have access to this data -- neither planyo nor other third parties will be able to access it.

To get started, download the required scripts (zipped) here. Then unzip them to a directory on your server which is accessible through the HTTPS protocol.

Now, you'll need to set up the credit card database and login info by running setup.php. This script is located in the directory into which you unzipped the script files. For example, if you unzipped the files to https://yourserver.com/credit-card/, you'll need to open in your browser the following URL: https://yourserver.com/credit-card/setup.php. The setup page requires that you enter access data for your database (server, login, password) and settings (such as credit cards accepted and type of information required from the users), and to accept the terms of use. Storing credit card numbers is a security risk and by using these scripts you must take full responsibility for the credit card storage. The setup script will create a new database and/or table on your server and will store credit card details there (the card numbers will be encrypted).

You'll also need to enter your administrative login and password. If you're running the setup for the first time, simply make these up, they don't have to match any other login information. It's important to understand that if you lose this password, you will not be able to read credit card numbers already stored in the database because they are encrypted using a key which is based on the chosen password. If you're running the setup for the second time and already have credit card numbers in the database, you'll need to enter the same password as the original one.

Once the set up is done, a new viewer script will be generated. The name of this script will be shown to you (it's by default a really long name -- this is for security reasons). You can either rename it to something meaningful or bookmark it in your browser for easy access. You'll need to remove the file setup.php before continuing with the remaining steps explained below.

Now, go to site settings in Planyo's administrative panel(Settings tab). Set the option Payment processing site to Keep clients' credit card numbers on file. Set the option Your PayPal / Moneybookers / CC script to the URL representing the script card_main.php in the scripts directory. For example, if you unzipped the files to https://yourserver.com/credit-card/, you'll need to use the following URL: https://yourserver.com/credit-card/card_main.php. Please note that card_main.php is a template file. You can edit it with any web development software and add content such as your company logo, standard header / footer, your policy for credit card charges. You can also edit styles.css to change the styling used. The only thing that this script must contain is the tag:
<?php require_once ("card_details_src.php"); ?>
This tag will include the required code used to take clients' credit card details (HTML form with all required fields) and logic for storing them in the database.

Now the set up is done. You should do a test reservation to check if everything works fine. Then, open the viewer script (the one created with a very long name) in your browser, log in using chosen login/password and you'll see the test reservation in the list of latest reservations entered. You can also always find credit card details for any reservation ID. Use the find box for this. You can also edit or delete credit card data for given reservation number. Deleting data will erase it permanently. This should always be done as soon as you charge your client's card or decide that no charge is to be done. For security reasons, you should not keep the credit card data in the database any longer than necessary.