1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/usr/bin/perl -w
use strict;
use Getopt::Std;
use FS::UID qw(adminsuidsetup dbh);
use FS::Record qw(qsearch qsearchs);
use Time::Local 'timelocal';
use Date::Format 'time2str';
my %opt;
getopts('vnd:', \%opt);
my $user = shift or die &usage;
adminsuidsetup $user;
$FS::UID::AutoCommit = 0;
$FS::Record::nowarn_identical = 1;
my $extra_sql = FS::cust_main->cancel_sql;
$extra_sql = "WHERE $extra_sql
AND cust_main.payby IN('CARD','DCRD','CHEK','DCHK')
";
if($opt{'d'}) {
$opt{'d'} =~ /^(\d+)$/ or die &usage;
my $time = timelocal(0,0,0,(localtime(time-(86400*$1)))[3..5]);
print "Excluding customers canceled after ".time2str("%D",$time)."\n"
if $opt{'v'};
$extra_sql .= ' AND 0 = (' . FS::cust_main->select_count_pkgs_sql .
" AND cust_pkg.cancel > $time)";
}
foreach my $cust_main ( qsearch({
'table' => 'cust_main',
'hashref' => {},
'extra_sql' => $extra_sql
}) ) {
if($opt{'v'}) {
print $cust_main->name, "\n";
}
if($opt{'n'}) {
$cust_main->payinfo('');
$cust_main->paydate('');
$cust_main->payby('BILL');
# can't have a CARD or CHEK without a valid payinfo
}
$cust_main->paycvv('');
my $error = $cust_main->replace;
if($error) {
dbh->rollback;
die "$error (changes reverted)\n";
}
}
dbh->commit;
sub usage {
"Usage:\n\n freeside-wipe-cvv [ -v ] [ -n ] [ -d days ] user\n"
}
=head1 NAME
freeside-wipe-cvv - Wipe sensitive payment information from customer records.
=head1 SYNOPSIS
freeside-wipe-cvv [ -v ] [ -n ] [ -d days ] user
=head1 DESCRIPTION
freeside-wipe-cvv deletes the CVV numbers (and, optionally, credit
card or bank account numbers) of customers who have no non-canceled
packages. Normally CVV numbers are deleted as soon as a payment is
processed; if the customer is canceled before a payment is processed,
this may not happen and the CVV will remain indefinitely, violating
good security practice and (possibly) your merchant agreement.
Running freeside-wipe-cvv will remove this data.
-v: Be verbose.
-n: Remove card and account numbers in addition to CVV numbers. This
will also set the customer's payment method to 'BILL'.
-d days: Only remove CVV/card numbers from customers who have been
inactive for at least that many days. Optional; will default to
all canceled customers.
=cut
|