Reply
Contributor
Posts: 23
Registered: ‎12-02-2010

How to determine invalid credit card number

I am needing help with a credit card validation script. I have figured out how to determine if a credit card is valid/invalid but what I am needing is this:

If someone enters an invalid credit card number, is there a way to determine which number is invalid? If so, please show me how :D. Here is my current code to determine if a card is valid/invalid:

 

function validateCreditcard_number($credit_card_number) {

    //Get the first digit
    $firstnumber = substr($credit_card_number, 0, 1);
    //Make sure it is the correct amount of digits. Account for dashes being present.
    switch ($firstnumber) {
        case 3:
            if (!preg_match('/^3\d{3}[ \-]?\d{6}[ \-]?\d{5}$/', $credit_card_number)) {
               return '<li>This is not a valid American Express card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
            }
            break;
        case 4:
            if (!preg_match('/^4\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $credit_card_number)) {
                return '<li>This is not a valid Visa card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
            }
            break;
        case 5:
            if (!preg_match('/^5\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $credit_card_number)) {
                 return '<li>This is not a valid MasterCard card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
            }
            break;
        case 6:
            if (!preg_match('/^6011[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $credit_card_number)) {
                return '<li>This is not a valid Discover card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
            }
            break;
        default:
            return '<li>This is not a valid credit card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
    } //END Switch statement
    
	//Luhn Algorithm
    $credit_card_number = str_replace('.', '', $credit_card_number);
	$credit_card_number = str_replace('-', '', $credit_card_number);
	$credit_card_number = str_replace(' ', '', $credit_card_number);
    $map = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                0, 2, 4, 6, 8, 1, 3, 5, 7, 9);
    $sum = 0;
    $last = strlen($credit_card_number) - 1;
    
    for ($i = 0; $i <= $last; $i++) {
        $sum += $map[$credit_card_number[$last - $i] + ($i & 1) * 10];
    }
    
    if ($sum % 10 != 0) {
       return '<li>This is not a valid credit card number. Please use a different credit/debit card or re-enter your credit/debit card details.</li>';
    } else {
       //If we made it this far the credit card number is in a valid format
       return 'This is a valid credit card number' ;
    }
   
} //END validateCreditcard_number

 

Posts: 1,476
Topics: 33
Kudos: 33
Solutions: 126
Registered: ‎09-14-2009

Re: How to determine invalid credit card number

From StackOverflow:

 

"The Luhn checksum can't detect which digit is incorrect, it can only detect single-digit errors and some multi-digit errors. It's entirely possible to mistype two digits and get a number with a valid checksum."


-------------------------------------------------------------------------------------------------------------------------------------------
John Conde :: Certified Authorize.Net Developer (Brainyminds) :: Official Authorize.Net Blogger

NEW! Handling Authorize.Net's Webhooks with PHP

Integrate Every Authorize.Net JSON API with One PHP Class (Sample code included)

Tutorials for integrating Authorize.Net with PHP: AIM, ARB, CIM, Silent Post
All About Authorize.Net's Silent Post
Posts: 1,609
Topics: 15
Kudos: 200
Solutions: 121
Registered: ‎06-23-2011

Re: How to determine invalid credit card number

Sorry for asking stupid questions, but aside from maybe basic length checking, why are you bothering with this at all? Leave it to Authorize.net to do anything advanced that needs doing.