Encrypt Product Custom Fields

[jclarke]

This WHMCS addon allows you to select product custom fields that should be encrypted in the WHMCS database.

The admin interface allows you to select a field to encrypt from a dropdown box. This will enable encryption on the field and encrypt any existing data.

 

This module will then automatically encrypt the selected field when a user enters data into this field via a new order or an admin edits the product/service. The field is then automatically decrypted when viewing a product/service in the admin area or the client area.

 

Decryption may be disabled at any time on a field from the admin interface which will automatically decrypt all data and update the database.

 

This module will work with new or existing product custom fields, however, it doesn't work with a field you have selected to show on an invoice and it doesn't work with a field a provision module needs access to unless you can change the code for the module to decrypt the field.

 

This module is unencoded and is available for a one time fee of $15 USD.

 

Order for $15USD

[jclarke]

This module has now been updated to also enable encryption on a client custom field.

[snake]

can I see some screenshots ?

[jclarke]

This is the interface for enabling encryption:

 

Everything else in WHMCS will look as it did before except in the database the fields will be encrypted.

[snake]

Are the actual fields still displayed in the usual place, we dont need to gp somewhete diffetent to edit them

[jclarke]

They are still displayed in place, it uses hooks to encrypt upon saving and decrypt upon display.

[andy18]

Joe -

 

1. Does this able to encrypt the existing password field provided by WHMCS for the product/services?

 

2. do you think you could also add in the permission level which we could set in the Administrator groups to limit the access of level to view the password field or any custom field?

 

3. If there's any of the admin want to use the password, there will be a 'copy" button beside the password field and WHMCS will log it as one of the activity log for the admin who has copied out the password.

[jclarke]

The password field in the WHMCS product/service is already encrypted.

 

Right now the way the addon works is, the data is encrypted in the database but when viewing the field from the client area or admin area, it will be shown to the user by automatically unencrypting the data before it is saved but in the database itself the field data is encrypted.

 

Logging and limiting access based on permission would be outside the scope of this module so it is not something that would be added.

[andy18]

do you think you could develop something as I proposed above?

[losvre]

The password field in the WHMCS product/service is already encrypted.

 

Right now the way the addon works is, the data is encrypted in the database but when viewing the field from the client area or admin area, it will be shown to the user by automatically unencrypting the data before it is saved but in the database itself the field data is encrypted.

 

Logging and limiting access based on permission would be outside the scope of this module so it is not something that would be added.

 

Ho Joe,

 

Is the password field in the WHMCS product/service encrypted because of your module? I am asking because in my WHMCS client area and admin the product password is just in text form. I have already raised a ticket with WHMCS but not sure if and when they do something about it.

 

Thanks

Nik

[jclarke]

Nik,

 

The password field in a WHMCS product/service is encrypted by default in WHMCS using two way encryption. If you look in the database the field is encrypted, however, when you view field in the admin area and client area it is decrypted so that you can see the password and use it to login to the service.

[losvre]

Hi Joe,

 

I understand this, but with all these security problems lately I feel that the passwords should be encrypted all over the WHMCS and in case someone is locked out, just change the pass as you would do in your cPanel account.

 

I really think this is a security issue!!

 

Thank you for your contribution

Nik

[snake]

I have uploaded this module into my WHMCS MODULES folder, but it is still not showing up in the ADMIN/Setup/Addon Modules

[jclarke]

Hi Snake,

 

Double check that you unzip the file and uploaded the folder to modules/addons, also double check the permissions are set properly for your web server. You can also try restarting apache or whatever webserver you are running. If you need any further assistance with this, please contact us at support@serverping.net

[snake]

ah I forgot to put it in the addons folder.

does it automatically encrypt existing data in specified fields or only new data ?

 

Also we have an addon someone else already did for us, which we are replacing with yours. Can you tell me what encryption method you are using so I can find out if it is compatible with the already encrypted data or if we need to get it decrypted first

[jclarke]

When you enable encryption on a field, the addon will automatically encrypt all existing data stored in that field and if you disable encryption on a field it will automatically decrypt all data.

 

This addon uses the WHMCS encryption functions. What you will need to do is decrypt all the data before enabling encryption using our addon since it expects the data to be decrypted when enabling a field otherwise it will encrypt your already encrypted data.

[jclarke]

Just a quick note that this module has been tested in WHMCS 5.2.1 and works without any changes.

[snake]

Any chance of the encrypted fields being used in email templates ? currently it sends the encrypted value.

 

I did ask about this before and you told me to wait till the next release, which would imply you are planning to add that feature.

[jclarke]

Any chance of the encrypted fields being used in email templates ? currently it sends the encrypted value.

 

I did ask about this before and you told me to wait till the next release, which would imply you are planning to add that feature.

 

Sorry, I didn't see this question. We will consider adding this in a future release of this module and it should be possible since the decryption can be performed in a hook that runs before emails are sent.

[jclarke]

A new version of our Encrypted Custom Fields module is now available.

 

What's new?

-You can now use encrypted client and service custom fields in emails, the field values will be automatically decrypted and available along with the other custom fields in the $service_custom_fields and $client_custom_fields array merge fields. The encrypted values will be searched for in the email log and automatically replaced with *** so you are not storing the value decrypted in the email log.

 

Order for $15 USD

[snake]

good work, thanks Joe

 

Do you do custom modules ?

[jclarke]

Do you do custom modules ?

 

We sure do, just send a quick email to support@serverping.net with some details on the custom module you are looking for and I can give you quote.

[snake]

Hey Joe, any chance of getting this module updated for WHMCS 7 ?

[snake]

Hey Joe, any chance of getting this module updated for WHMCS 7 ?

 

Joe, it has been 5 months since I posted that, any news ?