Extending My Details in Clients area

[hostxls]

Hello,

 

How can I extend the fields in, 'My Details', in the client area with mandatory Credit Card information to be stored in an database?

 

Is it possible that the client must fill in his CC information in the extended field in the My Details Tab and

that the information should be mandatory and

to prevent being edit after filled in.

 

See image included

 

Thanks for your contribution of coding for this topic.

 

Vincent

[brian!]

in general, you can use Client Custom Fields for additional client information...

 

http://docs.whmcs.com/Custom_Fields#Client_Custom_Fields

 

however, whether you would want to store cc details locally is an entirely separate matter.

[hostxls]

So basicly what you are saying is, it is possible to create the fields but it takes a different process to store them locally.

[hostxls]

in general, you can use Client Custom Fields for additional client information...

 

http://docs.whmcs.com/Custom_Fields#Client_Custom_Fields

 

however, whether you would want to store cc details locally is an entirely separate matter.

 

 

Thanks Brian, however I can see that some field are not available to use for Credit Card information.

- date/month/year

- numbers

 

How do I enter those?

[hostxls]

Hello Brian,

 

Here is how it looks like.

However, how do I place a space Header <h1> Credit Card information </h1> to separate the normal information from the Credit Card information.

 

Also I need to make this information to prevent being edit after filled in.

 

Do you have any idea's that you can share how to do that.

 

Thanks.

[brian!]

Thanks Brian, however I can see that some field are not available to use for Credit Card information.

- date/month/year

- numbers

How do I enter those?

technically, for the month/year, the answer would be to use the dropdown option as a field type and enter a list of months and years for each.

 

however, I cannot stress enough how much of a bad idea this is to store credit card data unencrypted in the database like this - for security reasons, you should be taking greater care with these customer details.

 

do you or your client needs to know these details or can they be left securely with the payment gateway and not have them stored so openly in the database?

 

However, how do I place a space Header <h1> Credit Card information </h1> to separate the normal information from the Credit Card information.

that would be a template edit to clientareadetails.tpl before the customfields block of code.

 

Also I need to make this information to prevent being edit after filled in.

again, a template edit to the same template by making these customfields readonly.

[hostxls]

technically, for the month/year, the answer would be to use the dropdown option as a field type and enter a list of months and years for each.

 

however, I cannot stress enough how much of a bad idea this is to store credit card data unencrypted in the database like this - for security reasons, you should be taking greater care with these customer details.

 

do you or your client needs to know these details or can they be left securely with the payment gateway and not have them stored so openly in the database?

 

 

Brian, thank you for your concern and awareness,

 

I believe that our company never mentioned that we are storing unencrypted data information on-securely. We are very aware off that and it is our policy and a government rule that our company data information and client data information is highly protected. So I want thank you for your concern, but I believe that our security department will take care of that issue.

 

What I need is to make sure that the necessary information is being collected from our website. So I need to know how to make it possible that we can create a theme that is working for us.

 

Can you be more specific when you say 'template edit' ? Can you provide me with a code example that I can use or work with to realize this?

 

Again,

 

Thanks.

[brian!]

Brian, thank you for your concern and awareness,

I believe that our company never mentioned that we are storing unencrypted data information on-securely. We are very aware off that and it is our policy and a government rule that our company data information and client data information is highly protected. So I want thank you for your concern, but I believe that our security department will take care of that issue.

I mentioned it because these custom field details will be stored in the WHMCS database unencrypted - ideally, you'd be taking these cc details through the order process and then they'd be more secure... why you need to display them so visibly in the client area I don't understand... but as long as you're aware of the security implications, and you still want to proceed, i'll carry on!

 

What I need is to make sure that the necessary information is being collected from our website. So I need to know how to make it possible that we can create a theme that is working for us.

Can you be more specific when you say 'template edit' ? Can you provide me with a code example that I can use or work with to realize this?

well if you wanted a credit card client custom field, you'd do something like this..

 

 

it will also check that the number entered is 16 characters long.

 

and if you wanted to make the field readonly, you would edit clientareadetails.tpl and change...

 

            {if $customfields}
               {foreach from=$customfields key=num item=customfield}
                   <div class="form-group">
                       <label class="control-label" for="customfield{$customfield.id}">{$customfield.name}</label>
                       <div class="control">
                           {$customfield.input} {$customfield.description}
                       </div>
                   </div>
               {/foreach}
           {/if}

to..

 

            {if $customfields}
               {foreach from=$customfields key=num item=customfield}
                   <div class="form-group">
                       <label class="control-label" for="customfield{$customfield.id}">{$customfield.name}</label>
                       <div class="control">
                           {$customfield.input|replace:'/>':'readonly />'|replace:'<select':'<select disabled'} {$customfield.description}
                       </div>
                   </div>
               {/foreach}
           {/if}

[hostxls]

Hello Brian,

 

This is the differents and why we want to do this.

Here you can compare our eNom Account Details whit our WHMCS Account Details.

Checkout the layout and how it is been setup.

The goal is to collect data from your customer within a secure environment.

 

You have mentioned that the data is being stored on the WHMCS database.

Do you mean that all information from our website (Hostxls) is being stored in your WHMCS database and not local on our Hostxls cPanel server database?

[brian!]

The goal is to collect data from your customer within a secure environment.

the goal should also include storing the collected data securely too.

 

I can guarantee that eNom will be spending far more on their security than you are... so necessarily comparing what they can do with what you want to do is not a good comparison.

 

You have mentioned that the data is being stored on the WHMCS database.

Do you mean that all information from our website (Hostxls) is being stored in your WHMCS database and not local on our Hostxls cPanel server database?

WHMCS is database-driven, so all (or perhaps nearly all) the information entered is stored locally in the WHMCS database - not the cPanel server database.

 

if you need to collect credit card information, do it through a payment gateway during an order - that way, the cc information will be held with either the gateway provider's servers or encrypted locally (e.g if using offline cc gateway) in the WHMCS database... what you're trying to do using custom fields (and it's my fault for even suggesting it) will result in those details being stored in the database unencrypted - and that's not good.

[hostxls]

Thanks Brian for sharing your vision with us.

So what you are saying is that using the custom field will result that data will be stored unencrypted in the WHMCS database?

 

If that is the case, then what you are saying is that the information in My Details is not secure? even if are website is totally build in an SSL secure environment?

or is it only when you use custom field that those fields will be store differently into the database.

 

Must we not be able to create fields that are secure, in the My Details tab?

The question then is how do we build those fields

and how do we secure those field in the WHMCS database?

[hostxls]

He Brian,

 

Hi have made some changes in the My Detail tab.

 

If I want to use this, I need to enter the files that are also included. But I will not do that. I will remove it completely.

 

{if $customfields}
               {foreach from=$customfields key=num item=customfield}
                   <div class="form-group">
                       <label class="control-label" for="customfield{$customfield.id}">{$customfield.name}</label>
                       <div class="control">
                           {$customfield.input} {$customfield.description}
                       </div>
                   </div>
               {/foreach}
           {/if}

 

Also I have use

<div class="col-sm-6 ">

to get this result.

 

[brian!]

Thanks Brian for sharing your vision with us.

So what you are saying is that using the custom field will result that data will be stored unencrypted in the WHMCS database?

nearly everything, except passwords and cc details, is unencrypted in the WHMCS database... but that's not uncommon - your WordPress database will contain unencrypted data too!

 

If that is the case, then what you are saying is that the information in My Details is not secure? even if are website is totally build in an SSL secure environment?

or is it only when you use custom field that those fields will be store differently into the database.

custom fields are stored like most of the other data in WHMCS - unencrypted.

 

and secure and encrypted are not quite the same thing - and it ultimately comes down to what you mean by "secure" anyway.

 

this is the internet - so any server can get hacked - secure or otherwise - it's even happened to WHMCS four years ago.

 

the ideal is to not let them get anywhere near your data in the first place... but then if they do get in, limit the damage they can do with it.

 

Must we not be able to create fields that are secure, in the My Details tab?

The question then is how do we build those fields

and how do we secure those field in the WHMCS database?

http://forum.whmcs.com/showthread.php?58802-Are-Custom-Form-fields-secure-encrypted&p=264358#post264358

 

This WHMCS addon allows you to select product and client custom fields that should be encrypted in the WHMCS database. The admin interface allows you to select a field to encrypt from a dropdown box. This will enable encryption on the field and encrypt any existing data. This module will then automatically encrypt the selected field when a user enters data into this field via a new order or an admin edits the product/service. The field is then automatically decrypted when viewing a product/service or client details in the admin area or the client area. Decryption may be disabled at any time on a field from the admin interface which will automatically decrypt all data and update the database. This module will work with new or existing product or client custom fields, however it doesn't work with a field you have selected to show on an invoice and it doesn't work with a field a provision module needs access to unless you can change the code for the module to decrypt the field. Works with WHMCS 6.x or later