Problem with eWay token gateway and still being able to store CC details locally

[akust0m]

Hello,

 

I've read the following request but there is still a problem I'd like to solve somehow:

 

https://requests.whmcs.com/topic/never-store-credit-card-information-locally-when-using-a-tokenized-gateway

 

The eWay token gateway itself works great, customers can make payments with their credit card, the card details get saved with eWay, they can even update their card details from within WHMCS. This works great!

 

But...if a client changes their Payment Method to PayPal for instance, they are able to save credit card details straight into my local database. This is a big issue and defeats the point of using a token gateway.

 

If the clients payment method is set to the eWay token gateway and if they haven't also made a payment yet, then they are presented with a message that states "You must pay your first invoice via credit card before you can update your stored card details here...". This is fantastic.

 

So essentially, if a client has their payment method set to anything other than the eWay token gateway and if they haven't made a payment before, then they are able to store credit cards locally.

 

As per the WHMCS request linked above, in one of the new WHMCS versions it is possible to make token gateway payments with the Disable Credit Card Storage box ticked. Whilst this sounds great, it no longer allows the client (or even admin) to update or remove the token payment details from WHMCS at all. This sort of seems like 1 step forward but also one step backwards.

 

If anyone else is using a token gateway and also have another gateway enabled (such as PayPal) then your clients also would have the ability to store credit card details locally in your database.

 

Does anyone have a solution to this issue? Or any ideas?

 

I suppose one good way to prevent this would be to block access to the credit card screen unless they have their payment method set to the eWay payment gateway. How can this be achieved though?

Edited January 11, 2017 by akust0m

[akust0m]

Whoa, I think I just solved my issue and I don't even do coding/development

 

It is probably bad code, if someone could critique this method that would be fantastic.

 

I've changed the top of clientareacreditcard.tpl as per the following:

 

From..

 

{if $remoteupdatecode}

   <div align="center">
       {$remoteupdatecode}
   </div>

{else}

   <div class="credit-card">
       <div class="card-icon pull-right">
           <b class="fa fa-2x
           {if $cardtype eq "American Express"}

... and so on

 

..to the following

 

{if $remoteupdatecode}

   <div align="center">
       {$remoteupdatecode}
   </div>

{elseif $clientsdetails.defaultgateway eq "paypal"}
<div align="center">
	{$LANG.denynewccwithpaypal}
</div>

{else}

   <div class="credit-card">
       <div class="card-icon pull-right">
           <b class="fa fa-2x
           {if $cardtype eq "American Express"}

... and so on

 

So now the customer will not be given the option to add a new credit card if their payment method is set to PayPal.

 

Is there a way to make this code change more permanent. Is it possible through a hook instead?

 

- - - Updated - - -

 

Ended up changing the exception code to the following in case any other payment methods get added:

 

{elseif $clientsdetails.defaultgateway neq "" || "ewaytokens"}
<div align="center">
	{$LANG.denynewcclocalstorage}
</div>
{else}