rahulkg Posted January 10, 2019 Share Posted January 10, 2019 WHMCS support offers a secure password/user/URL submission on their ticketing system when you are reporting issues, we need to offer it to our users too and to stop asking them for user/pass in plain text over the ticketing system. So if whmcs consider to develop this module in near future or can we develop from our side ? Please give us further details and suggestions for this work to be done. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted January 10, 2019 Share Posted January 10, 2019 This is a few years old, but there's a request under consideration: https://requests.whmcs.com/topic/support-ticket-custom-field-type-for-encrypted-data 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted January 10, 2019 Share Posted January 10, 2019 5 hours ago, rahulkg said: WHMCS support offers a secure password/user/URL submission on their ticketing system when you are reporting issues, we need to offer it to our users too and to stop asking them for user/pass in plain text over the ticketing system. looking at the code in the browser, they're Support Ticket Custom Fields (albeit presented in a nice way!)... https://docs.whmcs.com/Custom_Fields#Support_Custom_Fields if you need these values encrypting in the database, then there are addons in the Marketplace that can do that... WHMCS Secure Credentials Ticket Sensitive Data the "Secure Credentials" addon's output looks very close to WHMCS own solution, so that might be a good choice - perhaps contact the developer and see if there is a trial version available. 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted March 22, 2021 Share Posted March 22, 2021 On 1/11/2019 at 2:32 AM, brian! said: looking at the code in the browser, they're Support Ticket Custom Fields (albeit presented in a nice way!)... https://docs.whmcs.com/Custom_Fields#Support_Custom_Fields if you need these values encrypting in the database, then there are addons in the Marketplace that can do that... the "Secure Credentials" addon's output looks very close to WHMCS own solution, so that might be a good choice - perhaps contact the developer and see if there is a trial version available. I use the custom field in the support ticket option, and make it a password field. This means it is not visible once submitted. It's fine, but if you want to send secure info to the client, they can't "unlock" the password field as the custom field is ******* in the support area It would be nice to have a secure field that could be viewed by entering the password again or something. 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted March 23, 2021 Share Posted March 23, 2021 14 hours ago, sol2010 said: I use the custom field in the support ticket option, and make it a password field. This means it is not visible once submitted. It's fine, but if you want to send secure info to the client, they can't "unlock" the password field as the custom field is ******* in the support area if you're using v8 or later, then those fields will now be encrypted... in earlier versions, they would have been stored just as plain text. you could show the actual values if you wanted to, but they would have to be decrypted first. 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted March 23, 2021 Share Posted March 23, 2021 4 hours ago, brian! said: Yu could show the actual values if you wanted to, but they would have to be decrypted first. Oh Brian, you know what the next question is don't you ? 🤣 So how do we decrypt it in the customer side, perhaps requiring a password to be able to view? 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 23, 2021 Share Posted March 23, 2021 20 hours ago, sol2010 said: It would be nice to have a secure field that could be viewed by entering the password again or something. I'm sure I've misunderstood, but entering it again to retrieve it? If you have it, no need to enter... Perhaps you mean the admin password? 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted March 23, 2021 Share Posted March 23, 2021 (edited) @bear If I send a message to customer and enter something in password field , when they login to the ticket, they can't see it? So how can we decrypt it at the front end? In the admin, I think it is always visible / once logged in Edited March 23, 2021 by sol2010 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 23, 2021 Share Posted March 23, 2021 Ah, I get it. Thanks. 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted March 25, 2021 Share Posted March 25, 2021 On 23/03/2021 at 18:31, sol2010 said: So how do we decrypt it in the customer side the clue was in the word "decrypt"! 🙂 https://developers.whmcs.com/api-reference/decryptpassword/ the real pain is not the decrypting the password part (that's a handful of lines at most), it's the sidebar... there's no neat simple way to modify the values... there's a long-winded way, but i'm not sure if it wouldn't just be easier(though still a pain) to recreate the whole thing from scratch and format the output as required. 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted June 13, 2022 Share Posted June 13, 2022 On 3/26/2021 at 6:01 AM, brian! said: the clue was in the word "decrypt"! 🙂 https://developers.whmcs.com/api-reference/decryptpassword/ the real pain is not the decrypting the password part (that's a handful of lines at most), it's the sidebar... Could you provide some help on where I need to add the decrypt password code ? I can see there is a "decryptpassword" file in the includes/api folder - but I'm not sure that is relevent.... If I create a ticket as client name "smith" and add a password in there - then logout and then in again as "smith" - I can see the password field I created, but I cannot decrypt it or see how to reveal what was written..... So how to decrypt ? 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted July 2, 2022 Share Posted July 2, 2022 @brian! If you have 5 minutes, can you elaborate on where the decryptpassword code should be applied? https://developers.whmcs.com/api-reference/decryptpassword/ 0 Quote Link to comment Share on other sites More sharing options...
bear Posted July 2, 2022 Share Posted July 2, 2022 7 hours ago, sol2010 said: @brian! If you have 5 minutes You should probably read his signature? 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted July 28, 2022 Share Posted July 28, 2022 On 7/2/2022 at 11:06 PM, bear said: You should probably read his signature? Ahh yes, I forgot he's sipping cocktails in Hawaii (garden shed) now.... 😉 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 16, 2022 Share Posted August 16, 2022 On 7/2/2022 at 11:06 PM, bear said: You should probably read his signature? Hey @bear Do you have any suggestion on how I can do the decrypt? I can't believe there is no simple way for customers to submit encrypted data to us and for us to be able to see it easily. 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 16, 2022 Share Posted August 16, 2022 Linking this here! 0 Quote Link to comment Share on other sites More sharing options...
bear Posted August 16, 2022 Share Posted August 16, 2022 11 hours ago, sol2010 said: Do you have any suggestion on how I can do the decrypt? None at all, I'm afraid. Quote I can't believe there is no simple way for customers to submit encrypted data to us and for us to be able to see it easily. I believe it. The product has moved away from what the user wants and towards what WHMCS feels is important. User feedback is ignored, as it's sent to the idea graveyard "feature request", where it sits for literally years with no action, even with hundreds of votes. Meaningless. 2 Quote Link to comment Share on other sites More sharing options...
leemahoney3 Posted August 16, 2022 Share Posted August 16, 2022 Is this not possible now using the Password custom field? Or do you mean you wish for the custom field to be decrypted on the clients side as well as the admin side? 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 17, 2022 Share Posted August 17, 2022 (edited) 13 hours ago, leemahoney3 said: Is this not possible now using the Password custom field? Or do you mean you wish for the custom field to be decrypted on the clients side as well as the admin side? No it's not currently possible - unless I'm mistaken. I have set up a custom field in the support ticket department and the custom field type is "password". When I log in as test user, I can not see the info I am typing. Nor after submission. On both sides - we need to have theso that the user (who is logged in to their account) can check what they sent - and the admin can view the secure info.... this is what we need - how can we add it using a hook ? this is what I have Edited August 17, 2022 by sol2010 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 17, 2022 Share Posted August 17, 2022 (edited) OK so we can do this with a hook.... but how do I incorporate the code to decryptpassword ? use WHMCS\View\Menu\Item as MenuItem; add_hook('ClientAreaSecondarySidebar', 1, function(MenuItem $secondarySidebar) { if (!is_null($secondarySidebar->getChild('Custom Fields'))) { $secondarySidebar->getChild("Custom Fields") ->setLabel("User Information"); }); How to incorporate this? if ($customfield->type === 'password') decryptpassword($customfield->customFieldValues->value); Also wanting to link this topic here - might be worth just re-doing the entire thing Edited August 17, 2022 by sol2010 0 Quote Link to comment Share on other sites More sharing options...
leemahoney3 Posted August 17, 2022 Share Posted August 17, 2022 (edited) These forums are becoming a joke, I can't even post code snippets anymore without getting 403's. Please see my solution for this here: https://pastebin.com/0Tf26CKN Edited August 17, 2022 by leemahoney3 Cant post code 2 Quote Link to comment Share on other sites More sharing options...
leemahoney3 Posted August 17, 2022 Share Posted August 17, 2022 1 hour ago, leemahoney3 said: These forums are becoming a joke, I can't even post code snippets anymore without getting 403's. Please see my solution for this here: https://pastebin.com/0Tf26CKN Just to note, I've posted a cleaned up version on my GitHub at https://github.com/leemahoney3/whmcs-decrypt-custom-fields-in-tickets Has the ability to exclude certain custom fields by their name if needed. 2 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 18, 2022 Share Posted August 18, 2022 (edited) 3 hours ago, leemahoney3 said: Just to note, I've posted a cleaned up version on my GitHub at https://github.com/leemahoney3/whmcs-decrypt-custom-fields-in-tickets Has the ability to exclude certain custom fields by their name if needed. Amazing! That looks fantastic. Thanks for helping. I will test it and come back to you. Meanwhile, can you share a screenshot of what this will look like from the client side? Rather than showing anything by default, we need to check that a) they are logged in and b) show a reveal "eye" icon (best practice, rather than showing it by default) like this: Edited August 18, 2022 by sol2010 0 Quote Link to comment Share on other sites More sharing options...
leemahoney3 Posted August 18, 2022 Share Posted August 18, 2022 Only those with access to the ticket should be able to see it. For the field to be hidden, you can modify the JavaScript to achieve this. 0 Quote Link to comment Share on other sites More sharing options...
sol2010 Posted August 20, 2022 Share Posted August 20, 2022 On 8/19/2022 at 8:05 AM, leemahoney3 said: Only those with access to the ticket should be able to see it. For the field to be hidden, you can modify the JavaScript to achieve this. Thank you I was successfully able to implement this and it works great. One question that you may be able to assist with. Is it possible to provide logged in client the ability to delete the password from the custom field? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.