souzadavi Posted January 25, 2019 Share Posted January 25, 2019 I was testing the function of credit card in WHMCS with token. Every thing works fine, but some thing wrong happen. If the customer profile has another default payment gateway defined that isnt credit card payment, when this customers goes to save the credit card in client area in (/clientarea.php?action=creditcard) the WHMCS doesn't save the token of credit card, the whmcs save all information about the credit card but doesn't save the token of credit card.... Looks like the method doesnt call the function _storeremote() of the creditcard payment... My question is how to force the form in /clientarea.php?action=creditcard call the function _storeremote() of the credit card payment gateway? thanks... 0 Quote Link to comment Share on other sites More sharing options...
souzadavi Posted January 25, 2019 Author Share Posted January 25, 2019 I did a hook, to fix it, so when the user access: /clientarea.php?action=creditcard I just update the user to creditcard payment. add_hook('ClientAreaPageCreditCard', 1, function($vars) { $command = 'UpdateClient'; $postData = array( 'clientid' => $vars['clientsdetails']['userid'], 'paymentmethod' => 'CreditCardModuleName', ); $results = localAPI($command, $postData, $adminUsername); }); 0 Quote Link to comment Share on other sites More sharing options...
SeanP Posted January 26, 2019 Share Posted January 26, 2019 This is a good temporary workaround, but could possibly cause an issue for those who have monthly reoccurring invoices that do not use the credit card gateway this hook forces. WHMCS needs to fix this, as it is a security issue where you could end up with full credit cards numbers in your database without even knowing it. If your server is not PCI compliant, and instead you are relying on a token payment gateway to alleviate the need for PCI compliance on your end, this is an issue. 0 Quote Link to comment Share on other sites More sharing options...
souzadavi Posted January 29, 2019 Author Share Posted January 29, 2019 @SeanP good point! But the Hook will force the update only with the user goes to credicard area.... Maybe It could bet set as WHMCS bug... 0 Quote Link to comment Share on other sites More sharing options...
steven99 Posted January 31, 2019 Share Posted January 31, 2019 (edited) Even with tokens, if any card info is given over your server your need to have more PCI requirements than if the token was generated at the client side via javascript. Stripe's Elements is a good example of this setup where the token is generated off server completely and you get no card details beyond expiration and last 4. If your gateway offers remote / client side token generation, then you want to use _remoteinput and you need to use your own input forms or however the gateway does it. Return your html in that function and that will show on the invoice payment page. Use _remoteupdate in similar fashion to do the credit card manage page. However, do note that according to WHMCS support those functions are depreciated and at this point no functions exist to replace them as well as they appear to be removed from docs. Edited January 31, 2019 by steven99 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.