How to save the credit card_data and in whmcs database using stripe payment gateway.

[Mohit Sharma]

Hello,
I want to save the credit card last four digit and card_data in whmcs database in blob format manually so we can add the add payment method from other page.
Please help!

[Carl H]

It probably depends on which payment gateway you are using, but this works for me for saving Stripe customer ids and payment ids I created outside of WHMCS so I can relate them to a customer in WHMCS.

set block_encryption_mode = 'aes-256-cbc';

update tblcreditcards set card_data = hex(aes_encrypt('{"remoteToken":"{\"customer\":\"' . $stripeCustomerId . '\",\"method\":\"' . $stripePaymentMethodId . '\"}"}', md5($creditCardHash . $clientId), unhex('00000000000000000000000000000000'))) where id= $rowId;

Requires MySQL (not Maria) 5.7 or greater.

In your case to get the format of the value that's encrypted in card_data, I'd save a credit card through WHMCS first and then read what's in the card_data value:

SELECT AES_DECRYPT(UNHEX(card_data),md5($creditCardHash . $clientId),unhex('00000000000000000000000000000000')) AS card_data FROM tblcreditcards where id = $rowId;

Bests,
Carl

[Remitur]

On 1/3/2020 at 12:04 PM, Mohit Sharma said:

I want to save the credit card last four digit and card_data in whmcs database in blob format manually so we can add the add payment method from other page.

Beware: to do this, your company and your system are required to be PCI compliant (over 300 different security checks, external auditing...).

It's a nightmare, and costs a lot of money early...

[CrazySerb]

On 1/9/2020 at 7:26 PM, Carl H said:

It probably depends on which payment gateway you are using, but this works for me for saving Stripe customer ids and payment ids I created outside of WHMCS so I can relate them to a customer in WHMCS.

set block_encryption_mode = 'aes-256-cbc';

update tblcreditcards set card_data = hex(aes_encrypt('{"remoteToken":"{\"customer\":\"' . $stripeCustomerId . '\",\"method\":\"' . $stripePaymentMethodId . '\"}"}', md5($creditCardHash . $clientId), unhex('00000000000000000000000000000000'))) where id= $rowId;

Requires MySQL (not Maria) 5.7 or greater.

In your case to get the format of the value that's encrypted in card_data, I'd save a credit card through WHMCS first and then read what's in the card_data value:

SELECT AES_DECRYPT(UNHEX(card_data),md5($creditCardHash . $clientId),unhex('00000000000000000000000000000000')) AS card_data FROM tblcreditcards where id = $rowId;

Bests,
Carl

Hmm... how / where do I find that $creditCardHash variable to run something like this manually in phpMyAdmin?

I'm trying to update the card_data data to use the new JSON format that stores customer/method data like this for Stripe payments:
 

{"customer":"cus_XYZ","method":"pm_XYZ"}

instead of the old 3rd party Stripe plugin that just stored it like this

cus_XYZ,pm_XYZ

without having to force all hundred+ of my clients to log in manually, every single one of them, and to update the credit cards on record. 

[Petey]

On 10/7/2023 at 4:10 PM, CrazySerb said:

Hmm... how / where do I find that $creditCardHash variable to run something like this manually in phpMyAdmin?

I'm trying to update the card_data data to use the new JSON format that stores customer/method data like this for Stripe payments:
 

{"customer":"cus_XYZ","method":"pm_XYZ"}

instead of the old 3rd party Stripe plugin that just stored it like this

cus_XYZ,pm_XYZ

without having to force all hundred+ of my clients to log in manually, every single one of them, and to update the credit cards on record. 

A couple of things as I am going through this right now....  

 

$creditcardhash is stored in configuration.php.   I found a script on GitHub that provides a working example on how to decrypt.   Right here:  https://gist.github.com/harryspink/82c095a89e39d3a077cd2d7dc640fddb

I'm checking out on how to encrypt as Carl is doing via SQL, but using WHMCS phpseclib as shown in the decrypt example above.