Jump to content

Gateway of 8.0.0 has encrypted fields?

tension

By tension
in Troubleshooting Issues

 Share

Recommended Posts

  • WHMCS Technical Analyst II
WHMCS Alex Senior Member

WHMCS Alex

Posted
  • WHMCS Technical Analyst II
Posted

Hello,

Thanks for reaching out to WHMCS.

In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table.

The following gateway settings, which don't contain sensitive data won't be encrypted: 

name
type
visible
convertto

This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module.

The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS.

That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed?

1
Link to comment
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
alzintani Junior Member

alzintani

Posted
Posted

I solved this problem by using getGatewayVariables function.

Quote

This function can be used to retrieve the configuration data for a module as specified in the _config array. For example, it might be needed to get a gateway username or secret key to validate a callback. Source https://developers.whmcs.com/payment-gateways/callbacks/#get-gateway-variables 

$vars = getGatewayVariables('gateway_name');

You might need to include gatewayfunctions.php file if the function does not exist. 

require_once ROOTDIR . '/includes/gatewayfunctions.php';

I hope this method is appropriate.

1
Link to comment
Share on other sites
tension Junior Member

tension

Posted
  • Author
Posted
12 hours ago, alzintani said:

I solved this problem by using getGatewayVariables function. 


$vars = getGatewayVariables('gateway_name');

You might need to include gatewayfunctions.php file if the function does not exist. 


require_once ROOTDIR . '/includes/gatewayfunctions.php';

I hope this method is appropriate.

thank you very much

1
Link to comment
Share on other sites
Wouter0100 Member

Wouter0100

Posted
Posted
On 8/24/2020 at 2:53 PM, WHMCS Alex said:

Hello,

Thanks for reaching out to WHMCS.

In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table.

The following gateway settings, which don't contain sensitive data won't be encrypted: 


name
type
visible
convertto

This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module.

The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS.

That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed?

Honestly I'd love to see this automatically decrypted in code before returning, something like this. When using such a cast, it is fully transparant to the code using the models. 

0
Link to comment
Share on other sites
  • 5 weeks later...
mfoland Senior Member

mfoland

Posted
Posted
On 8/24/2020 at 8:53 AM, WHMCS Alex said:

Hello,

Thanks for reaching out to WHMCS.

In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table.

The following gateway settings, which don't contain sensitive data won't be encrypted: 


name
type
visible
convertto

This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module.

The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS.

That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed?

@WHMCS Alex Please refer to Ticket #DIN-271775. I use Laravel to get pertinent information for my payment gateway, such as version number, Sandbox or Token Credentials to connect to the API, etc in the Configuration portion for the Gateway. Is there a way to get this back to the old way? 

0
Link to comment
Share on other sites
mfoland Senior Member

mfoland

Posted
Posted
On 9/18/2020 at 4:43 PM, alzintani said:

I solved this problem by using getGatewayVariables function. 


$vars = getGatewayVariables('gateway_name');

You might need to include gatewayfunctions.php file if the function does not exist. 


require_once ROOTDIR . '/includes/gatewayfunctions.php';

I hope this method is appropriate.

This is what I ended up doing and it works.

0
Link to comment
Share on other sites
  • 3 weeks later...
mfoland Senior Member

mfoland

Posted
Posted
1 hour ago, Gitex said:

Hello

I need to encrypt value to store in tblpaymentgateway ...

How i can do it ?

my custom addons not working with version 8...

please let me know the solution...

Hello @Gitex,

Let's address this in two parts:

Quote

I need to encrypt value to store in tblpaymentgateway ...

How i can do it ?

Do you mean decrypt? I'd suppose if you want to ENCRYPT you could use md5, but then you'd need to decrypt in PHP. WHMCS uses encryption already, so to decrypt what they have, you'd need something like this: 

function gateway_capture($params) {
require_once ROOTDIR . '/includes/gatewayfunctions.php';
$GatewayConfig = getGatewayVariables('gatewayName');
$testM = $GatewayConfig["testMode"];
}

What this does is grabs the parameters that are encoded. As such, I've given you a start. From here, you'd need tokens, client info, etc, which are used as parameters. I'd look up the documentation if you need more guidance. You would replace gateway and gatewayName to the actual name of your gateway.

Quote

my custom addons not working with version 8...

please let me know the solution...

What type of addons are you trying to use? As I mentioned above, if it's the gateway portion, you'll need to use the excerpt above. I use the Licensing addon for my payment gateway, and it works flawlessly with Version 8. We are solving something internal with conversion, but using the Params portion will make your gateway work with version 8. At first, we were using straight laravel, but even the SDK says use $params.

1
Link to comment
Share on other sites
Gitex Member

Gitex

Posted
Posted

Hello @mfoland

lets explain it...

now i can decrypt encoded hash from database to its real value...

but i need to know how ENCRYPT values like email, password,usernames TO HASH for saving in tblpaymentgateways

my custom addon must update values in gateway every 1 hour ... so i need to know how i can encrypt these.

thank you

0
Link to comment
Share on other sites
mfoland Senior Member

mfoland

Posted
Posted
1 minute ago, Gitex said:

Hello @mfoland

lets explain it...

now i can decrypt encoded hash from database to its real value...

but i need to know how ENCRYPT values like email, password,usernames TO HASH for saving in tblpaymentgateways

my custom addon must update values in gateway every 1 hour ... so i need to know how i can encrypt these.

thank you

I'm not exactly sure on how you would encrypt and update every one hour! Sounds like a heck of a payment gateway. What I would do is use md5 personally, but I think for what you are doing, is an SHA hash. Refer to this:

https://stackoverflow.com/questions/10916284/how-to-encrypt-decrypt-data-in-php

As far as having it change every hour, you'll need to likely set up a cron job that would use Laravel to change these values. Something WHMCS may be able to pipe in, or the development community as I'm not sure how to exactly get these to change every hour.

0
Link to comment
Share on other sites
Wouter0100 Member

Wouter0100

Posted
Posted

@mfoland  @Gitex 

I would recommend not to use MD5 for anything other then fingerprinting files these days. If you need to encrypt and decrypt values, you also can't use MD5 - as it's an hashing algoritm with by itself can't be "decoded" of "decrypted".

The individual gateway settings are stored in the table `tblpaymentgateways`. A model (class) exists for this table at `\WHMCS\Module\GatewaySetting`. If you get the gateway setting that you want to encrypt/decrypt using that class and set it with `$model->value`, it'll be automatically encrypted and decrypted.

0
Link to comment
Share on other sites
Gitex Member

Gitex

Posted
Posted

@Wouter0100 @mfoland i need to know how i can encrypt strings for tblpaymentgateways ... i need to know the function that WHMCS  8 use to store values in tblpaymentgateways... i need WHMCS 8 internal encrypt and decrypt for tblpaymentgateways . 

$vars = getGatewayVariables('gateway_name');

it seems above link decrypt values...

now i need encryption that WHMCS 8 use...

0
Link to comment
Share on other sites
Wouter0100 Member

Wouter0100

Posted
Posted
Just now, Gitex said:

@Wouter0100 @mfoland i need to know how i can encrypt strings for tblpaymentgateways ... i need to know the function that WHMCS  8 use to store values in tblpaymentgateways... i need WHMCS 8 internal encrypt and decrypt for tblpaymentgateways . 


$vars = getGatewayVariables('gateway_name');

it seems above link decrypt values...

now i need encryption that WHMCS 8 use...

That's exactly what I was telling :-). You need to get the values through the GatewaySetting object and then write the plain text value to the value var that's on the object. Call save on the object, and it's encrypted in the DB 🙂

1
Link to comment
Share on other sites
Wouter0100 Member

Wouter0100

Posted
Posted (edited)
5 minutes ago, Gitex said:

@Wouter0100 coud you show me an example please ? 

<?php

use \WHMCS\Module\GatewaySetting;

$setting = GatewaySetting::where('gateway', '=', '{gatewayname}')->where('setting', '=', '{settingname}')->first();

var_dump($setting->value); // Unencrypted value

$setting->value = 'THIS WILL BE ENCRYPTED IN THE DATABASE'; // This will be encrypted before saving to the DB

$setting->save();

 

Edited by Wouter0100
4
Link to comment
Share on other sites
  • 1 year later...
Vander Host Junior Member

Vander Host

Posted
Posted

For anyone having the same problem but with the registrar module, there is this library that does similar to the Gateway one: 

use \WHMCS\Module\RegistrarSetting;

It seems how the setting value encryption works, how it encrypts / decrypts, basically it uses the configuration variable in the `cc_encryption_hash` to do it.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept