tension Posted August 24, 2020 Share Posted August 24, 2020 (edited) The payment gateway of version 8.0.0 has encrypted fields. Is there any decryption function? No related documents have been viewed. Edited August 24, 2020 by tension 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst II WHMCS Alex Posted August 24, 2020 WHMCS Technical Analyst II Share Posted August 24, 2020 Hello, Thanks for reaching out to WHMCS. In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table. The following gateway settings, which don't contain sensitive data won't be encrypted: name type visible convertto This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module. The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS. That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed? 1 Quote Link to comment Share on other sites More sharing options...
tension Posted September 4, 2020 Author Share Posted September 4, 2020 What if I need to use some of my settings in the _config function? 0 Quote Link to comment Share on other sites More sharing options...
alzintani Posted September 18, 2020 Share Posted September 18, 2020 I solved this problem by using getGatewayVariables function. Quote This function can be used to retrieve the configuration data for a module as specified in the _config array. For example, it might be needed to get a gateway username or secret key to validate a callback. Source https://developers.whmcs.com/payment-gateways/callbacks/#get-gateway-variables $vars = getGatewayVariables('gateway_name'); You might need to include gatewayfunctions.php file if the function does not exist. require_once ROOTDIR . '/includes/gatewayfunctions.php'; I hope this method is appropriate. 1 Quote Link to comment Share on other sites More sharing options...
tension Posted September 19, 2020 Author Share Posted September 19, 2020 12 hours ago, alzintani said: I solved this problem by using getGatewayVariables function. $vars = getGatewayVariables('gateway_name'); You might need to include gatewayfunctions.php file if the function does not exist. require_once ROOTDIR . '/includes/gatewayfunctions.php'; I hope this method is appropriate. thank you very much 1 Quote Link to comment Share on other sites More sharing options...
Wouter0100 Posted September 24, 2020 Share Posted September 24, 2020 On 8/24/2020 at 2:53 PM, WHMCS Alex said: Hello, Thanks for reaching out to WHMCS. In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table. The following gateway settings, which don't contain sensitive data won't be encrypted: name type visible convertto This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module. The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS. That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed? Honestly I'd love to see this automatically decrypted in code before returning, something like this. When using such a cast, it is fully transparant to the code using the models. 0 Quote Link to comment Share on other sites More sharing options...
mfoland Posted October 23, 2020 Share Posted October 23, 2020 On 8/24/2020 at 8:53 AM, WHMCS Alex said: Hello, Thanks for reaching out to WHMCS. In version 8.0, WHMCS will ensure sensitive gateway related data is encrypted before it's inserted into the tblpaymentgateways table. The following gateway settings, which don't contain sensitive data won't be encrypted: name type visible convertto This change should not affect gateway modules developed as per our SDK as the gateway module will be retrieving said configuration values from within the $params array (which will pass the decrypted values of settings within the _config function of the module) which is passed to all functions within the gateway module. The change itself represents a positive step forward to protecting sensitive gateway related configuration values within WHMCS. That being said, we would be interested to know of the need for being able to decrypt those values directly, via the API or another method and how that relates to the integration you have developed? @WHMCS Alex Please refer to Ticket #DIN-271775. I use Laravel to get pertinent information for my payment gateway, such as version number, Sandbox or Token Credentials to connect to the API, etc in the Configuration portion for the Gateway. Is there a way to get this back to the old way? 0 Quote Link to comment Share on other sites More sharing options...
mfoland Posted October 26, 2020 Share Posted October 26, 2020 On 9/18/2020 at 4:43 PM, alzintani said: I solved this problem by using getGatewayVariables function. $vars = getGatewayVariables('gateway_name'); You might need to include gatewayfunctions.php file if the function does not exist. require_once ROOTDIR . '/includes/gatewayfunctions.php'; I hope this method is appropriate. This is what I ended up doing and it works. 0 Quote Link to comment Share on other sites More sharing options...
Gitex Posted November 12, 2020 Share Posted November 12, 2020 Hello I need to encrypt value to store in tblpaymentgateway ... How i can do it ? my custom addons not working with version 8... please let me know the solution... 0 Quote Link to comment Share on other sites More sharing options...
mfoland Posted November 12, 2020 Share Posted November 12, 2020 1 hour ago, Gitex said: Hello I need to encrypt value to store in tblpaymentgateway ... How i can do it ? my custom addons not working with version 8... please let me know the solution... Hello @Gitex, Let's address this in two parts: Quote I need to encrypt value to store in tblpaymentgateway ... How i can do it ? Do you mean decrypt? I'd suppose if you want to ENCRYPT you could use md5, but then you'd need to decrypt in PHP. WHMCS uses encryption already, so to decrypt what they have, you'd need something like this: function gateway_capture($params) { require_once ROOTDIR . '/includes/gatewayfunctions.php'; $GatewayConfig = getGatewayVariables('gatewayName'); $testM = $GatewayConfig["testMode"]; } What this does is grabs the parameters that are encoded. As such, I've given you a start. From here, you'd need tokens, client info, etc, which are used as parameters. I'd look up the documentation if you need more guidance. You would replace gateway and gatewayName to the actual name of your gateway. Quote my custom addons not working with version 8... please let me know the solution... What type of addons are you trying to use? As I mentioned above, if it's the gateway portion, you'll need to use the excerpt above. I use the Licensing addon for my payment gateway, and it works flawlessly with Version 8. We are solving something internal with conversion, but using the Params portion will make your gateway work with version 8. At first, we were using straight laravel, but even the SDK says use $params. 1 Quote Link to comment Share on other sites More sharing options...
Gitex Posted November 12, 2020 Share Posted November 12, 2020 Hello @mfoland lets explain it... now i can decrypt encoded hash from database to its real value... but i need to know how ENCRYPT values like email, password,usernames TO HASH for saving in tblpaymentgateways my custom addon must update values in gateway every 1 hour ... so i need to know how i can encrypt these. thank you 0 Quote Link to comment Share on other sites More sharing options...
mfoland Posted November 12, 2020 Share Posted November 12, 2020 1 minute ago, Gitex said: Hello @mfoland lets explain it... now i can decrypt encoded hash from database to its real value... but i need to know how ENCRYPT values like email, password,usernames TO HASH for saving in tblpaymentgateways my custom addon must update values in gateway every 1 hour ... so i need to know how i can encrypt these. thank you I'm not exactly sure on how you would encrypt and update every one hour! Sounds like a heck of a payment gateway. What I would do is use md5 personally, but I think for what you are doing, is an SHA hash. Refer to this: https://stackoverflow.com/questions/10916284/how-to-encrypt-decrypt-data-in-php As far as having it change every hour, you'll need to likely set up a cron job that would use Laravel to change these values. Something WHMCS may be able to pipe in, or the development community as I'm not sure how to exactly get these to change every hour. 0 Quote Link to comment Share on other sites More sharing options...
Wouter0100 Posted November 12, 2020 Share Posted November 12, 2020 @mfoland @Gitex I would recommend not to use MD5 for anything other then fingerprinting files these days. If you need to encrypt and decrypt values, you also can't use MD5 - as it's an hashing algoritm with by itself can't be "decoded" of "decrypted". The individual gateway settings are stored in the table `tblpaymentgateways`. A model (class) exists for this table at `\WHMCS\Module\GatewaySetting`. If you get the gateway setting that you want to encrypt/decrypt using that class and set it with `$model->value`, it'll be automatically encrypted and decrypted. 0 Quote Link to comment Share on other sites More sharing options...
Gitex Posted November 12, 2020 Share Posted November 12, 2020 @Wouter0100 @mfoland i need to know how i can encrypt strings for tblpaymentgateways ... i need to know the function that WHMCS 8 use to store values in tblpaymentgateways... i need WHMCS 8 internal encrypt and decrypt for tblpaymentgateways . $vars = getGatewayVariables('gateway_name'); it seems above link decrypt values... now i need encryption that WHMCS 8 use... 0 Quote Link to comment Share on other sites More sharing options...
Wouter0100 Posted November 12, 2020 Share Posted November 12, 2020 Just now, Gitex said: @Wouter0100 @mfoland i need to know how i can encrypt strings for tblpaymentgateways ... i need to know the function that WHMCS 8 use to store values in tblpaymentgateways... i need WHMCS 8 internal encrypt and decrypt for tblpaymentgateways . $vars = getGatewayVariables('gateway_name'); it seems above link decrypt values... now i need encryption that WHMCS 8 use... That's exactly what I was telling :-). You need to get the values through the GatewaySetting object and then write the plain text value to the value var that's on the object. Call save on the object, and it's encrypted in the DB 🙂 1 Quote Link to comment Share on other sites More sharing options...
Gitex Posted November 12, 2020 Share Posted November 12, 2020 @Wouter0100 coud you show me an example please ? 0 Quote Link to comment Share on other sites More sharing options...
Wouter0100 Posted November 12, 2020 Share Posted November 12, 2020 (edited) 5 minutes ago, Gitex said: @Wouter0100 coud you show me an example please ? <?php use \WHMCS\Module\GatewaySetting; $setting = GatewaySetting::where('gateway', '=', '{gatewayname}')->where('setting', '=', '{settingname}')->first(); var_dump($setting->value); // Unencrypted value $setting->value = 'THIS WILL BE ENCRYPTED IN THE DATABASE'; // This will be encrypted before saving to the DB $setting->save(); Edited November 12, 2020 by Wouter0100 4 Quote Link to comment Share on other sites More sharing options...
mfoland Posted November 12, 2020 Share Posted November 12, 2020 @Wouter0100 you taught me something new! Can you encode values in the addons table as well and have it automatically unencrypt? I really like that and it would be neat if it could! I'm glad I learned something new. Thank you! 1 Quote Link to comment Share on other sites More sharing options...
Gitex Posted November 12, 2020 Share Posted November 12, 2020 @Wouter0100 ... Thank you Very Much ... your solution was great... 0 Quote Link to comment Share on other sites More sharing options...
Vander Host Posted October 25, 2022 Share Posted October 25, 2022 For anyone having the same problem but with the registrar module, there is this library that does similar to the Gateway one: use \WHMCS\Module\RegistrarSetting; It seems how the setting value encryption works, how it encrypts / decrypts, basically it uses the configuration variable in the `cc_encryption_hash` to do it. 0 Quote Link to comment Share on other sites More sharing options...
JesusSuarz Posted March 30 Share Posted March 30 On 11/12/2020 at 7:07 AM, Wouter0100 said: <?php use \WHMCS\Module\GatewaySetting; $setting = GatewaySetting::where('gateway', '=', '{gatewayname}')->where('setting', '=', '{settingname}')->first(); var_dump($setting->value); // Unencrypted value $setting->value = 'THIS WILL BE ENCRYPTED IN THE DATABASE'; // This will be encrypted before saving to the DB $setting->save(); It worked perfectly for me, I didn't know this could be done. however, this appears to be undocumented within classes. https://classdocs.whmcs.com/8.9/WHMCS/Module_ns.html Would it be good to document it? 0 Quote Link to comment Share on other sites More sharing options...
JesusSuarz Posted March 30 Share Posted March 30 In case anyone else is looking for an alternative way, this is the way I did it. $configuraciones = GatewaySetting::where('gateway', '=', 'YOUR_MODULE_NAME') ->whereIn('setting', ['public_key', 'private_key', 'testMode']) ->get(); // Inicializa las variables $apiKey = $privateKey = $testModeValue = null; // Itera sobre los resultados y asigna los valores foreach ($configuraciones as $configuracion) { if ($configuracion->setting == 'public_key') { $apiKey = $configuracion->value; } elseif ($configuracion->setting == 'private_key') { $privateKey = $configuracion->value; } elseif ($configuracion->setting == 'testMode') { $testModeValue = $configuracion->value; } } Then just use the variables: $apiKey $privateKey $testModeValue In my case I needed to find the apikey and privatekey data of my module because my hook had to consume these details. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.