Jump to content


Level 2 Member
  • Content count

  • Joined

  • Last visited

  • Days Won


yggdrasil last won the day on August 3

yggdrasil had the most liked content!

Community Reputation

30 Excellent

About yggdrasil

  • Rank
    Level 2 Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. yggdrasil

    chicken or egg??

    Indeed, the more complex the environment, the slower your upgrades/patches will be as you are required to test many things. This is why I'm not a fan of auto updates for a product like WHMCS. Since the softwares is targeted at the minimum to small businesses or tech related people, its normal for them to have plugins, addons, hooks, and many other things they need to test for compatibility. As for IonCube don't worry. I was on a very old ioncube version before upgrading WHMCS, so this is not something you need to do frequently. Same for PHP. Most versions are supported in years time frames.
  2. yggdrasil

    Where is Whois Link?

    Exactly. I was aware the file was there before but it did nothing when loaded directly so I assumed (wrongly) it was safe until I tried passing your domain parameter when I read this post and for my surprise it works. I blocked the code on the file immediately, it does not seem to affect the registrations/transfers lookups and I don't use the auto updater and never will because of things like this. I don't WHMCS overwritten my changes or putting files back I don't want. If you think about this, now everyone that reads your post here will know how to abuse WHMCS installations for whois queries. I advise everyone to remove or block access to the file unless someone is ok with spambots hitting massively your whois file since this is basically a free whois service with no restrictions on every live WHMCS installation. While I appreciate the file for those that want to give some Whois results to their customers, those persons should probably edit the file and put some code for at least require users to log in first or another restrictions to limit queries to valid humans and not bots.
  3. yggdrasil

    Where is Whois Link?

    I had the impression this was only for the admin side and for my surprise its not. Why in the hell is this available openly for the everyone (public) without any captcha restrictions or behind a login? Idiot me. Last week I created a special protected file that uses the API to make a whois look up with rate limiting on domains and now I find this whois.php is completely open up there and live...This is very dangerous and can lead to someone abusing your whois lookups and having your server banned from a registrar. Is it safe to remove it or does the cart rely on this for domain lookups?
  4. yggdrasil

    chicken or egg??

    Correct, you need to first upgrade ioncube, otherwise the upgrade will not work. I did this recently and upgrading ioncube is very simple.
  5. yggdrasil

    [Locked]Where is WHMCS tinyMCE.init()?

    And Bear is correct. That code comes from the official TinyMCE project. Are you telling me that WHMCS wrote the init and JS files for the tinyMCE open source project? I think the answer here is no and you are using the same examples and code that everyone else does on tinyMCE or the official documentation which they post free and open. Those come and are part of tinyMCE or you can create your own based on their documentation. I'm sorry to tell you this Nate, but taking open source example codes, making a copy and paste operation does not mean you wrote them and now have a license over them. All you are doing is just recreating the same code that is open source. So claiming here WHMCS created those config files is like saying I copied every bit and byte from a software I don't own but since I did that I consider it written by me now. I think we would all agree that is ridiculous. So the class and JS from WHMCS which are encoded and contains open source code should not be encoded. In fact, WHMCS has no right to encode or create any restrictions on third party open source software. Encoding the init class for tinyMCE is exactly that as we cannot modify it anymore like the original open source project is delivered if you download it directly. At this point you are trying to make open code proprietary by not allowing others to modify it which is exactly the whole purpose of open source, re-using code and even creating forks. Its ok to mix open source with your own commercial proprietary code (depending on the license you need to release it back as open...) but you are not allowed to encode that file as a whole anymore. This is exactly why companies like cPanel and many others that rely on open source files for proprietary software (which almost everyone does at this point) don't encode their software as a whole. Why? Its a legal mess and it's a developers nightmare to have code separated (even bad for performance...). Because once you start to mix code its gets very messy just to encode some files and not others and you even need to separate the code if some are encoded. All you need is one single line of some open source code in that file to make it invalid for encoding. If WHMCS is doing this, they are violating the licenses of those softwares. For example tinyMCE has a LGPL license. And they clearly state modifications by end users should be allowed, something which is not allowed here because we have no access to the configuration file. That license states the following: The license allows developers and companies to use and integrate software released under the LGPL into their own (even proprietary) software without being required by the terms of a strong copyleft license to release the source code of their own components. The license only requires software under the LGPL be modifiable by end users via source code availability. For proprietary software, code under the LGPL is usually used in the form of a shared library, so that there is a clear separation between the proprietary and LGPL components. The LGPL is primarily used for software libraries, although it is also used by some stand-alone applications.
  6. yggdrasil

    [Locked]Where is WHMCS tinyMCE.init()?

    Well Nate comment is a bit misleading. The poster here asked where the init files are and Nate said twice now they are behind an encoded class. He then said tinyMCE is not encoded... The init configuration files are part of tinyMCE, those are the most important files and if we don't have access to that config we cannot change anything, which is the reason we have this post. If they encode even 1 file from an open source project, you are still encoding open source. I understand this can be a mistake but the fact they encoded the most important file that calls tinyMCE configuration is about taking control away from customers to make changes. So sure, tinyMCE as a whole is not encoded, but the configuration files are !!! This is like leasing me a car, charging me but not giving me the key. Then telling me the car is open and I'm free to drive it. This is exactly what they did here. He said tinyMCE is not encoded but if I cannot use the key configuration here: https://www.tiny.cloud/docs/configure/ Well, that is encoded in my book. And sure, they could claim here that WHMCS created the configuration file (based on probably tinyMCE examples). This is fine if we are allowed to overwrite it with our own. Which I think is not the case here. Let me put like this. The tinyMCE init files are part of tinyMCE, not WHMCS !!! And those are behind an encoded class and Nate said so. Since those are the most important files to modify the editor, I think we can conclude the core functionality was encoded and not by mistake. This is exactly what I was talking in another post. WHMCS is kidnapping control over software they didn't wrote. Sure, they are shipping those open source files in the vendor library non encoded, but they moved the configuration files out to encoded ioncube files which makes some vendor libraries useless. tinyMCE being one example and I could name many other things that WHMCS encoded which are part of open source projects. If one customers takes WHMCS and breaks the obfuscation they would surely consider this breaking the license agreement but somehow WHMCS things they can encode open source configuration init files and not break those license agreements.
  7. yggdrasil

    [Locked]Where is WHMCS tinyMCE.init()?

    I think I wrote a very long rant in another post about this Nate. WHMCS should not be encoding software from third parties. Neither they should encode classes and functions which someone needs to have available in order to modify public GUI functions. TinyMCE is a GUI interface, so all functions and code related to it should not be encoded and customer accessible. This has nothing to do with core WHMCS functions, its just someone that wants to change how he interacts visually with the interface. I hope someone at WHMCS starts to realize they are a bit happy trigger lately with IonCube obfuscation which is giving me and other customers troubles lately with more things moved behind a dark box. Please someone at WHMCS for version 8, make a clear separation of the core licensing functions and all the public output data and GUI functions. Feel free to keep encoding the first ones but please don't keep mixing the files an encode GUI stuff, intentionally or by mistake. And please put back functions to the templates that where moved to an encoded file on newer releases. Some PHP code should be user accessible.
  8. yggdrasil

    [Locked]Where is WHMCS tinyMCE.init()?

    Yes this is also killing me and I just didn't found time yet to increase this without affecting the published articles. I have to zoom heavily and go full screen while editing articles. The font is tiny on the admin side.
  9. Very nice and thank you for sharing. I like to think as hosting as anything that involves hosting a service somewhere regardless of what data it involves. If you think it that way, WHMCS can be used to sell anything that involves a time one product or a recurring product. Of course, its more fit for services, and mostly tech related services but this can be anything from a simple web hosting package to a manage support IT package or a complex cloud metered solution, software or a combination of all. The more flexible and open a product is, the more it can fit a custom business and I think this is what WHMCS should always try to follow as every company, even in the same market is different in the way they sell services or provide products. From a local IT company, to a global company selling in mass quantities, it can all work with enough customization and integration. I see many companies that don't sell hosting or domains using WHMCS, for example software developers or companies just providing IT support. Most of them are small business and rely on heavy modifications on their installations. This is also why I think WHMCS should increase the time they support versions, as for those customers, it requires far more time and work to integrate everything back on each major upgrade.
  10. yggdrasil

    WHMCS causing tax evasion

    If you are calculating 2.5256 you will get a different result than just 2.xx because it would be rounded to 2.53 with just two decimals. At 5 you round directly to the next number...You can't have 2.52256 Euros so its 2.53. You can replicate this in many softwares that make the same mistake. I even had one financial institution that one a year was off by one cent. If you are using Euros or USD you should only do 2 decimals, not more. If I learned one thing is not to use WHMCS for accounting, even after discussing this with CPA, some stuff is weird with WHMCS. The way it does credits, refunds and currencies is completely incorrect. Once you do proper double accounting on accrual or cash basis mode you can spot all the issues and your accounting software does the proper tax numbers correctly. I think the bug you hit is that WHMCS is not rounding them correctly in some fields so you are off by a few cents. This is incredible simple to fix if you had access to the code. All you need to do is reduce the decimals. 0.00 should be done in all code calculations (for Euros), I bet they are doing 0.000 in the tax part while 0.00 for the rest and so its not rounding correctly on the final amount.
  11. Are you sure about this John? There is no reason why this should be left in your online server as far as I'm aware on other softwares. That file is the Node JS output on the developer machine while generating source files. People are not running Node JS on their WHMCS servers so its useless. Of course I might be completely wrong but I'm curious why its advised leaving that redundant config file in place on a live production installation (not development system). The less information you are giving attackers about the files running on a WHMCS installation the better. Listing all the versions to the whole world on what you are using seems like a bad idea.
  12. yggdrasil

    Wish List for WHMCS v8

    Did not cPanel purchased a stake in WHMCS? Maybe one day, WHMCS is sold completely and management is fully replaced, assuming this is the root of the problems. At this point I think it is. If WHMCS was my company I would be embarrassed to release things like 7.6 on its current state and would be more open to customers feedback. Someone is approving those releases. They only have 1 job, developing WHMCS and they don’t get even that part right if they are releasing such buggy versions out to the public. Its like maybe the owners are not in love with what they do anymore or don’t like their brand or work. If this is true, they should let it go to someone that will take better care and move into new ventures. Personally, if I was the owner I would feel very sad to read a topic like this on my community. I consider my customers the only reason to exist. Without them there is no company, no brand, no progress and no future.
  13. yggdrasil

    Wish List for WHMCS v8

    I don't want an open source system either. I want them to make WHMCS more open code base or at least, as minimum revert the things they encoded and put them non encoded again and stop encoding anything related to the user interface in the future. I have no problem with having bugs on the admin area. But on the user client area I don't find this acceptable. Why should I even have names to WHMCS in site source code? This was not true in the past, now they are even hard coding that. Their own branding into your source code. Without my customers I'm nothing and there is no reason why WHMCS should cause them to suffer from GUI issues and other stuff which I cannot fix easily. If they are going to keep this trend to encode everything and every new code feature they release, at least they should NEVER encode anything that is directly an output to the user/customer interface. Are you sure things will never change Brian? Most business I know rectify once you punish them where it hurts. Money. If people move to a competitor in the future, WHMCS will absolutely be forced to make changes or go out of business. You will be amazed how some people change once they start to suffer financially. They start to question what is happening and some go back to the root of their problems or some business to their core of what made them successful in the past. Sometimes they are able to change on time, sometimes not. You cannot keep doing business by charging a few bucks unless you have a big amount of customers and in order to attract those numbers you need the bigger brands on board. Look it like cPanel, its cheap but everyone is using it from big companies to startups. Their revenue is based on the numbers, not milking just a few big customers. This is a very bad business strategy for WHMCS, losing power users. All those new people investigating WHMCS will just say, "Well if X brand is using them, then it works for me as well....". But if they lose those brands, or lost them already, then they will be in trouble. In order to attract and keep those bigger businesses they need to be more flexible and open to changes. Those business need deeper integrations than just a third party module. I'm surprised by the quality of companies now using the "WHMCS small but growing competitor" and WHMCS has nothing to show. Why? This is what they should be asking. Maybe you are right Brian and WHMCS is not afraid of competitors. This is what kills companies and fast. They start to relax and play it safe.
  14. yggdrasil

    Wish List for WHMCS v8

    No, it would not, the "news" part on my setup acts exactly like your it.example.com or /it/ part. Since "news" in an English word it triggers the switch to English and since "notizie" is Italian it would switch to Italian. So going back to your example of the CPU: whmcs/news/i5-760 = English only and not Italian Its actually the same as your it.example.com or example.com/it/ except I use the "news" trigger here as the identification. The same is true for articles, help for English or guide for Italian, aide for french... Its not a duplicate. That URL is displayed in English only. If someone switches the language on that page, it goes to the proper language URL. It's the same thing you are doing but I'm switching the WHMCS url's directly instead of using a sub-domain or sub-folder. But you did. You gave up on your time and energies which equals to money lost. The one thing we all have limited on this earth, is time. If you wasted even 1 hour doing this because you knew WHMCS would cause you troubles, then you already lost something. You had to rewrite your own custom solution around WHMCS instead of using WHMCS. You did not even modify WHMCS (because you can't change encoded code), you basically wrote your separate solution. This is the issue here. You should not be doing this and nobody should for things that are freely available on every other web software. You are a developer probably, but a lot of WHMCS customers are not and they want to stay focused on their business. If they hire a web developer to change their URL's that person will find out he can't because its encoded and now the person has to hire a PHP coder in order to write a custom solution around this. Something which in other system the webmaster can change with a few line changes. Are you sure about this? Look the new features they are releasing. Power users, which include developers complained I think last year in other places that WHMCS is constantly adding features for newbies and not developer or power users. Look at the biggest features in the last 2 years, the market place just one of them. Do you think this is something targeted at developer and power users? Auto updates? Again, developer merge changes and changes and don't use that either. In fact, I think this is against developers because now those that develop modules are left out because WHMCS is trying to integrate services directly instead of letting others build modules. This also makes no sense because they are making WHMCS dumber, not smarter. They are letting you code less by encoding more files and code that developers had access before. I'm disagree with this statement. WHMCS is not doing this for the sake of you or developers. They are trying to make it more like a dumb system where newbies click here and there and have everything working out of the box and trying to avoid anyone from modifying things. That is not a problem at all today. You would be using a comparison system or software, or even make a checksum if a customer changed something to a file. It would take a developer seconds to discover a changed line or even 1 single character. Assuming you are saying here a customer of yours changed something. This is absolutely zero problem for most developers, they would detect a changed file or code from the original and spot the issue or just tell the customer they cannot support a changed file. No issues here. If WHMCS is not able to do this, then I will seriously question their capabilities as developers as even very basic IDE's have features like this. Also, your statement is a bit contradictory here. If you are saying that WHMCS is doing this for developers, but then you are ok with them encoding stuff, don't you realize this creates more troubles for you in the future? You cannot make some very advanced changes to WHMCS and neither can you find out if something is not working. I would argue the opposite. Forcing WHMCS customers to only use some specific hooks or API's is to simplify things. This is to let some basic developers do things but not advanced integrations. The ones that need to heavily integrate WHMCS with expensive custom build systems/sites can't just do this stuff with a few hooks and API's (which may or may not work). You then could argue that those companies should maybe not use WHMCS but this is the problem. WHMCS in the past was used even by big hosting providers. If its only fit for small one night ventures today or very small businesses, then we agree that WHMCS is getting worse over what it powered in the past. We all did at some point. But its getting worse and we should accept more and more restrictions. As a developer, you should be the first one to refuse this limitations. I don't think any developers is happy working with IonCube software... Because its hurting you and your business. You will not be able to suggest WHMCS for more serious projects in the future because they will just consider it a toy for simple stores. Or your current customers might have a problem in some future with WHMCS that is stopping them from growing or selling more. Then they will ask you for a solution and you will constantly fight the software instead of just doing what you know best, which is coding and developing.

Important Information

By using this site, you agree to our Terms of Use & Guidelines