valorin

Damn! I forgot about that... this just gets more annoying. Ah well, I'll have to rip it out along with the credit card details in my script.

Niklas, have you actually tried? I have. The WHMCS code is fully encrypted, and unless I missed something obvious, we don't know what or where the encryption function is stored within the code to use it independently of WHMCS. If I either knew what the encryption function was, or how to easily access it, then yes it would be a piece of cake. Care to fill me in on the secret so I can write these 10 lines?

Hence the need for a way to change the hash and convert the currently stored credit card details to the new hash. I am working on making our WHMCS installation PCI-DSS compliant and I have this problem: Most of my company have the CC hash stored on their computers. If any of these staff members go rogue and keep the cc hash when they leave the company, they can decrypt all the CC details if they ever get access to the system. I want to update the db with a new hash, which will not be passed around, and only accessible to people with direct access to the box. Thus ensuring that only staff I trust can decrypt CC details, AND I can roll out new hashes whenever I need to (i.e. when staff members leave) as an extra security precaution. Sound obsessive? Yes, it might be. But after reading the PCI-DSS compliance documents, it's a requirement for us. I actually have a plan to write a script which will do this for me. It's not going to be pretty, but it is possible - I've decrypted the CC details before.

Yup, I was given a new copy of the api.php file which resolved the issue for me.

Ok, so it doesn't allow login with empty passwords for normal customers. Is there anything that can be done about preventing it from working for staff as well?

I just did it a number of times on our installation, it let me straight in no problems. We are running the latest version of WHMCS. I was switching the 'Status' between the various options (Active, Inactive, Closed), so maybe that has something to do with it? Edit: Ok, I just saw your "and dont be logged in as admin".. it doesn't appear to work when I logout of admin.

Yes, it will encrypt it so it looks no different to all the other clients that actually do have passwords.

Ha! Go into your WHMCS installation, bring up a random client, and go to the 'Profile' page, and then look for the 'Password' field. By your reasoning, you have just invaded your clients privacy. How do you feel now? We discovered that the admin section lets staff save clients without passwords, and then lets the clients login without passwords... So in an effort to protect our clients privacy I was trying to implement a script to look for empty passwords, so we could then go through and update them to have a password. As encrypted passwords aren't a static value (i.e. they change each time they are encrypted), it was impossible to check for an empty password without decrypting it first to see if it was empty. So.... can you understand my intentions now?

No, we switched servers we were actively provisioning on to one that works without the problem. We still don't know what caused it, as both were running identical environments.

I am trying to decrypt client passwords with no success. I have tried both the API Function and the decrypt() function in functions.php and both return some weird characters, and not he password. Is there a of decrypting client passwords?

I agree with this. If a domain changes hands, the old owner should have no access to change any details if we set it to cancelled rather than moving it.

Is there a way of checking the payment status of an Invoice via the API? All it would need to do is take the invoice number and return the status. I don't want to go down the path of connecting to the database directly, for a number of reasons.

Ticket submitted

I am working on a script which Creates and invoice using the API, and then tells the system to Capture the Payment, again using the API. The Create Invoice function is working without any problems. It sets the right payment method, and returns the invoice number as expected. When I pipe the Invoice number into the Capture payment function, it fails to return any sort of response and does not make payment. The POST data I am sending is: Array ( [action] => capturepayment [invoiceid] => 58079 [username] => <USERNAME> [password] => <PASSWORD> ) The Apache error log gives me the following: [Mon Feb 16 14:17:09 2009] [error] [client <IP>] PHP Fatal error: Call to undefined function getclientsdetails() in /<...>/includes/ccfunctions.php on line 0 We are using the latest version of WHMCS. Any ideas whats wrong?

It is not a firewall issue - we've checked that already, and it wouldn't be working on the server if it was anyway! I tried it with another one of our cpanel servers and it worked fine, so there looks to be something wrong with the configuration of the server (either whmcs side or cpanel side).

It is connecting fine and performing the actions on the server, it appears to be timing out before a decent response is received.

We recently upgraded our version of WHMCS to v3.8.1 and now we are having problems with the cPanel module. Every time we attempt "Create" or "Terminate" the page hangs for a while before returning this error: Module Command Error An unknown error occured The action does happen on the server, i.e. it does create and terminate the account, just for some reason it fails to return a success and it hangs. The real problem with this is that orders which are automatically created are not being marked as 'complete' and our staff are wasting time dealing with them when before they'd simply automatically complete and not become a problem. Any ideas how I can get this resolved?