Jump to content

API: password encoding and decoding is not working?

pbaldovi

By pbaldovi
in Developer Corner

 Share

Recommended Posts

  • 2 weeks later...
  • 3 weeks later...
HerrZ Senior Member

HerrZ

Posted
Posted

with a custom php script ;) compare the datateables of whmcs with the one of the cms.

 

whmcs table is "tblclients".

then compare the keys and values of both tables and create add new clients to whmcs. best to do this with whmcs api http://wiki.whmcs.com/API:Add_Client

 

for syncronizing precheck if the client exists. if exists update ( http://wiki.whmcs.com/API:Update_Client ) else add new client. best primary key for comparing should be the email address.

0
Link to comment
Share on other sites
sgrayban Senior Member

sgrayban

Posted
Posted

Only WHMCS should be storing the passwords. That is how true login sharing is suppose to work. Trying to sync passwords site<->site is not a way I would suggest at all. If people want to change there passwords they should do it in WHMCS not the CMS.

0
Link to comment
Share on other sites
sgrayban Senior Member

sgrayban

Posted
Posted (edited)
you can not decode the users clientarea password. the api command is for decoding the serverpanel password.

 

You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.

 

public function checkWHMCSCredentials($email, $password)
{
	if($this->login_conf['whmcs_enc'] == "plain")
	{
		$result  = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
		$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

		if($result2['password'] == $password AND $email == $result['email'])
			return true;
		else
			return false;
	}
	else
	{
		$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

		$password_whmcs = explode(":", $result['password']);
		$password_form	= md5($password_whmcs[1] . $password);

		if($password_whmcs[0] == $password_form AND $email == $result['email'])
			return true;
		else
			return false;
	}
}

Edited by sgrayban
fixed code tag
0
Link to comment
Share on other sites
m00 Senior Member

m00

Posted
Posted
You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.

 

public function checkWHMCSCredentials($email, $password)
{
	if($this->login_conf['whmcs_enc'] == "plain")
	{
		$result  = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
		$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

		if($result2['password'] == $password AND $email == $result['email'])
			return true;
		else
			return false;
	}
	else
	{
		$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

		$password_whmcs = explode(":", $result['password']);
		$password_form	= md5($password_whmcs[1] . $password);

		if($password_whmcs[0] == $password_form AND $email == $result['email'])
			return true;
		else
			return false;
	}
}

 

Hey, I know that script. ;) I'm affraid it doesn't going to work on that way, but it gives you a little indication how you can realize it. If you can edit the login procedure of the external system, you could just use the WMHCS API to request the email and password and check it.

0
Link to comment
Share on other sites
  • 1 month later...
NetLink Member

NetLink

Posted
Posted

Yes, md5 is one way, so once the password is stored, it cannot easily be decrytped.

 

This is what I'm using to check if user's password is correct when they log in to my other system (already existing clients as well as WHMCS clients can now log in):

 

$enc_password = $data['password'];

$salt = substr($enc_password,-5,5);

if ( md5($salt.$entered_password).":$salt" !== $enc_password )

{

return false;

}

else

{

// do login

}

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept