API: password encoding and decoding is not working?

pbaldovi · March 7, 2010

Hi,

i m tring to use the whmcs users to give other services to my clients, buy i cant make work the password encription or decription

Any one know a way to do that?

thanks

PD. Sorrry my english

pbaldovi · March 18, 2010

Hi,
i m tring to use the whmcs users to give other services to my clients, buy i cant make work the password encription or decription

Any one know a way to do that?

thanks

PD. Sorrry my english

some comentary?

m00 · March 18, 2010

Can you explain exactly what you want?

pbaldovi · March 18, 2010

Can you explain exactly what you want?

i want to sincronize the users from whmcs to a custom CMS software.

thks

HerrZ · March 18, 2010

you can not decode the users clientarea password. the api command is for decoding the serverpanel password.

pbaldovi · March 19, 2010

thanks for reply.

Do you know some way to syncronize the client database whit a custum CMS client database?

webmaster@town2web.com · April 8, 2010

thanks in advance

HerrZ · April 8, 2010

with a custom php script compare the datateables of whmcs with the one of the cms.

whmcs table is "tblclients".

then compare the keys and values of both tables and create add new clients to whmcs. best to do this with whmcs api http://wiki.whmcs.com/API:Add_Client

for syncronizing precheck if the client exists. if exists update ( http://wiki.whmcs.com/API:Update_Client ) else add new client. best primary key for comparing should be the email address.

pbaldovi · April 10, 2010

its a good idea, but the problem come when we need syncronize the passwords, the two passwords are encryped in diferents ways.

sgrayban · April 10, 2010

Only WHMCS should be storing the passwords. That is how true login sharing is suppose to work. Trying to sync passwords site<->site is not a way I would suggest at all. If people want to change there passwords they should do it in WHMCS not the CMS.

sgrayban · April 10, 2010

you can not decode the users clientarea password. the api command is for decoding the serverpanel password.

You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.

public function checkWHMCSCredentials($email, $password)
{
	if($this->login_conf['whmcs_enc'] == "plain")
	{
		$result  = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
		$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

		if($result2['password'] == $password AND $email == $result['email'])
			return true;
		else
			return false;
	}
	else
	{
		$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

		$password_whmcs = explode(":", $result['password']);
		$password_form	= md5($password_whmcs[1] . $password);

		if($password_whmcs[0] == $password_form AND $email == $result['email'])
			return true;
		else
			return false;
	}
}

Edited April 10, 2010 by sgrayban
fixed code tag

pbaldovi · April 10, 2010

i need to try this!

tks

m00 · April 10, 2010

You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.

public function checkWHMCSCredentials($email, $password)
{
	if($this->login_conf['whmcs_enc'] == "plain")
	{
		$result  = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
		$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

		if($result2['password'] == $password AND $email == $result['email'])
			return true;
		else
			return false;
	}
	else
	{
		$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

		$password_whmcs = explode(":", $result['password']);
		$password_form	= md5($password_whmcs[1] . $password);

		if($password_whmcs[0] == $password_form AND $email == $result['email'])
			return true;
		else
			return false;
	}
}

Hey, I know that script. I'm affraid it doesn't going to work on that way, but it gives you a little indication how you can realize it. If you can edit the login procedure of the external system, you could just use the WMHCS API to request the email and password and check it.

sgrayban · April 11, 2010

heh I just wanted to prove that it can be done.

NetLink · May 30, 2010

If we can't decrypt the passwords, we should at least be able to encrypt them. Otherwise how would we check the entered password against the one that's stored in the WHMCS database?

NetLink · May 30, 2010

Just figured it out. Couldn't find it before, but the salt used to encrypt the passwords is attached to the end of the password. This is the format:

md5($salt.$password):$salt

HerrZ · May 31, 2010

ok good to know. but md5 is still an one way encryption. right?

NetLink · May 31, 2010

Yes, md5 is one way, so once the password is stored, it cannot easily be decrytped.

This is what I'm using to check if user's password is correct when they log in to my other system (already existing clients as well as WHMCS clients can now log in):

$enc_password = $data['password'];

$salt = substr($enc_password,-5,5);

if ( md5($salt.$entered_password).":$salt" !== $enc_password )

{

return false;

}

else

{

// do login

}

API: password encoding and decoding is not working?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Important Information