Jump to content

Custom Login

rosscoD

By rosscoD
in Developer Corner

 Share

Recommended Posts

rosscoD Member

rosscoD

Posted
Posted

I'm trying to create a Ajax login system on my site and I wondered how I pass the password variable to check if it's valid. What for of encryption does that password use?

 

Has anyone managed to make their own login system? What would be the best way to check if the password is valid? Any help would be great.

 

Thanks.

0
Link to comment
Share on other sites
rosscoD Member

rosscoD

Posted
  • Author
Posted

Hello, I wanted to create a site that uses AJAX for many of the functions on the front end. I have actually just managed to successfully create an AJAX login system for my site that validates with WHMCS and logs the user in with no page refresh. I don't like static forms, I like JS effects and validation. Not to mention the reduction of server load etc.

 

I am currently creating a new hosting site for my small development business that I am starting up. I own dedicated servers and have some customers so I want to give them the best possible experience, plus it's helped me understand how WHMCS works.

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

0
Link to comment
Share on other sites
Thales Junior Member

Thales

Posted
Posted
Hello, I wanted to create a site that uses AJAX for many of the functions on the front end. I have actually just managed to successfully create an AJAX login system for my site that validates with WHMCS and logs the user in with no page refresh. I don't like static forms, I like JS effects and validation. Not to mention the reduction of server load etc.

 

I am currently creating a new hosting site for my small development business that I am starting up. I own dedicated servers and have some customers so I want to give them the best possible experience, plus it's helped me understand how WHMCS works.

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

 

Definitely be interested if you do release a secure version.

 

-fin

Thales

0
Link to comment
Share on other sites
  • 1 month later...
kmm2908 Senior Member

kmm2908

Posted
Posted

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

 

Yep I'm in the same boat, trying to understand WHMCS password encryption.

 

Documentation tells us that they use a salt and md 5 like so: md5(salt.password):salt

http://wiki.whmcs.com/API:Get_Clients_Password

 

So retrieve the encrypted password and the salt is what comes after last : and therefore

md5(salt + Entered password) + : + salt should equal password in database.

 

It doesn't!

 

Any ideas from anyone on how to take a given password and check it against the stored password for verification?

 

Driving me mad, why can we not have clear guidelines for developers on such basic requirements?

 

As with most WHMCS functions I am going to end up modifying the password encryption process, save encrypted passwords that I can verify in a custom field and completely bypass the api.

0
Link to comment
Share on other sites
  • 3 weeks later...
  • 2 weeks later...
  • 4 months later...
razib.net Junior Member

razib.net

Posted
Posted

Here is the sample code to grab the Salt from database-

 

$email = $_POST['email'];
$upassword = $_POST['password'];
include_once("dbconfig.php");
$q= mysql_query("select * from tblclients where email='$email' ");
$r = mysql_fetch_array($q);
$pass= $r['password'];
$salt = substr( $pass, strrpos( $pass, ':' )+1 );
//you can compare user submitted password using this code
$upass = md5($salt . $upassword) . ":" . $salt;

 

Now you can validate by matching $pass and $upass

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept