Custom Login

[rosscoD]

I'm trying to create a Ajax login system on my site and I wondered how I pass the password variable to check if it's valid. What for of encryption does that password use?

 

Has anyone managed to make their own login system? What would be the best way to check if the password is valid? Any help would be great.

 

Thanks.

[InteraNetworks]

Why do you need a custom login? Can't you use the built in code? Have your tried the login integration code from your WHMCS admin?

 

Just curios...

[rosscoD]

Hello, I wanted to create a site that uses AJAX for many of the functions on the front end. I have actually just managed to successfully create an AJAX login system for my site that validates with WHMCS and logs the user in with no page refresh. I don't like static forms, I like JS effects and validation. Not to mention the reduction of server load etc.

 

I am currently creating a new hosting site for my small development business that I am starting up. I own dedicated servers and have some customers so I want to give them the best possible experience, plus it's helped me understand how WHMCS works.

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

[Thales]

Hello, I wanted to create a site that uses AJAX for many of the functions on the front end. I have actually just managed to successfully create an AJAX login system for my site that validates with WHMCS and logs the user in with no page refresh. I don't like static forms, I like JS effects and validation. Not to mention the reduction of server load etc.

 

I am currently creating a new hosting site for my small development business that I am starting up. I own dedicated servers and have some customers so I want to give them the best possible experience, plus it's helped me understand how WHMCS works.

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

 

Definitely be interested if you do release a secure version.

 

-fin

Thales

[Aniruddh]

Hey, have you found success implementing AJAX Login? cuz I'm looking for the same.

[kmm2908]

 

The user password was the a little difficult to understand but with the power of cURL and PHP explode, I managed to match a users password against the WHMCS database and allow access.

 

I don't know how secure my methods are but I will be asking someone to test it out and if it's safe, I can release what I done.

 

Yep I'm in the same boat, trying to understand WHMCS password encryption.

 

Documentation tells us that they use a salt and md 5 like so: md5(salt.password):salt

http://wiki.whmcs.com/API:Get_Clients_Password

 

So retrieve the encrypted password and the salt is what comes after last : and therefore

md5(salt + Entered password) + : + salt should equal password in database.

 

It doesn't!

 

Any ideas from anyone on how to take a given password and check it against the stored password for verification?

 

Driving me mad, why can we not have clear guidelines for developers on such basic requirements?

 

As with most WHMCS functions I am going to end up modifying the password encryption process, save encrypted passwords that I can verify in a custom field and completely bypass the api.

[ShaunR]

There sure are alot of people with these problems... and NO answers!!!!

[kyri]

can someone from whmcs shine some light on this issue? I'm trying to ajaxify authenticating to whmcs from my homepage in a similar way to http://www.localphone.com

[kyri]

oh forget it, I got what I needed from this post: http://forum.whmcs.com/showthread.php?t=17665

[kmm2908]

Hey come on Matt, a lot of people have been waiting for a reply on this one for a very long time!!

 

anyone able to help us please!

[razib.net]

first get the password stored in the database, grab the salt, then hash your raw password using that salt-

 

$hash = md5($salt . $password) . ":" . $salt;

 

WHMCS hash's the clients password using the above PHP method.

[ShaunR]

here's somthing i found/wrote up when i was messing with WHMCS. It might be useful to others in the future..

 

http://www.ndchost.com/wiki/software/whmcs/client-password-hash

[razib.net]

Here is the sample code to grab the Salt from database-

 

$email = $_POST['email'];
$upassword = $_POST['password'];
include_once("dbconfig.php");
$q= mysql_query("select * from tblclients where email='$email' ");
$r = mysql_fetch_array($q);
$pass= $r['password'];
$salt = substr( $pass, strrpos( $pass, ':' )+1 );
//you can compare user submitted password using this code
$upass = md5($salt . $upassword) . ":" . $salt;

 

Now you can validate by matching $pass and $upass