Jump to content

Struggling with the API

getup

By getup
in Developer Corner

 Share

Recommended Posts

getup Member

getup

Posted
Posted

For some reason I can't figure out how passwords are used in http://wiki.whmcs.com/API:Get_Clients_Password. It says:

 

The hash uses the format "md5(salt.pw):salt" and so the salt can be obtained from the 5 characters after the colon (:) for you to be able to generate your own hash to compare

 

So how should I build a password based on the returned hash? This is what I have so far:

 

$passCheck 	= explode(":", $result['password']);
		$salt		= $passCheck[1];
		if($passCheck[0] == md5("{$salt}.{$password}"))

 

Though they never match. I'm not sure what's going wrong here. Any ideas?

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted (edited)
l]Though they never match. I'm not sure what's going wrong here. Any ideas?

 

 

one idea..

 

$hash = md5($salt.$pass);

 

if thats how you hash the password.. thats how you hash all passwords.

 

when you check the password you need to do the same hash sequence as you did to set the password.

 

Dont mean to sound like i think your dumb because i dont, your doing somthing i will never do and thats use the api because i cant seem to get my head around it right now,

 

The above is just something i have seen before in regards to ppl using salts or even straight md5() and forgetting to salt in teh same way or hash in teh same way then wonder why there is no match.

 

It should be intuitive but its not i dont suppose.

Edited by disgruntled
0
Link to comment
Share on other sites
getup Member

getup

Posted
  • Author
Posted

How am I supposed to know how WHMCS hashes the passwords? I haven't set the password, WHMCS did. Thought that'd be obvious. I'm not sure why you're thinking I did?

 

Anyway. Apparently you don't need to use the dot in md5(hash.pass) and just use md5(hashpass). Issue solved.

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted
How am I supposed to know how WHMCS hashes the passwords? I haven't set the password, WHMCS did. Thought that'd be obvious. I'm not sure why you're thinking I did?

 

Anyway. Apparently you don't need to use the dot in md5(hash.pass) and just use md5(hashpass). Issue solved.

 

Because you are given the option to hash or not.

 

general settings > security i believe its located

 

none the less, glad you have it sorted

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept