Jump to content

(API:Validate Login) IP Address Issue

arctic-ice-cool

By arctic-ice-cool
in General Discussion

 Share

Recommended Posts

arctic-ice-cool Member

arctic-ice-cool

Posted
Posted

Hi,

 

SORRY FOR POSTING THREE QUESTIONS IN A ROW, I'M JUST IN THE MIDDLE OF A DEVELOPMENT INVOLVING THE WHMCS API - THANK YOU!!

 

Whenever I used API:Validate Login or API:Add Client, they both do their job and work fine, the only thing is - in the activity logs of WHMCS, it displays the generated clients IP as the one of the server that the API originates from, and not the client side PC that is browsing?

 

Which wasn't a problem at first, until the API:Validate Login function generating the password hash uses 3 bits of information (which I know, but don't want to broadcast for security reasons), but nevertheless one of those is the remote addr / IP address of the user.

 

Therefore, setting the session variables of "uid" and "upw" are actually generated correctly, but using the servers IP address, meaning authentication will never happen for that client on that PC visiting the website?

 

Weirdly enough there is no sign of this on any forum or website, therefore I hope someone understands what I'm trying to say.

 

Thank you.

0
Link to comment
Share on other sites
arctic-ice-cool Member

arctic-ice-cool

Posted
  • Author
Posted

After doing plenty of research, I've learnt that this is down to connecting via cURL, meaning the request is always getting sent from the server, not the local client (which does make sense), but surely the API:Validate Login was tested to avoid this?

 

There is no information on this on the Wiki page,

thanks

0
Link to comment
Share on other sites
arctic-ice-cool Member

arctic-ice-cool

Posted
  • Author
Posted

To work around this problem, I have basically had to hard-code the SQL query to update the IP and HOST record in the database, every time the API completes a register and login command, this seems to correct the problem of WHMCS storing the IP of the server, instead of the clients remote address.

 

Maybe WHMCS could implement some API code to do this automatically after login and registration, to save opening multiple mysql links per query?

0
Link to comment
Share on other sites
meli Junior Member

meli

Posted
Posted

The API will always connect from the IP of the server, not the visitor. A workaround would require the IP to be passed on in any case. Essentially a fix for this from WHMCS would do exactly what you have done with your work-around. Though, if you are working with the API to an extent this is an issue, I would also recommend setting up your own logging functions to keep track of IP vs login, and other things.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept