getclientsdetails > password hash issues

[muchos]

I am having trouble creating the correct hash for a certain account, not sure why, could be due an unusual salt.

 

I can log into the control panel with the password: mutasim4321 , but when it comes to creating a hash to use over the API it doesn't match the one saved.

 

The password hash stored is e706df93eceb437192fe0ae7d1793c92:ýsg

 

The one created is md5(ýsgmutasim4321) = be2c54930f8df4c3db04fd57f5c56186.

 

Any ideas?

[laszlof]

What API are you trying to use? The WHMCS api expects admin login credentials, and the password field uses the just an md5 hash of the password. There is no salt defined. The password stored in the tbladmins table in the database DOES have a salt, so it wont be a direct match to what you're passing to the API.

 

http://docs.whmcs.com/API:Example_Usage

[muchos]

Sorry I was referring to the 'getclientsdetails' action, the password field (for that client) that is returned.

[laszlof]

The client passwords are encrypted using md5 with a salt. The salt is defined after the : in the string that is returned. My suggestion would be to use the decryptpassword/encryptpassword if you are able to get the password in plain text.

[muchos]

AFAIK you can't you decryptpassword for clients passwords.

 

The issues isn't my understanding of hashing the password with the salt, it is the issue of mismatching hash's with this particular salt, potentially a bug or error in handling foreign characters?