Jump to content

Admin Login Splash?

smorkin

By smorkin
in Developer Corner

 Share

Recommended Posts

smorkin Junior Member

smorkin

Posted
Posted

Hi,

 

I would like to modify the admin/login.php splash. I don't see any template so i am guessing the powered by is in the database, but I couldn't find as I would like to remove it.

 

I would also like to remove the admin reset link on admin/login.php if possible?

 

I know the logo can be replaced at images/loginlogo.gif

 

Thanks :)

sshot.gif

0
Link to comment
Share on other sites
Nexxterra Senior Member

Nexxterra

Posted
Posted

forgot password is toggled via a check box in general in admin setup

The WHMCS can be removed only by paying for unbranding at whmcs

There are 2 locations for the logo, 1 will change it on forms, the other in the admin folder will change it in the admin area

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
I have unbranded but it still shows up with the powered by thing in the admin area. Always wondered about that, since it is indeed unbranded in the client areas.

 

I think unbranded will only remove "powered by" in the clientarea, but i could be mistaking, others on here may put me right on this point.

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted (edited)
Correct... it only removes it from the clientarea

 

Seconded ^^

 

However, You have paid for unbranding, and unbranding you must have.

 

Open up your favourite text editor. preferably one with a search in files.

 

In the options:

search for: whmcs (not case sensitive)

Search in: whmcs/your_admin_directory/templates/ (choose recursive)

Files to search: *.*

 

This says, find "whmcs", in templates and below, in all files.

 

you will get the results with filename & line number in a good edition and in a better one you can click the results to open to the file location. (textpad is a better one, all be it a paid one and definitely worth its weight in gold let alone cash money)

 

you can then edit or remove all resulting branding, just be careful not to just overwrite all, some of the results may well be from language files an as a result of a one shot overwrite all, you will break some of the language settings if **** is the case.

 

Better to open the ones you need to edit and then make changes manually or select in open files as the over write rule.

 

 

However, i would still consider and will repeat this until WHMCS finally do so. they need to make an API only version that we can all use directly without any whmcs stuff. this would be super cool and well its far behind the times.

Edited by disgruntled
0
Link to comment
Share on other sites
smorkin Junior Member

smorkin

Posted
  • Author
Posted

This says, find "whmcs", in templates and below, in all files.

 

Thanks everyone for the info.

It doesn't seem to be in any template, I can trace it to either being in a PHP file, JS or CSS.

 

With a Grep and Inspector, it goes to #extra_info that is inherited.

 

It would be nice to edit this one out of public view if they get to admin ƒ

0
Link to comment
Share on other sites
Iceman Senior Member

Iceman

Posted
Posted

It would be nice to edit this one out of public view if they get to admin ƒ

 

Well if you password protect your admin (or whatever you have named it) directory using .htaccess noone will ever see it, unless they have that first username and password. Simple. : )

0
Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted

change the admin folder name

put a deny from all, allow from ( ip here ) in your htaccess file for the new admin folder. that way no one can see what your using, we also have a standard folder named admin that will snag IP addresses and all pertinant information shoud anyone try to login to it it sends us an email and is not polite to the attempted breach

0
Link to comment
Share on other sites
Iceman Senior Member

Iceman

Posted
Posted

Hang on guys, wasn't the point of this thread to stop the displaying of the "powered by" on the Admin login page to the average web user? Or did I misss somehwere that the goal is actually to stop all hackers seeing that page?

 

If you want to be certain with security of the "admin area" then by all means take the above measures as well. Otherwise, a simple password using htaccess will prevent the normal web browser visitor from seeing the "powered by" admin screen.

 

Cheers,

Paul

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted (edited)
I too, would like to do this, since someday I may be having resellers.

 

I would hope by the time you have resellers you would be better prepared to "resell" them whmcs licenses and not have a need for them accessing your own system admin area thats for your own use not theirs, would you really want to give an outsider access to your business?

 

Now, if you are looking to hide this because of your staff, this i can understand

Edited by disgruntled
0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted

The only option i can see for this is to rewrite the login script entirely, of course for this you need to be able to create the same session that whmcs does but that shouldnt be too difficult and seeing as you are writing your own login script for whmcs then you are not breaching the licensing by doing so as you wont be decompiling the login.php script just replacing it, the passwords are md5 hashed, so this would need to be done during login.

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted
No they would be seperate installs with licenses etc, but when I do go forward with this (it'll be a while) I wanted to have a login screen coherent with the rest of the customised WHM/cPanel theme I already have.

 

 

Well in all fairness, in this instance i would be writing up an interface for the resellers, they would be using it through the whmcs front end rather than the back. I am assuming you are thinking along the lines of, a reseller in the literal sense where they literally resell your packages just under their branding, and not as generally occurs and create a reseller account on the server.

 

I dont really know which is the better solution, depends how much you want to control their usage and how much support your wiling to throw at it..

 

Anyway.. Offtopic, Sorry folks,.

0
Link to comment
Share on other sites
smorkin Junior Member

smorkin

Posted
  • Author
Posted

Simply,

 

I just want the admin link gone as a good hacker can break through a .htaccess and/or a launch spiderbot that is looking for a specific link, can then verify the running script by the link back to WHMCS. That is how many people have gotten into vB, Photopost & Zencart. I just want to remove the instance for future security.

 

That was the main reason, I started the thread.

 

Do - Agree all resellers (if that is your thing) should always need their own license and shove all the resellers if possible on reseller boxes.

 

Thanks - Have a good day!

0
Link to comment
Share on other sites
calebcall Junior Member

calebcall

Posted
Posted

FWIW, security by obscurity is no security at all. Also if you're editing template files, you should create your own admin template and edit that rather than editing one of the included ones. Otherwise, on the next upgrade, you'll loose all the changes.

0
Link to comment
Share on other sites
disgruntled Senior Member

disgruntled

Posted
Posted

If you are serious about the security of whmcs, then build a new website and shift the whmcs installation to another server thats locked down so tight a mouses fart couldnt get in without you knowing about it a week in advance.

 

you will need to lock down the server to just the ip address of your new website/server for accessing the api, and your own ip address (you might need a secret file for this that only you know about. Then aggain, if you knock off password authentication, you can shell straight in and free up your own ip address by using certs.

 

seems like the best solution to me. Then whmcs just becomes the software that does the work, you would need to work out how your going to do your billing without whmcs though because your trying to get rid?

 

 

besides this, whmcs isnt such an easy thing to mask, even with all the branding removed there a blatant things that anybody with half a clue will know whmcs from 500 paces, and if they want to hack whmcs then they will know what to look for to spot an installation. i dont want to hack whmcs yet i still know a whmcs backed website when i see one. (assuming they are using the full system and not just remote hooking into the api)

 

 

This does bring more issues though, you would need to have a very good knowledge of securing the coding your writing, oh by the way, whmcs just released another patch today,

 

patch patch away :)

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept