ipgeek-lg Posted June 17, 2012 Share Posted June 17, 2012 I am writing a "Forgotten Password" tool for clients to use instead of having a new password sent to them. Does anyone know how to set the clients password to one submitted via a form (eg: using the php api)? I have taken adequate measures to ensure security throughout so being able to do this via a form will not be a problem. 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted June 17, 2012 Share Posted June 17, 2012 http://docs.whmcs.com/API:Update_Client 0 Quote Link to comment Share on other sites More sharing options...
ipgeek-lg Posted June 17, 2012 Author Share Posted June 17, 2012 Thanks laszlof, Managed to get that in and defined the $adminuser using the module settings. 0 Quote Link to comment Share on other sites More sharing options...
disgruntled Posted June 17, 2012 Share Posted June 17, 2012 never think a form is secure, always assume the opposite, sadly no matter how many times we secure a form, sooner or later there will be another way in. just remember as soon as you see or hear of a new way in, get it plugged, whmcs wont be plugging your custom form 0 Quote Link to comment Share on other sites More sharing options...
ipgeek-lg Posted June 17, 2012 Author Share Posted June 17, 2012 Thanks for the advice, not to worry, I'm not one to assume anything! The module I am building is for the purpose of bringing more security into WHMCS, no more plaintext passwords going out via email.... Its basically a three factor auth password reset module, testing phase is under way but once finished will put this on the market as many people I have spoken to feel need to secure their WHMCS installations with this type of system. 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted June 18, 2012 Share Posted June 18, 2012 Its basically a three factor auth password reset module, testing phase is under way but once finished will put this on the market as many people I have spoken to feel need to secure their WHMCS installations with this type of system. I wrote something simular to this a while back. Sadly it was private, so I was unable to release it. Very good plan. Also, with regards to security. If proper PHP security methods are used, theres no reason you cannot make a password reset utility secure. In fact, with how simple it is, you're much less likely to have a bug in it than you would in a larger project that's not dealing directly with passwords. 0 Quote Link to comment Share on other sites More sharing options...
ipgeek-lg Posted June 18, 2012 Author Share Posted June 18, 2012 I wrote something simular to this a while back. Sadly it was private, so I was unable to release it. Very good plan. Cheers, well things are progressing quite fast with this and should be going into testing phase in the next day or so. The only problem is I've been advised by Matt the only way to force SSL on _clientarea from modules will be when 5.1 is released so looks like we will have to wait till then for this to be put out in the wild. (unless someone knows of another way) 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.