Jump to content

API action "validatelogin" - version 5.1.3


Recommended Posts

There is a bug in API action "validatelogin". It doesn't send the same hash as the main site generates for the $_SESSION['upw']. so it does not allow login, when using API validatelogin.

I am using v5.1.3 of WHMCS.


I tried with few users, and here is example of one user data:


When I call using following data:


$postfields["action"] = "validatelogin";

$postfields["email"] = "user@domain.com";

$postfields["password2"] = "abc123";


It returns hash: 5698383bd533cdcba631de375964df14b8c2cd36


But after login to whmcs using the same user, I have found the $_SESSION['upw'] is different! It returned:


$_SESSION['upw'] = 6cb888bc6b97ac4d9e490a5a24f6ac57888f9228


That's why it was not letting me do the auto login.

Could you please check the API function and provide a solution?

Link to comment
Share on other sites


Login hashes by default include the IP address of the user. And in this case since you are connecting to the API from a PHP script, the IP will be the IP your server is connecting from.


The ValidateLogin API call is designed to allow you to verify login credentials only.


If your intention is to log the user in, then you should be looking at using AutoAuth instead: http://docs.whmcs.com/AutoAuth


Otherwise you would need to disable Session IP Validation setting in Setup > General Settings > Security to be able to use the returned hash directly from the API call.



Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated