Jump to content

Set cPanel password on account creation


shout

Recommended Posts

When users create an account, they set their WHMCS account password, but the cPanel password is created automatically on the backend and is emailed to them.

 

I don't like that their cPanel password is emailed to them plaintext. But as it is, the only option is to have them log in to their WHMCS account and go to the "change password" section, where their cPanel password is shown plaintext and can be changed.

 

How is it possible to create the cPanel password during their initial signup instead of having them log in and change their password?

Edited by shout
Link to comment
Share on other sites

After hours of looking through documentation and searching this forum, I came across [thread=44262]this thread[/thread] where Damo said this:

 

You could achieve this by creating a custom hook that sets the password of the new cPanel account to that of the WHMCS password. Of course, the login (username) will still be different as WHMCS uses an email address and cPanel an 8 character string.

 

Your clients can log in to WHMCS and then click the cPanel login button for the associated web hosting account. That way they don't need to know the password.

 

I've looked through the API:Module Change Password documentation, but I'm still really struggling with how to do this from the cart checkout template.

 

Looking into the actual template file where the user can change their cPanel password, this seems to be the important bit:

{if $modulechangepassword}
<form method="post" action="{$smarty.server.PHP_SELF}?action=productdetails">
	<input type="hidden" name="id" value="{$id}" />
	<input type="hidden" name="modulechangepassword" value="true" />

	current username: $username
	current password: {$password}

	new password:
	<input type="password" name="newpw" id="newpw" />

	confirm new password:
	<input type="password" name="confirmpw" />

	<input type="submit" />
</form>
{/if}

 

However, {$modulechangepassword} is false in checkout, so it doesn't seem to work. Can anyone figure out how to piece this together?

Link to comment
Share on other sites

Using the client's WHMCS password wouldn't work because if an existing client is placing an order, there is no way to decrypt the client's WHMCS password.

 

What I would recommend doing is creating a product custom field which would allow the customer to enter a password when they signup as long as you check the Show on Order Form Box.

 

Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the

Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted.

 

http://docs.whmcs.com/Hooks:Products/Services#AfterModuleCreate

Link to comment
Share on other sites

Thanks, that does seem like a good solution. I think I can figure out how to do all of that except removing a value from the database.

 

Also, how safe is it to send the password unencrypted like this and store it in the database, even temporarily?

Link to comment
Share on other sites

  • 4 weeks later...

I'm wondering, would it be possible to use the internal API to call Module Change Password directly, instead of doing it through AfterModuleCreate? The more I think about it, the more it seems like a bad idea to save the password directly in the database, even briefly.

Link to comment
Share on other sites

Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the

Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted.

And then you'd want to delete the welcome email for the hosting account, as it's in there in plain-text, and edit the password-tab in the product details template as it's shown on there as well ...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated