Set cPanel password on account creation

[shout]

When users create an account, they set their WHMCS account password, but the cPanel password is created automatically on the backend and is emailed to them.

 

I don't like that their cPanel password is emailed to them plaintext. But as it is, the only option is to have them log in to their WHMCS account and go to the "change password" section, where their cPanel password is shown plaintext and can be changed.

 

How is it possible to create the cPanel password during their initial signup instead of having them log in and change their password?

Edited September 3, 2013 by shout

[shout]

After hours of looking through documentation and searching this forum, I came across [thread=44262]this thread[/thread] where Damo said this:

 

You could achieve this by creating a custom hook that sets the password of the new cPanel account to that of the WHMCS password. Of course, the login (username) will still be different as WHMCS uses an email address and cPanel an 8 character string.

 

Your clients can log in to WHMCS and then click the cPanel login button for the associated web hosting account. That way they don't need to know the password.

 

I've looked through the API:Module Change Password documentation, but I'm still really struggling with how to do this from the cart checkout template.

 

Looking into the actual template file where the user can change their cPanel password, this seems to be the important bit:

{if $modulechangepassword}
<form method="post" action="{$smarty.server.PHP_SELF}?action=productdetails">
	<input type="hidden" name="id" value="{$id}" />
	<input type="hidden" name="modulechangepassword" value="true" />

	current username: $username
	current password: {$password}

	new password:
	<input type="password" name="newpw" id="newpw" />

	confirm new password:
	<input type="password" name="confirmpw" />

	<input type="submit" />
</form>
{/if}

 

However, {$modulechangepassword} is false in checkout, so it doesn't seem to work. Can anyone figure out how to piece this together?

[jclarke]

Using the client's WHMCS password wouldn't work because if an existing client is placing an order, there is no way to decrypt the client's WHMCS password.

 

What I would recommend doing is creating a product custom field which would allow the customer to enter a password when they signup as long as you check the Show on Order Form Box.

 

Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the

Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted.

 

http://docs.whmcs.com/Hooks:Products/Services#AfterModuleCreate

[shout]

Thanks, that does seem like a good solution. I think I can figure out how to do all of that except removing a value from the database.

 

Also, how safe is it to send the password unencrypted like this and store it in the database, even temporarily?

[jclarke]

It shouldn't be a big security issue as long as you remove the password from the database, it would only be stored in plaintext for under a minute. Custom fields are stored in tblcustomfieldvalues.

[shout]

I'm wondering, would it be possible to use the internal API to call Module Change Password directly, instead of doing it through AfterModuleCreate? The more I think about it, the more it seems like a bad idea to save the password directly in the database, even briefly.

[othellotech]

Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the

Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted.

And then you'd want to delete the welcome email for the hosting account, as it's in there in plain-text, and edit the password-tab in the product details template as it's shown on there as well ...