shout Posted September 2, 2013 Share Posted September 2, 2013 (edited) When users create an account, they set their WHMCS account password, but the cPanel password is created automatically on the backend and is emailed to them. I don't like that their cPanel password is emailed to them plaintext. But as it is, the only option is to have them log in to their WHMCS account and go to the "change password" section, where their cPanel password is shown plaintext and can be changed. How is it possible to create the cPanel password during their initial signup instead of having them log in and change their password? Edited September 3, 2013 by shout 0 Quote Link to comment Share on other sites More sharing options...
shout Posted September 3, 2013 Author Share Posted September 3, 2013 After hours of looking through documentation and searching this forum, I came across [thread=44262]this thread[/thread] where Damo said this: You could achieve this by creating a custom hook that sets the password of the new cPanel account to that of the WHMCS password. Of course, the login (username) will still be different as WHMCS uses an email address and cPanel an 8 character string. Your clients can log in to WHMCS and then click the cPanel login button for the associated web hosting account. That way they don't need to know the password. I've looked through the API:Module Change Password documentation, but I'm still really struggling with how to do this from the cart checkout template. Looking into the actual template file where the user can change their cPanel password, this seems to be the important bit: {if $modulechangepassword} <form method="post" action="{$smarty.server.PHP_SELF}?action=productdetails"> <input type="hidden" name="id" value="{$id}" /> <input type="hidden" name="modulechangepassword" value="true" /> current username: $username current password: {$password} new password: <input type="password" name="newpw" id="newpw" /> confirm new password: <input type="password" name="confirmpw" /> <input type="submit" /> </form> {/if} However, {$modulechangepassword} is false in checkout, so it doesn't seem to work. Can anyone figure out how to piece this together? 0 Quote Link to comment Share on other sites More sharing options...
jclarke Posted September 3, 2013 Share Posted September 3, 2013 Using the client's WHMCS password wouldn't work because if an existing client is placing an order, there is no way to decrypt the client's WHMCS password. What I would recommend doing is creating a product custom field which would allow the customer to enter a password when they signup as long as you check the Show on Order Form Box. Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted. http://docs.whmcs.com/Hooks:Products/Services#AfterModuleCreate 0 Quote Link to comment Share on other sites More sharing options...
shout Posted September 3, 2013 Author Share Posted September 3, 2013 Thanks, that does seem like a good solution. I think I can figure out how to do all of that except removing a value from the database. Also, how safe is it to send the password unencrypted like this and store it in the database, even temporarily? 0 Quote Link to comment Share on other sites More sharing options...
jclarke Posted September 3, 2013 Share Posted September 3, 2013 It shouldn't be a big security issue as long as you remove the password from the database, it would only be stored in plaintext for under a minute. Custom fields are stored in tblcustomfieldvalues. 0 Quote Link to comment Share on other sites More sharing options...
shout Posted September 27, 2013 Author Share Posted September 27, 2013 I'm wondering, would it be possible to use the internal API to call Module Change Password directly, instead of doing it through AfterModuleCreate? The more I think about it, the more it seems like a bad idea to save the password directly in the database, even briefly. 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted September 27, 2013 Share Posted September 27, 2013 Then you could create an AfterModuleCreate php hook that could get the custom field and then use the internal API to call the Module Change Password command to set the password to what the user entered. After you do that I would recommend removing the stored value of the custom field from the database since it wouldn't be encrypted. And then you'd want to delete the welcome email for the hosting account, as it's in there in plain-text, and edit the password-tab in the product details template as it's shown on there as well ... 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.