Make LoginShare hook always pass credentials

[Mikko]

Hi,

 

We have a Single Sign-On system that we'd like to integrate WHMCS into.

We'd like to use WHMCS as the login form; logging into our backend and WHMCS at the same time.

LoginShare fits our demands exactly, except for the part “The hook point is run when the client does not exist in the WHMCS database.“.

 

Using the ClientLogin hook would be an ugly hack, requiring us to either store the user's password in clear text or disable password checks on our backend.

We'd prefer a solution where the passwords are stored only in our backend, but password synchronization is OK if we have to.

 

If someone knows of a setting or file that will make the login go directly to LoginShare, please tell!

 

If there is no switch to do this, what is the best way to defeat WHMCS's own password check?

 

Screwing with mysql, using triggers ect sounds hazardous. It not enough to scramble the password, we'd have to change the username and email.

 

The best option I've come up with is to modify the login procedure itself.

Unfortunately dologin.php is ioncubed, so I can't modify that.

That leaves making a wrapper named dologin.php that modifies the username/e-mail then posts it to the original dologin.php.

If anyone has any tips on doing that, please share.