Script to automatically update Plesk passwords in WHMCS

[magga]

Hi all,

 

I have written a script which will update your WHMCS admin area with the client's Plesk password if the password has been changed.

 

This will only work if you are using the Plesk Reseller server type in WHMCS, please do not use if for the normal Plesk module - it will not work.

 

If you create this sript and set it to run on a daily basis then your WHMCS admin area will always contain the correct password for client's Plesk.

 

When you run this script, it will tell you which passwords didn't match and that the password has been updated:

 

Password held in WHMCS database for account magga-james.co.uk is not correct.

Hosting account password has been updated in the WHMCS database for account magga-james.co.uk.

 

Here is the code:

 

NOTE: PLEASE BACKUP BOTH YOUR PLESK (PSA) AND WHMCS DATABASES BEFORE USING THIS SCRIPT. I CANNOT ACCEPT ANY RESPONSIBILITY FOR LOST DATA.

 

<?php
/////////////////////////////////////////////////////////////////////////////////
// Updates WHMCS Database with current Plesk Domain Administrator password     //
// Written By Matthew James                                                    //
/////////////////////////////////////////////////////////////////////////////////

# Enter your MySQL admin/root login details
$connect = mysql_connect("localhost","enter mysql root username","enter mysql root pass");

# Select the Plesk database - psa
mysql_select_db("psa",$connect);

# Run query to select the domain name and unencrypted password from Plesk
$result = mysql_query("SELECT domains.name, accounts.password FROM dom_level_usrs INNER JOIN domains ON dom_level_usrs.dom_id = domains.id LEFT JOIN accounts ON dom_level_usrs.account_id = accounts.id") or die(mysql_error());

while($value = mysql_fetch_array($result))
{
	# Connect to WHMCS API
	$dom_admin_pass = $value['password'];
	$domain = $value['name'];

	#Enter your WHMCS path to api.php
	$url = "http://yourdomain.com/whmcs/includes/api.php";

	#Enter your WHMCS Admin Username
	$username = "enter whmcs admin username";

	#Enter your WHMCS Admin Password
	$password = "enter whmcs admin password";

	$postfields["username"] = $username;
	$postfields["password"] = md5($password);
	$postfields["action"] = "encryptpassword";

	# Encrypt the Plesk password retreived earlier
	$postfields["password2"] = "$dom_admin_pass";

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 10);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
	$data = curl_exec($ch);
	curl_close($ch);

	$data = explode(";",$data);
	foreach ($data AS $temp)
	{
			$temp = explode("=",$temp);
			$results[$temp[0]] = $temp[1];
	}

	if ($results["result"]=="success")
	{
		# Check encrypted version of Plesk password against WHMCS database
		$encrypted_pass = $temp[1];

		# Select WHMCS database
		mysql_select_db("enter name of whmcs database");

		# Get domain names from hosting database
		$get_domain = mysql_query("SELECT * from tblhosting where domain = '$domain'");

		# Loop through each domain
		while($row = mysql_fetch_array($get_domain))
		{
			# If the encrypted Plesk password is different to the encrypted WHMCS password
			if (($row['password']) != ($encrypted_pass))
			{

				# Update the WHMCS password to match
				mysql_query("UPDATE tblhosting SET password = '$encrypted_pass' WHERE domain= '$domain'");

				# And display which (if any) passwords have been changed
				echo "<font color='red'>Password held in WHMCS database for account [b]$domain[/b] is not correct.
Hosting account password has been updated in the WHMCS database for account [b]$domain.[/b]</font>

";
			}
			else
			{
				echo "<font color='green'>Password held in WHMCS database for account [b]$domain[/b] is correct.</font>

";
			}
		}			
	}
	else
	{
			# An error occured
			echo "The following error occured: ".$results["message"];
	}
}
mysql_close ($connect);
?>

 

Not only will this benefit support by having the correct password to give to clients if they forget theirs but also, will display the latest password in the Client Area when they view details for their hosting account !

 

As this script loops through every domain administrator account in Plesk and compares the password with the one in WHMCS, it can cause high MySQL load depending on the number of domains you have so I would suggest running it in the early hours.

 

Please note that this will not work the other way round - you can't change the user's hosting password in WHMCS, run this script expecting the Plesk password to be updated - it's not possible to retrieve the password from WHMCS database as it is one-way encryption.

 

I have successfully used this on Plesk 8.2.1 and WHMCS 3.4.

 

Any questions, please ask.

Matthew James

magdesign

Web Design, Hosting & Domains

[othellotech]

Nice contribution

 

This will only work if you are using the Plesk Reseller server type in WHMCS, please do not use if for the normal Plesk module - it will not work.

Why not ?

 

Please note that this will not work the other way round - you can't change the user's hosting password in WHMCS, run this script expecting the Plesk password to be updated - it's not possible to retrieve the password from WHMCS database as it is one-way encryption.

As WHMCS displays the password in plain-text format within the software, it *must* be possible to decrypt it Or did you mean to say that the API simply doesnt provide a decrypt as yet ?

[magga]

Why not ?

 

Because the first mysql statement retreives Plesk domain administrator password not client account password. I'm sure you could get it to work by just changing the SQL statement though.

 

As WHMCS displays the password in plain-text format within the software, it *must* be possible to decrypt it Or did you mean to say that the API simply doesnt provide a decrypt as yet ?

 

Maybe it is possible to retrieve it but it is a custom encryption technique and I don't know how to decrypt.

[othellotech]

Because the first mysql statement retreives Plesk domain administrator password not client account password. I'm sure you could get it to work by just changing the SQL statement though.

Neither of which should matter if the module used is for server operator or basic reseller - the functionality of pull pwd, update 2nd system shoudl be identical, all that is likely to be different is the user/pwd for accessing the PSA database.

 

When my to-do list is a bit clearer I'll run some tests

[magga]

Neither of which should matter if the module used is for server operator or basic reseller - the functionality of pull pwd, update 2nd system shoudl be identical, all that is likely to be different is the user/pwd for accessing the PSA database.

When my to-do list is a bit clearer I'll run some tests

 

Well, if they aren't a domain administrator then they don't appear in the dom_level_usrs table, which means the SQL statement won't work.

 

You'd need to grab the identifying account id from another table... in this case it would be the "clients" table.

 

I can't really test this as I'm not using the normal Plesk module but anyone else who is feel free to try it !

[dutchnet]

Great script !!

 

I changed a bit cause we are hosting WHMCS on different server then our Plesk servers.

 

Any ideas on how to cope with the two different passwords in Plesk?

As I can see there is an Domain Administrator with his own password and you have an Hosting (FTP) username and password.

 

The Domain Administrator password should be equal to the WHMCS profile password I guess and the username and password for the WHMCS Product should be equal to the username and password within Plesk for the FTP user?

 

Any suggestions are welcome :wink:

 

Lucky me I put an remark before the WHMCS update line so no passwords were changed

[magga]

Hi,

 

As I am only giving out domain administrator access rather than reseller access, I have the password for domain administrator changing the password in WHMCS products/services area. The profile password is only for the WHMCS client area.

 

I suppose you could do it so that the password in the profile is the same as the password for the plesk client account.

 

Is this what you mean ?

[dutchnet]

Hi,

 

We now have it setup such that;

1 ) the profile password in WHMCS should be identical to the Domain Administrator password in Plesk

2) the Product/Services username and password in WHMCS should be equal to the FTP user account for the corresponding domain on Plesk.

 

We do not use the reseller features in Plesk as well

[magga]

The only problem you are going to have with that is a client in WHMCS with multiple hosting accounts and therefore multiple domain administrator passwords. Profile cannot hold multiple passwords only products/services can.

[othellotech]

The only problem you are going to have with that is a client in WHMCS with multiple hosting accounts and therefore multiple domain administrator passwords. Profile cannot hold multiple passwords only products/services can.

 

I though WHMCS had been "fixed" to allow for that now ?

[Matt]

I though WHMCS had been "fixed" to allow for that now ?

You're confusing plesk client accounts which you can create only if you have admin access with domain administrator accounts which is all plesk resellers can create.

 

Matt

[dutchnet]

We are the only client account on most of our Plesk servers, four our resellers we have different servers and we do not administer them in WHMCS.

 

For the domains/sites we host we create a domainadministrator in Plesk: username: domainname.tld

password: anything we/our client choose (preferably the same as client profile password in WHMCS)

 

For each Plesk domain/site we have a FTP user:

FTP username: should be the same as the username in Product/Service in WHMCS

FTP password: should be the same as the password in Product/Service in WHMCS

[nolageek]

So this script wont update WHMCS with the passwords of Plesk Clients? Just Plesk resellers accounts? I'm confused.

[area51web]

yes i would like to know the same and also is there a way to get this to work for dedicated servers...??

[kingdolar]

any body have script like this for cpanel?

[MzaNike]

does this also works with Plesk 8.3 and whmcs 3.6?

 

Regards

Michael

[magga]

So this script wont update WHMCS with the passwords of Plesk Clients? Just Plesk resellers accounts? I'm confused.

This script fetches the "Domain Administrator" password for each account setup on your Plesk servers (not client passwords) and then inserts the password (encrypted) into the WHMCS DB for that product hence showing the correct password within WHMCS fpr the product.

 

It can easily be changed to fetch the client password by changing the SQL queries.

 

does this also works with Plesk 8.3 and whmcs 3.6?

I am using Plesk 8.3 and whmcs 3.6 and it appears to work fine, please make sure to backup both databases first before running it however.

[nolageek]

This is going to sound incredibly basic, but what is the difference between the pleskreseller module and the normal plesk module? In other words, is the pleskreseller module used when the accounts on our plesk servers are resellers, or if *I* am I pleskresller?

 

Right now, each of our customers have thier own client account set up on Plesk, and their domains are inside of them. We are using the regular Plesk module in WHMCS. (We acquired two plesk servers with accounts already on them so we didn't set this up ourselves.) Maybe we're using the wrong module?

[magga]

The pleskreseller module is designed for all accounts to be created under one client account and then each customer is giving "domain administrator" access which gives them access to that domain only.

 

I could have used the normal plesk module (where customer is a separate client) but I preferred to use the other method as it's much easier to manage.

[nolageek]

If none of our users are logging into to their reseller accounts would anything blow up if we were to move all domains into one account - it does sound much easier to manage. Trying to think of anything that could go wrong.... horribly wrong.

[djaxel]

Does anybody knows if a script like this is available for cpanel?

[ashiq88]

As this script loops through every domain administrator account in Plesk and compares the password with the one in WHMCS, it can cause high MySQL load depending on the number of domains you have so I would suggest running it in the early hours.

 

Please note that this will not work the other way round - you can't change the user's hosting password in WHMCS, run this script expecting the Plesk password to be updated - it's not possible to retrieve the password from WHMCS database as it is one-way encryption.