Hook: PreModuleChangePassword does not work - please help me spot the mistake

[onklmaps]

Hi,

 

I want to disallow my clients from changing the cPanel password, so I added the following hook function:

 

add_hook('PreModuleChangePassword', 1, function($vars) {
 return array(
 /* 'serviceid' => $vars['params']['serviceid'], ---> Not sure if this is needed? */
 'abortcmd' => true,
 );
});

 

 

Can anyone help me see why it's still possible for the clients to change password?

 

Thanks!

[AffordableDomainsCanada]

Why on gods earth would someone prevent someone from changing their password ?

[onklmaps]

Because we not a normal web-host. We are more like a SAAS, and we will not offer login to cPanel at all.

For our part WHMCS is used for deploying a website + billing and support.

 

Has someone used this command before?

[brian!]

if you don't want them to log into cPanel, wouldn't it be easier to remove any links to it from your client area, rather than (I assume) leave the links there and try to then stop them from working?

[onklmaps]

I need to do both.

I did change the tpl files, but still if some skilled user enters /page=changepassword&id=232 - or something like that, he will still access the page.

That's why the abortcmd => exists.

[brian!]

I need to do both.

I did change the tpl files, but still if some skilled user enters /page=changepassword&id=232 - or something like that, he will still access the page.

well if they can still do that, then the modifications weren't as thorough as required.

 

That's why the abortcmd => exists.

well I can't recall writing a hook using PreModuleChangePassword before, so i've never had reason to test if the documentation on it is accurate.

 

if it help, this is from the old v6 documentation... probably still applicable for v7 (but it's documentation is briefer!)...

 

[TABLE=class: wikitable, width: 100%]

[TR]

[TH=align: center]Variable [/TH]

[TH=align: center] Type [/TH]

[TH=align: center] Notes [/TH]

[/TR]

[TR]

[TD]params [/TD]

[TD]Array [/TD]

[TD]All the variables below are passed in this array [/TD]

[/TR]

[TR]

[TD]accountid

[/TD]

[TD]Integer [/TD]

[TD]$vars['params']['accountid'] [/TD]

[/TR]

[TR]

[TD]serviceid [/TD]

[TD]Integer [/TD]

[TD]$vars['params']['serviceid']

Same as accountid [/TD]

[/TR]

[TR]

[TD]userid [/TD]

[TD]Integer [/TD]

[TD]$vars['params']['userid']

The user the service belongs to [/TD]

[/TR]

[TR]

[TD]domain [/TD]

[TD]String [/TD]

[TD]$vars['params']['domain'] [/TD]

[/TR]

[TR]

[TD]username [/TD]

[TD]String [/TD]

[TD]$vars['params']['username'] [/TD]

[/TR]

[TR]

[TD]password [/TD]

[TD]String [/TD]

[TD]$vars['params']['password'] [/TD]

[/TR]

[TR]

[TD]packageid [/TD]

[TD]Integer [/TD]

[TD]$vars['params']['packageid']

The ID of the product being created (tblproducts.id) [/TD]

[/TR]

[TR]

[TD]pid [/TD]

[TD]Integer [/TD]

[TD]$vars['params']['pid']

Same as packageid [/TD]

[/TR]

[TR]

[TD]serverid [/TD]

[TD]Integer [/TD]

[TD]$vars['params']['serverid']

The server id the account is being created on [/TD]

[/TR]

[TR]

[TD]type [/TD]

[TD]String [/TD]

[TD]$vars['params']['type']

hostingaccount, reselleraccount, dedicatedvpsserver or other [/TD]

[/TR]

[TR]

[TD]producttype [/TD]

[TD]String [/TD]

[TD]$vars['params']['producttype']

Same as type [/TD]

[/TR]

[TR]

[TD]moduletype [/TD]

[TD]String [/TD]

[TD]$vars['params']['moduletype']

The module being used. eg cpanel or plesk [/TD]

[/TR]

[TR]

[TD]configoptionX [/TD]

[TD]String [/TD]

[TD]$vars['params']['configoptionX']

X is a number 1->24. The options selected on the Module Settings tab of the product. [/TD]

[/TR]

[TR]

[TD]customfields [/TD]

[TD]Array [/TD]

[TD]$vars['params']['customfields']

An array of custom fields for the product in name=>value format [/TD]

[/TR]

[TR]

[TD]configoptions [/TD]

[TD]Array [/TD]

[TD]$vars['params']['configoptions']

An array of configuration options selected for the product in name=>value format [/TD]

[/TR]

[TR]

[TD]clientsdetails [/TD]

[TD]Array [/TD]

[TD]$vars['params']['clientsdetails']

An array of clientsdetails for the user [/TD]

[/TR]

[TR]

[TD]server [/TD]

[TD]Boolean [/TD]

[TD]$vars['params']['server'] [/TD]

[/TR]

[TR]

[TD]serverip [/TD]

[TD]IP Address [/TD]

[TD]$vars['params']['serverip'] [/TD]

[/TR]

[TR]

[TD]serverhostname [/TD]

[TD]String [/TD]

[TD]$vars['params']['serverhostname'] [/TD]

[/TR]

[TR]

[TD]serverusername [/TD]

[TD]String [/TD]

[TD]$vars['params']['serverusername'] [/TD]

[/TR]

[TR]

[TD]serverpassword [/TD]

[TD]String [/TD]

[TD]$vars['params']['serverpassword'] [/TD]

[/TR]

[TR]

[TD]serveraccesshash [/TD]

[TD]String [/TD]

[TD]$vars['params']['serveraccesshash'] [/TD]

[/TR]

[TR]

[TD]serversecure [/TD]

[TD]Boolean [/TD]

[TD]$vars['params']['serversecure'] [/TD]

[/TR]

[/TABLE]

[h=3]Expected Return[/h]No return is expected, however you can stop the module change password function from running by returning an array containing abortcmd.

[h=4]Return Example[/h]To abort the creation command:

$return = array();
$return[] = array("abortcmd"=>true);
return $return;

 

 

I could hazard a guess what the hook code should be, but I can't test it locally on our v7 dev, so i'll leave that to others.

 

also, a similar question was asked a few years ago - I suspect the answer is still valid, but you probably prefer your method.

 

https://forum.whmcs.com/showthread.php?40103-How-to-prevent-cpanel-password-change

[onklmaps]

Thanks alot Brian

 

That array list from v6 was a gem! Why did they leave that out in v7 documentation?

 

Well, i tried the following command now.. But it didnt work either..

add_hook('PreModuleChangePassword', 1, function($vars) {
  $return = array();
  $return[] = array("abortcmd"=>true);
  return $return;
});

 

Please be hazardous and give another suggestion Brian

[ghostshadow]

Seems, that abortcmd variable was deleted or changed from code in version 7. I'm trying to do the same in PreModuleChangePackage hook, with no luck at all.