Hook for password generation

[m107]

In my website order form, I adjusted the code to generate a random hostname and password instead of asking the client. 

<input type="hidden" name="hostname" class="form-control" id="inputHostname" value="{php}$rdmpww = substr(str_shuffle("abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"), 0, 5); echo $rdmpww;{/php}" >

<input type="hidden" name="rootpw" class="form-control" id="inputRootpw" value="{php}$rdmpw = substr(str_shuffle("@#$*123456789abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"), 0, 16); echo $rdmpw;{/php}">

Now in the latest WHMCS, it is recommended to disable the php smarty tag, so I cant use the above lines in my template anymore. The only work around should hook, I suppose. any idea how this can be converted to a hook?

 

thanks

[Remitur]

17 minutes ago, m107 said:

in the latest WHMCS, it is recommended to disable the php smarty tag

"In the latest"?!?!
It has been deprecated many years ago... (AFAIK, about 2015...)

You can try using Smarty variable modifiers:  https://www.smarty.net/docsv2/en/language.modifiers.tpl

 

[m107]

No no, you can see I was using  "{php}", now I cant use it.

[Remitur]

3 minutes ago, m107 said:

No no, you can see I was using  "{php}", now I cant use it.

It was DEPRECATED years ago, not disabled.
And it was deprecated both by WHMCS and Smarty.
 

Up to WHMCS 8.7 it should works (if you enable it: https://docs.whmcs.com/Security_Tab#Allow_Smarty_PHP_Tags ), and it will be totally removed with WHMCS 9 ( https://docs.whmcs.com/Eliminating_Legacy_Smarty_Tags )

[m107]

8 minutes ago, Remitur said:

It was DEPRECATED years ago, not disabled.
And it was deprecated both by WHMCS and Smarty.
 

Up to WHMCS 8.7 it should works (if you enable it: https://docs.whmcs.com/Security_Tab#Allow_Smarty_PHP_Tags ), and it will be totally removed with WHMCS 9 ( https://docs.whmcs.com/Eliminating_Legacy_Smarty_Tags )

Exactly. WHMCS support gave me this page:

https://docs.whmcs.com/Smarty_Security_Policy#Allow_Smarty_PHP_Tags

 

But I could not understand it.

[Remitur]

In General Settings -> Security you should have something like this (but, as you can see,  the recommended option is to DISABLE it):

 

[m107]

6 minutes ago, Remitur said:

In General Settings -> Security you should have something like this (but, as you can see,  the recommended option is to DISABLE it):

 

@Remitur I know and I want to disable it, but my question is what to do now?  How can I generate random password and hostname from now on?

[Remitur]

1 hour ago, m107 said:

@Remitur I know and I want to disable it, but my question is what to do now?  How can I generate random password and hostname from now on?

I wrote: you need to use some kind of trick using Smarty variable modifiers: https://www.smarty.net/docsv2/en/language.modifiers.tpl 

[Remitur]

11 hours ago, m107 said:

@Remitur I know and I want to disable it, but my question is what to do now?  How can I generate random password and hostname from now on?

To generate a pseudo-random password 16 chars long, you can use this Smarty expression:

{"@#$*123456789abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"|str_shuffle|truncate:16:""}

 

[m107]

11 hours ago, Remitur said:

To generate a pseudo-random password 16 chars long, you can use this Smarty expression:

{"@#$*123456789abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"|str_shuffle|truncate:16:""}

Is this correct?

<input type="hidden" name="rootpw" class="form-control" id="inputRootpw" value={"@#$*123456789abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"|str_shuffle|truncate:16:""}
>

 

[RadWebHosting]

On 4/29/2023 at 2:39 AM, m107 said:

Is this correct?

<input type="hidden" name="rootpw" class="form-control" id="inputRootpw" value={"@#$*123456789abcdefghkmnpqrstwxyzABCDEFGHKMNPQRSTUVWXYZ"|str_shuffle|truncate:16:""}
>

 

Don't forget to enclose your value in quotes (attribute="attributevalue")

[m107]

On 5/3/2023 at 4:25 AM, radwebhosting said:

Don't forget to enclose your value in quotes (attribute="attributevalue")

What do you mean?