Jump to content

WHMCS Frontend Login


MrGeneral

Recommended Posts

Hey there,

 

I'm currently trying to build a frontend for WHMCS, instead of doing it via templates, as this doesn't allow exactly to change the look and feel, I'll just build a frontend, entirely separate to the WHMCS setup.

 

So I'm trying to validate the login, the entered password never matches the stored hash... What's the stored hash/salt used for users? The tblclients have: email and password tables, trying to get this working, the hash that's entered never, never matches the one in the DB even though I'm entering it correctly.

 

Cheers,

 

Link to comment
Share on other sites

1 hour ago, MrGeneral said:

Hey there,

 

I'm currently trying to build a frontend for WHMCS, instead of doing it via templates, as this doesn't allow exactly to change the look and feel, I'll just build a frontend, entirely separate to the WHMCS setup.

 

So I'm trying to validate the login, the entered password never matches the stored hash... What's the stored hash/salt used for users? The tblclients have: email and password tables, trying to get this working, the hash that's entered never, never matches the one in the DB even though I'm entering it correctly.

 

Cheers,

 

It uses bcrypt, https://www.php.net/manual/en/function.password-get-info.php

array(3) {
  ["algo"]=>
  string(2) "2y"
  ["algoName"]=>
  string(6) "bcrypt"
  ["options"]=>
  array(1) {
    ["cost"]=>
    int(10)
  }
}

you can use the password_verify function to verify the password. https://www.php.net/manual/en/function.password-verify.php

 

 

Link to comment
Share on other sites

15 hours ago, leemahoney3 said:

It uses bcrypt, https://www.php.net/manual/en/function.password-get-info.php

array(3) {
  ["algo"]=>
  string(2) "2y"
  ["algoName"]=>
  string(6) "bcrypt"
  ["options"]=>
  array(1) {
    ["cost"]=>
    int(10)
  }
}

you can use the password_verify function to verify the password. https://www.php.net/manual/en/function.password-verify.php

 

 

I'll give this a try, thank you!

Link to comment
Share on other sites

  • 2 months later...
On 6/28/2023 at 7:24 PM, leemahoney3 said:

It uses bcrypt, https://www.php.net/manual/en/function.password-get-info.php

array(3) {
  ["algo"]=>
  string(2) "2y"
  ["algoName"]=>
  string(6) "bcrypt"
  ["options"]=>
  array(1) {
    ["cost"]=>
    int(10)
  }
}

you can use the password_verify function to verify the password. https://www.php.net/manual/en/function.password-verify.php

 

 

So sorry for the delay in visiting your solution. I didn't have time to check.

 

[Wed Sep 20 15:45:30.008534 2023] [proxy_fcgi:error] [pid 20236:tid 140477797701376] [remote ***] AH01071: Got error 'PHP message: Stored password hash: ***PHP message: Hashed entered password: **PHP message: Password check failed for user: ***PHP message: Entered password:***', referer: https://***

It never matches, I must be doing something wrong.

Any idea?

My authenticate file is the following:

 

<?php

session_start();

$dbHost = "localhost";
$dbUser = "***";
$dbPassword = "***";
$dbName = "***";

$db = new mysqli($dbHost, $dbUser, $dbPassword, $dbName);

if ($db->connect_error) {
    die("Connection failed: " . $db->connect_error);
}

if (!isset($_POST["email"]) || !isset($_POST["password"])) {
    // Redirect back to login with an error message
    $_SESSION['errorMessage'] = "Please provide both email and password!";
    header("Location: login.php");
    exit();
}

$email = $db->real_escape_string($_POST["email"]);
$password = $_POST["password"];

$query = $db->prepare("SELECT id, firstname, lastname, password FROM tblclients WHERE email = ?");
$query->bind_param("s", $email);
$query->execute();

$result = $query->get_result();

if ($result->num_rows === 0) {
    // No user with this email address
    $_SESSION['errorMessage'] = "No user found with this email address!";
    header("Location: login.php");
    exit();
}

$row = $result->fetch_assoc();

$storedHashedPassword = $row['password'];

// Print the stored password hash and hashed entered password for debugging
error_log("Stored password hash: $storedHashedPassword");
error_log("Hashed entered password: " . password_hash($password, PASSWORD_BCRYPT));

// Use password_verify to check if the provided password matches the stored bcrypt hash
if (password_verify($password, $storedHashedPassword)) {
    // Password matches
    $_SESSION['clientName'] = $row['firstname'] . ' ' . $row['lastname'];
    $_SESSION['clientId'] = $row['id'];
    header("Location: welcome.php");
    exit();
} else {
    // Log some additional information for debugging
    error_log("Password check failed for user: $email");
    error_log("Entered password: $password");

    // Redirect back to login with an error message
    $_SESSION['errorMessage'] = "Invalid login credentials!";
    header("Location: login.php");
    exit();
}
?>

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated