bin_asc Posted April 10, 2008 Share Posted April 10, 2008 Is the checkout script the only way to collect a user`s password if you want to do a bridge with a 3rds party script ? If no, what type of encryption does it use. If yes, what variables are passed to the checkout script. 0 Quote Link to comment Share on other sites More sharing options...
skmd Posted April 10, 2008 Share Posted April 10, 2008 I guess its encrypt it with md5(). To make sure of that, create a user with known password, check the password in the database for this user. compare it with <? echo md5('YOURPASSWORD'); ?> 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted April 10, 2008 Author Share Posted April 10, 2008 It`s not, as I`ve checked that. 0 Quote Link to comment Share on other sites More sharing options...
skmd Posted April 10, 2008 Share Posted April 10, 2008 well, I checked it . you are right. the admins passwords are in md5 I thought its the same for the clients. i'm intrested now to know the encryption as im going to integrate it with other system. 0 Quote Link to comment Share on other sites More sharing options...
Nick Posted April 11, 2008 Share Posted April 11, 2008 The passwords in the database can be decrypted with the decrypt() function which is defined when whmcs function files are loaded. See documentation on creating new pages in whmcs, the function will be available to pages created in this manner. 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted April 11, 2008 Author Share Posted April 11, 2008 So, basically, a decrypt would give me the pure password ? 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted April 11, 2008 Author Share Posted April 11, 2008 WOO HOO, it WORKED !! Thanks Nick 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted April 11, 2008 Author Share Posted April 11, 2008 Question, what encryption does the session upw have ? 0 Quote Link to comment Share on other sites More sharing options...
dsaunier Posted April 12, 2008 Share Posted April 12, 2008 Question, what encryption does the session upw have ? As I am developping an import script from a custom site, this is of the highest interest to me, as my import script must save the clients profile with their password properly encrypted. Right now the way they are stored does not seem to be with the usual MySQL methods (mD5, Password, hash etc)? Or did I overlook something ? Thanks. Edit : Looks like we have to rely on WHMCS to encrypt those passwords; using the API and a function...Back to writing another function to encrypt passwords while importing our clients... http://wiki.whmcs.com/API:Example_Usage http://v3manual.whmcs.com/display.php?id=139 0 Quote Link to comment Share on other sites More sharing options...
gurumani Posted August 23, 2009 Share Posted August 23, 2009 The passwords in the database can be decrypted with the decrypt() function which is defined when whmcs function files are loaded. See documentation on creating new pages in whmcs, the function will be available to pages created in this manner. Nick, this function didn't work for me... I am on V4 of WHMCS. Is the decrypt() function still available? I am trying to decrypt the users passwords to get the MD5 HASH. 0 Quote Link to comment Share on other sites More sharing options...
Nick Posted August 23, 2009 Share Posted August 23, 2009 I can't remember which version made the change, but user passwords are no longer stored with reversable encryption. 0 Quote Link to comment Share on other sites More sharing options...
DedicatedPros Posted August 23, 2009 Share Posted August 23, 2009 This was one of the security upgrades in WHMCS v4, so WHMCS 3.8.2 and down will be able to get the passwords, however newer versions will not. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.