API (Encrypting Password)

[CP-Chris]

Hi,

 

I am currently building a few little scripts for my customers which use their WHMCS login. After realizing that WHMCS doesn't use MD5, I found that you have to use the API to do a password check along the WHMCS DB. Not a problem.. I used the script example from the Wiki and it works fine apart from the result from the API when encrypting the password is 2 chars short

 

function EncryptPassword ($value) {
$url = "removed"; # URL to WHMCS API file
$postfields["username"] = "removed";
$postfields["password"] = "removed";
$postfields["action"] = "encryptpassword";
$postfields["password2"] = "$value";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);

$data = explode(";",$data);
foreach ($data AS $temp) {
 $temp = explode("=",$temp);
 $results[$temp[0]] = $temp[1]; }

if ($results["result"]=="success") {} else { echo "The following error occured: ".$results["message"]; }

return $results['password']; 
//return print_r($results);
}

 

I am comparing the result from the script above to the raw data in the WHMCS database and it is missing the last 2 chars. Does anyone know the method of how to decrypt it rather than using the API? If not do you have any ideas how to resolve it.

 

Hope to hear your thoughts,

 

Regards,

 

-Chris

[mysmallbizu]

Is the api the only way to access the password?