WHMCS and cPanel passwords the same

[marce60]

I would like the cPanel account creation module to utilize the password the client entered for WHMCS at signup. Anybody knows how to arrange for this to happen? I'm willing to pay for an upgraded cPanel module that integrates this feature.

 

Thanks,

Marcelo

[uberhost]

You mean you want cPanel/WHM to let WHMCS know when a client changes their password into cPanel?

 

I don't care too much about this since I can enter any user's cPanel using my root password. The only things I cannot do using the root password is install Fantastico scripts, and if they need that done for them, I can always request their password.

 

The other thing that can't be done using the root password is accessing the user's phpMyAdmin, but that's easily overcome by going to the root's phpMyAdmin via WHM. All databases for the server can be edited from there.

 

So, is there really such a compelling need for this that you would need to pay for an add-on?

[MACscr]

So what about when the users changes one password or the other? Its better that the client understands from the very beginning that the logins are separate and are in no way synced.

[marce60]

You mean you want cPanel/WHM to let WHMCS know when a client changes their password into cPanel?

 

I do not intent for a sync between them 2. I just personally hate those randomly created passwords and do not want to issue such to my clients either. I thought than rather than create a special section to enter the desired account login and password for cPanel, I can still have the random generated login, but the initial password can be the same as the one they chose for the whmcs. If later they decide to change one or the other, I don't need to know. This is just for effects of creating the hosting account.

[marce60]

So what about when the users changes one password or the other? Its better that the client understands from the very beginning that the logins are separate and are in no way synced.

 

Good point to consider. Thanks. Thought I've seen that when people choose their passwords, there is less issues in the future than when they don't.

 

One site, I own, with user chosen passwords never or very seldom generates help request for lost passwords.

 

A different site, I also own, where passwords are random generated creates frequent tickets requesting passwords (even though they could just click the link for password recovery).

 

...thus my request.

[MACscr]

Good point to consider. Thanks. Thought I've seen that when people choose their passwords, there is less issues in the future than when they don't.

 

One site, I own, with user chosen passwords never or very seldom generates help request for lost passwords.

 

A different site, I also own, where passwords are random generated creates frequent tickets requesting passwords (even though they could just click the link for password recovery).

 

...thus my request.

 

If you search the forums, your request has been made numerous times over the years and there has been many arguments against it. I dont see it succeeding this time as well.

 

The site that you mention letting users pick their logins, do they have two logins or just one?

[9DollarDomains]

Good point to consider. Thanks. Thought I've seen that when people choose their passwords, there is less issues in the future than when they don't.

 

One site, I own, with user chosen passwords never or very seldom generates help request for lost passwords.

 

A different site, I also own, where passwords are random generated creates frequent tickets requesting passwords (even though they could just click the link for password recovery).

 

...thus my request.

I agree, and vote FOR the ability to use the same password by default. 90% of our customers are personal accounts and have a single website, and nearly everyone is confused why the password isn't what they picked when creating their account. After I explain the methodology, about 1/2 of them say ''whatever, that's dumb, can you change it to the one I picked please?''

 

The other 10% of our customers are designers with multiple sites, and they also have no problem with all their sites having their default password by default. If they want to change each site to a different password, they have the knowledge and the skills to do so without my intervention.

 

Using our old billing software (which was broken in about 50 other ways) it used the customer's password by default, and I almost never had to change or retrieve customer's passwords, for novices or pros. In my opinion, it was a far better way to do it than unrememberable passwords.

[9DollarDomains]

Besides, you know what happens with unrememberable, system generated passwords? They get written on post-it notes and stuck to people's screens. This isn't anything specific to WHMCS of course - it's the same with our bank, and our credit card processor, and several other 'secure' sites. We used to use a simple password, easy for us to remember. Now they have to be an unrememberable combination of letter, numbers and special characters, in MiXeD CaSEs, and you have to change them every 30 days. The theory is to be more secure, but the net result is passwords written on post-it notes or masking tape all over the world. That's FAR less secure than using your pet's name spelled backwards when it comes right down to it.

 

So, I'd vote for the option to use the customer's client area password as their website FTP/CPanel password by default for sure.

[uberhost]

The theory is to be more secure, but the net result is passwords written on post-it notes or masking tape all over the world. That's FAR less secure than using your pet's name spelled backwards when it comes right down to it.

 

You're joking, right?

[othellotech]

nearly everyone is confused why the password isn't what they picked when creating their account. After I explain the methodology, about 1/2 of them say ''whatever, that's dumb, can you change it to the one I picked please?''

To which you answer "no, but you can do it through the client portal".

 

Just change the welcome email to include "if you dont like the password or are too dumb to remember it you can change it at ...." works wonders

[goddess_dix]

i've seen the passwords users generate. i'm a lot more comfortable with what a system will generate.

[Austdata]

Some sanity checking on passwords wouldn't hurt. Not sure how you'd go about that for the number of languages that WHMCS is able to use.

 

Cheers,

 

Mike

[webarena]

Didn't see anyone answer this so here goes. I used the following in my shopping action hook to sync up the user password with the Plesk Module password in my setup. I'm guessing it would work as well in Cpanel. I haven't been able to check if it actually sets this as the Plesk password though as I'm getting 1014 errors, but it should work.

 

function actionhook_ShoppingCartCheckout($vars) {
foreach ($vars["Products"] AS $pid) {
        $query = "UPDATE tblhosting SET password=(SELECT password FROM tblclients WHERE tblclients.id=tblhosting.userid) WHERE id='$pid'";
        $result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
}
}

 

Also I'm working on code for the client update action hook to keep the passwords synced and will post that when I have it.

[MACscr]

Didn't see anyone answer this so here goes. I used the following in my shopping action hook to sync up the user password with the Plesk Module password in my setup. I'm guessing it would work as well in Cpanel. I haven't been able to check if it actually sets this as the Plesk password though as I'm getting 1014 errors, but it should work.

 

function actionhook_ShoppingCartCheckout($vars) {
foreach ($vars["Products"] AS $pid) {
        $query = "UPDATE tblhosting SET password=(SELECT password FROM tblclients WHERE tblclients.id=tblhosting.userid) WHERE id='$pid'";
        $result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
}
}

 

Also I'm working on code for the client update action hook to keep the passwords synced and will post that when I have it.

 

But what about clients with multiple products? What about clients that want to have different passwords for each cpanel account since maybe they delegate admin access to people that they dont want access to there billing?

[webarena]

For us and our needs, clients will only have one hosting account per WHMCS account so it's not too much of a worry there. Our main product is a CMS package so when a customer buys a second website with it, it will be added to their existing WHMCS account as well as their existing Plesk account. Not sure how cpanel works as I've not used it so it may need to be adapted as needed.