Jump to content

Password Encryption


trag

Recommended Posts

Hey everybody.

 

I'm working on a script to help integrate my WHMCS with my Joomla install.

I already themed my WHMCS properly so that area is all well.

 

The missing key in my application now is checking the user's password.

 

Can anyone tell me what method is used to encrypt passwords which are stored in the WHMCS database (tblclients)? I know it is not MD5.

 

For example:

demo2008 = rSmQp1XMyLmS5H46d7/opnwxeU3UCoGYqIBiiQ==

 

I believe this is the last piece to my puzzle.

 

Thanks for reading!

Link to comment
Share on other sites

I guess I don't have much of a choice whether to use the API or not.

 

This is the code I've modified from the WHMCS Wiki.

Domain/User/Pass/HashedPass changed for security, obviously.

 

$url = "http://www.MYDOMAIN.com/order/includes/api.php"; # URL to WHMCS API file

$username = "MY_WHMCS_ADMIN_USER"; # Admin username goes here
$password = "MY_WHMCS_ADMIN_PASS"; # Admin password goes here
$postfields["username"] = $username;
$postfields["password"] = md5($password);

$postfields["action"] = "encryptpassword";
$postfields["password2"] = "demo2008";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);

$data = explode(";",$data);
foreach ($data AS $temp) {
 $temp = explode("=",$temp);
 $results[$temp[0]] = $temp[1];
}

if ($results["result"]=="success") {
 # Result was OK!
 print_r($results);
} else {
 # An error occured
 echo "The following error occured: ".$results["message"];
}

 

The page will spit out the result:

Array ( [result] => success [password] => MY_HASHED_PASSWORD )

 

Will I have to connect as an Admin every time I run this script?

Not a *huge* problem, but anyways...

When I TRY to run the API script as the user logging in, or if I try to just get the password (say for example the pass is posted data), it gives me Authentication Error.

 

What I want to happen is this:

1. User attempts to login.

2. On fail, report error.

3. On succeed, set MY session variable (since I can't play with ionCube encrypted files :( If I could just see how WHMCS works with sessions, this entire workaround would be irrelevant. )

4. Once they have been authenticated by MY means, THEN I can post the user's login/pass to the REAL dologin.php in whmcs.

5. Result: They have access to their WHMCS Control panel on my site (Joomla!), and on the 'integrated' WHMCS client area.

 

Forgive my ignorance to the API, this is week 1 for playing with WHMCS.

 

Thanks for your time.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated