eNom Extended

[PauGasol]

Thanks i will donate very soon and i hope new versions . Great Work.

[MACscr]

I get the following suhosin error:

May 11 15:10:02 hostname suhosin[12581]: ALERT - configured request variable name length limit exceeded - dropped variable '/home/username/public_html/secure/modules/blah/enom_extended/cron/transfertracking_php' (attacker 'REMOTE_ADDR not set', file 'unknown')

 

Any ideas on what you could change versus having the function whitelisted within suhosin?

[MACscr]

Try turning off the Curl Verify SSL. We had to do that after upgrading to v4. If you click the debug link it should tell you the exact problem.

 

thats odd, why wouldnt curl work after upgrade. I would prefer obviously to use curl when communicating with enom.

[n2972s]

All,

 

On 5/8/2009 eNom updated its' SSL certificate for reseller.enom.com There seem to be a lot of curl installations that are unable to verify this certificate.

 

You will need to turn off "Curl Verify SSL" if you are running into Curl errors or update your ca-bundle.

 

This does not mean that you are not communicated over https it just means that Curl is not verifying the certificate you are communicating with.

 

I will make this default going forward as having Curl verify the validity of the certificate by default seems to be causing more problems than it is worth.

 

Gustave

[n2972s]

Is it possible for the "Compare Domains" utility to query ALL the enom domains and if one matches one in the WHMCS database with NO registrar set, to set it to Enom? I've done a bulk transfer of several dozen domains to Enom and have been keying them into WHMCS, then manually running the enomsync.php code to get all of the dates correct.

 

And then added this to the above menu code to allow me to manually run it on demand...

menu10[9]='<a href="../modules/registrars/enom/enomsync.php" target="_blank">Sync</a>'

 

Possible yes, currently no. I will look into that.

 

I'm noticing that when a transfer fails for invalid epp key, the email is not being sent to the customer.

 

I do have the "Transfer Status Change" option set to yes, and under "Which Ones" the "Canceled - domain validation string is invalid" status is set to send the email. I have a couple domains showing a transfer status of "Canceled - Invalid EPP/authorization key - Please contact current registrar to obtain correct key", but neither of them sent the transfer status update email for that status.

 

Any ideas? Status updates *are* going out for other reasons. I'm still at WHMCS 3.8.2 and Enom Extended 0.3.

 

This was brought up before and the status code for invalid epp key is currently not in the list that I have in there. I plan to add it when I put out another version. Until then when there is an invalid key code returned on a failed transfer no email will be sent.

 

I get the following suhosin error:

 

Any ideas on what you could change versus having the function whitelisted within suhosin?

 

Yes, move that transfertracking.php file to your root folder or somewhere else so the varaible is not so long. It does not have to reside in the cron folder where it currently is.

 

Change your cron line to point to the new location of the file after you move it.

 

Gustave

[robb3369]

Here is how I fixed the eNom curl verification issue...

 

1. SSH into your server
   
2. Run openssl s_client -connect reseller.enom.com:443 |tee certfile
   
3. Type "QUIT", followed by the "ENTER" key
   
4. Edit certfile
   
5. Delete all the lines above "BEGIN CERTIFICATE"
   
6. Delete all the lines below "END CERTIFICATE"
   
7. Save and close certfile
   
8. Run openssl x509 -inform PEM -in certfile -text -out certdata
   
9. Locate your copy of curl-ca-bundle.crt
   
10. Make a backup copy of curl-ca-bundle.crt
    
11. Append certdata to curl-ca-bundle.crt
    
12. Re-enable "Curl Verify SSL"
    
13. Run "Debug" and verify
    

This work for me on my cpanel server... Your mileage may verify...

[fetish-hosting]

This is a convoluted way to solve the problem - why not just switch off curl verify SSL as suggested a couple of posts before by Gustave.

 

But anyway, after logging a ticket with eNom when it first happen, they finally acknowledged that it was a problem and fixed yet late on 12th so it should all now be working as before

 

Ian

[robb3369]

The issue is that curl's Certifcate Authority root bundle file (curl-ca-bundle.crt) doesn't have or know anthing about the Certificate Authority that signed the SSL certificate for reseller.enom.com... That is the reason that the "Verify SSL" failed... That is no different than going to a web site with a self signed SSL certificate and getting an SSL Warning about an "Untrusted Site" in your web browser... While disabling the verification does fix the issue, I'd rather figure out why there was a problem and then fix that specific issue.

 

Here is a link that I used to help resolve my issue:

http://curl.netmirror.org/docs/sslcerts.html

 

Again, the method I used is only one of many... You could just download a new CA Bundle rather than updating your existing one...

http://curl.haxx.se/docs/caextract.html

[keliix06]

Yep, I turned it back on and everything is just fine now.

[rodeoXtreme]

I turned cURL back on and everything is working correctly.

 

Thank you for the information.

[dagdatech]

alright, i feel like an idiot (no comments from peanut gallery please)...

 

I cant, for the life of me, get the transfertracking.php cron working. Everything else with the extended works great but this one thing. Can anyone throw some advice my way please. Here's how its set up:

 

* * * * * php -q /home/pathto/public_html/secure/transfertracking.php /home/pathto/public_html/secure/

 

note that I moved it from the modules directory to shorten the file path (thinking that was causing problems). any help would be much appreciated as I am about ready to tear the last 3 hairs on my head out.

[fetish-hosting]

Hi

 

Is that the actual path that you have used in cron - you did substitute the correct path didnt you ? Sorry to ask but it has been done by plenty of people before !

 

The path length wont make any difference so i would suggest putting it back where it should be and then double checking you have the exact same same path.

 

What is the error that you are getting ?

[dagdatech]

"pathto" is substituted for my cpanel account name...

 

Im not getting any feedback at all from it actually. Its like its not being tripped at all.

[fetish-hosting]

OK - had to ask though !

 

Another (maybe) silly question - what output are you expecting ? Do you have domains that are currently being transferred with Enom. I believe this script only sends out emails when it detects a change of status in the transfer.

[dagdatech]

no problem, i understand there are folks out there that put the "path/to/file" in their file path. Cant say that I havent done it before either ;-)

 

Im expecting the script to update tracking status. I have a domain name that I initiated the transfer for (as I have done with others, which have successfully transferred through WHMCS but not been successfully tracked). When i goto the pending transfers status area, it shows nothing when in reality, I do have a domain name currently in the beginnings of the process. It seems to me that the cron file is simply not executing. Nor is it spitting out any error codes (when I put my email address for reporting purposes in the Cpanel cron area).... hmmm corrupt transfertracking.php ???

[sgrayban]

Why has this addon never been verified as *safe* by Matt if he helped with getting it coded and working ?

 

To all that use this addon it is a HUGE security risk since you are entering your eNom username and password here and *IF* this addon calls home(notifies the developer) with any information you enter he/she can use it for illegal means. Since all the files are encoded no one can verify anything.

 

If I was to get this addon and use it I would certainly get it decoded before I installed. It's just security issue that would warrant this type of reverse engineering.

[n2972s]

Why has this addon never been verified as *safe* by Matt if he helped with getting it coded and working ?

 

To all that use this addon it is a HUGE security risk since you are entering your eNom username and password here and *IF* this addon calls home(notifies the developer) with any information you enter he/she can use it for illegal means. Since all the files are encoded no one can verify anything.

 

If I was to get this addon and use it I would certainly get it decoded before I installed. It's just security issue that would warrant this type of reverse engineering.

 

No one helped me code this module.

 

My suggestion to you should be to not use it because I am not going to unencode it just so you can install it.

 

My Thoughts

 

Gustave

[n2972s]

Im expecting the script to update tracking status. I have a domain name that I initiated the transfer for (as I have done with others, which have successfully transferred through WHMCS but not been successfully tracked). When i goto the pending transfers status area, it shows nothing when in reality, I do have a domain name currently in the beginnings of the process. It seems to me that the cron file is simply not executing. Nor is it spitting out any error codes (when I put my email address for reporting purposes in the Cpanel cron area).... hmmm corrupt transfertracking.php ???

 

You should be recieving errors if the transfertracking.php file is corrupt.

 

Does anything happen when you go to the tracking page and click "Update" on the bottom of the page?

 

In order for anything to happen you need to have a transfer in "pending" status within WHMCS, so make sure that the transfer you have in WHMCS is "pending".

 

Also make sure that on the tracking page configuration tab that everything is checked that needs to be checked for what you want it to do.

 

Gustave

[sgrayban]

No one helped me code this module.

 

My suggestion to you should be to not use it because I am not going to unencode it just so you can install it.

 

My Thoughts

 

Gustave

 

If people are going to blindly trust you then they are newbies in the internet world and there own worse enemy. No one should install anything without questioning its authenticity. And since you refuse to prove it doesn't *phone home* I will assume it does and you aren't a person to trust.

[merlinpa1969]

just for the sake of arguments,

do you have whmcs installed? did you reverse engineer it? if not how do you know that its not calling home and giving detailed information on exactly what your doing.

 

also IF you do this right you dont have to enter anything into this module

it will use the information thats stored that whmcs collected......

 

and to call people that use this module newbies is insulting..... you dont know a damn thing about anyone using this......

[merlinpa1969]

just so that I dont offend the dev team here... ( was never my intention )

what about the software you use on your local PC,

how do you know its not calling home... maybe it is, and bill gates has all your bank account numbers and he is syphoning off 1 cent a day from each account

 

Is that how he made his money?

[n2972s]

If people are going to blindly trust you then they are newbies in the internet world and there own worse enemy. No one should install anything without questioning its authenticity. And since you refuse to prove it doesn't *phone home* I will assume it does and you aren't a person to trust.

 

First, nowhere have I stated that I "refuse" to have somebody verify this script. In fact someone I respect has already seen this script decoded but I am not going to force them to stand up here and stake their reputation just so you can feel better.

 

Would you not think that somebody that has used this script already would have complained about something by now?

 

I run a successful web hosting company. Why would I want to deceive people by using this script to steal people’s information from a module in a billing program?

 

Next releases will probably be commercial will that make you feel better if I sold it that way and not provided it for free? ( I have not made up my mind here yet )

 

We are all newbie’s in one form or another but to say that people using WHMCS are "newbie’s" then you would have to wonder what they are doing selling hosting (or whatever they using WHMCS for) to other people.

 

It is your choice to assume whatever you want. I do not know you and you do not know me that is part of the joy of the internet. If people want to be truly safe they would be better off not connecting their PC's to the internet anyway.

 

One again, I am not forcing anybody to use this script. If you are uncomfortable installing the module for any reason then please do not use it.

 

( I would say that will be the last time I mention that but I have a feeling I will have to do it again at some in the future. )

 

Gustave

[sgrayban]

just for the sake of arguments,

do you have whmcs installed? did you reverse engineer it? if not how do you know that its not calling home and giving detailed information on exactly what your doing.

 

also IF you do this right you dont have to enter anything into this module

it will use the information thats stored that whmcs collected......

 

and to call people that use this module newbies is insulting..... you dont know a damn thing about anyone using this......

 

Of course I have WHMCS installed... If any information is stolen because of the core by Matt I have means to go after him for it since we pay for the license. On the other hand you are Joe Blow to me. I don't know if you added anything in the code to call home.

 

And anyone that blindly installs this module without questioning its authenticity and security is a fool. That is how wincrap users get infected by installing stuff they have no clue about. Just point and click. If I offend because I question its security then so be-it but until there is absolute proof that this module is safe I warn anyone to be very careful when installing encoded addons that are free. At least when you pay for it you got means to go after the person selling it.

[sgrayban]

just so that I dont offend the dev team here... ( was never my intention )

what about the software you use on your local PC,

how do you know its not calling home... maybe it is, and bill gates has all your bank account numbers and he is syphoning off 1 cent a day from each account

 

Is that how he made his money?

 

I use linux.... debian lenny to be exact. I wouldn't use wincrap if it was the last OS on earth.

[n2972s]

On the other hand you are Joe Blow to me. I don't know if you added anything in the code to call home.

 

I think that was directed at me, just to not confuse the other poster as I don't want this to get out of control.

 

Points taken, I think we all understand your position and the warning others should take when using software.

 

Gustave