Jump to content

Api password encryption does not match password in database

diondev

By diondev
in Developer Corner

 Share

Recommended Posts

diondev Junior Member

diondev

Posted
Posted (edited)

I've already searched the forums for this, and no one has been answered in regards to this issue.

 

My problem is that I am using the API to encrypt a password, because I am trying to integrate a login with WHMCS.

 

The problem is that the API password encryption produces an entirely different hash than the password in the database. I KNOW they are the exact same password because I was the one who registered the WHMCS account with the password, and I am the one who is entering it in my custom API login field.

 

Heres my code:

 

$lemail = $_POST['email'];
$lpassword = $_POST['password'];

$sql = mysql_query("select * from tblclients where email='$lemail'");

while ($row = mysql_fetch_assoc($sql))
{
 $cpassword = $row['password'];
}

$url = "http://clients.mysite.com/includes/api.php"; # URL to WHMCS API file
$username = "test123"; # Admin username goes here
$password = "pass123"; # Admin password goes here

$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "encryptpassword";
$postfields["password2"] = $lpassword;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);

$data = explode(";",$data);
foreach ($data AS $temp) {
 $temp = explode("=",$temp);
 $results[$temp[0]] = $temp[1];
}

$epassword = $results["password"];

 

$epassword (the password encrypted via the API) DOES NOT EQUAL $cpassword (the password retreived from the database).

Edited by diondev
0
Link to comment
Share on other sites
  • 1 year later...
Guest

Guest

Posted
Posted

You ever find the solution for this problem, i'm having the same issue....

 

 

I've already searched the forums for this, and no one has been answered in regards to this issue.

 

My problem is that I am using the API to encrypt a password, because I am trying to integrate a login with WHMCS.

 

The problem is that the API password encryption produces an entirely different hash than the password in the database. I KNOW they are the exact same password because I was the one who registered the WHMCS account with the password, and I am the one who is entering it in my custom API login field.

 

Heres my code:

 

$lemail = $_POST['email'];
$lpassword = $_POST['password'];

$sql = mysql_query("select * from tblclients where email='$lemail'");

while ($row = mysql_fetch_assoc($sql))
{
 $cpassword = $row['password'];
}

$url = "http://clients.mysite.com/includes/api.php"; # URL to WHMCS API file
$username = "test123"; # Admin username goes here
$password = "pass123"; # Admin password goes here

$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "encryptpassword";
$postfields["password2"] = $lpassword;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);

$data = explode(";",$data);
foreach ($data AS $temp) {
 $temp = explode("=",$temp);
 $results[$temp[0]] = $temp[1];
}

$epassword = $results["password"];

 

$epassword (the password encrypted via the API) DOES NOT EQUAL $cpassword (the password retreived from the database).

0
Link to comment
Share on other sites
tomdchi Senior Member

tomdchi

Posted
Posted

You should try the method as shown here http://wiki.whmcs.com/API:Get_Clients_Password

 

It will return the clients encrypted password with the salt on the end. Separate the password from the salt with explode (i am assuming you know how to code php). 

 
$passarray = explode(':', $valuefromapi);
$passindb = $passarray[0];
$salt = $passarray[1];

 

Then you would md5 the submited password in the format shown in the wiki and use the result for comparison.

The wiki shows that md5(salt.pw):salt is the format the password (from the database) is in. So you would concatenate the salt with the password and md5 it.

 

$passforcomparison = md5($salt . $passsubmitedfromform);

0
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Matt at WHMCS gave me the answer i was looking for. The MB4 importer uses the old style encryption and not the md5(salt . pass):salt method... thanks.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept