kmm2908 Posted October 23, 2009 Share Posted October 23, 2009 Hi I could be missing something and if I am I apologize, but is there any support or documentation for using the API? I would like to know: * what actions are available * what goto parameters are available * how I can access any of the variables returned after an api action has taken place and loads more. As this is a compiled package it removes the opportunity to reverse engineer and work out answers for myself. SO please can someone point me in the right direction and help. Thank you! 0 Quote Link to comment Share on other sites More sharing options...
openmind Posted October 23, 2009 Share Posted October 23, 2009 Main Documentation: http://wiki.whmcs.com/Main_Page API Documentation: http://wiki.whmcs.com/API 0 Quote Link to comment Share on other sites More sharing options...
battisti Posted October 23, 2009 Share Posted October 23, 2009 Hi I could be missing something and if I am I apologize, but is there any support or documentation for using the API? I would like to know: * what actions are available * what goto parameters are available * how I can access any of the variables returned after an api action has taken place and loads more. As this is a compiled package it removes the opportunity to reverse engineer and work out answers for myself. SO please can someone point me in the right direction and help. Thank you! The API are basic and many fetures need to be implemented manualy, now i'm creating my own API, To start creat i suggest <? $silent = 'true'; include '../dbconnect.php'; include 'functions.php'; $query = ' SELECT * FROM tbladmins WHERE username=\'' . $_POST['username'] . '\' AND password=\'' . $_POST['password'] . '\' AND roleid=\'1\''; $result = mysql_query ($query); $data = mysql_fetch_array ($result); $adminid = $data['id']; if (!$adminid) { echo 'result=error;message=Authentication Failed'; exit (); } switch ($_POST['action']){ case 'youtfunction': 0 Quote Link to comment Share on other sites More sharing options...
Parmee Posted November 15, 2009 Share Posted November 15, 2009 The API are basic and many fetures need to be implemented manualy, now i'm creating my own API, To start creat i suggest <? $silent = 'true'; include '../dbconnect.php'; include 'functions.php'; $query = ' SELECT * FROM tbladmins WHERE username=\'' . $_POST['username'] . '\' AND password=\'' . $_POST['password'] . '\' AND roleid=\'1\''; $result = mysql_query ($query); $data = mysql_fetch_array ($result); $adminid = $data['id']; if (!$adminid) { echo 'result=error;message=Authentication Failed'; exit (); } switch ($_POST['action']){ case 'youtfunction': Hi, I wouldn't recommend using the above, there are 2 fundamental flaws I can see without looking in to it deeply. Firstly, if you provide an incorrect username or password, it will give you an error for using fetch array (unless you hide errors), in any case, you should atleast use a row check before fetching an array. Secondly, if I submitted the username as admin' --' followed by the password of test--, that would create the query: SELECT * FROM tbladmins WHERE username='admin' [i][size="1"]--' AND password='test--'[/size][/i] AND roleid='1' Not a SQL query I would like executing login authentication. Add some security to your queries, otherwise you may aswell give away your MySQL Login details than use an API. Best, 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.