jsemmanuel Posted November 26, 2009 Share Posted November 26, 2009 I am designing a form which can be embeddable in a webpage and will take the customers directly to a server management panel. I want to be able to login to whmcs directly through this. (I tried passing to dologin.php?goto=mypage, but that does not seem to work.) I am now trying to set $_SESSION['loggedinstatus'] = 'true'; $_SESSION['uid'] = $login_uid; $_SESSION['upw'] = $encpwd; I figured out what the first two are for. How do I generate the upw? I know the passwords are stored as md5hash:salt in the database, but on a normal login to whmcs, the upw does not match anything I try. Is the algorithm documented somewhere? 0 Quote Link to comment Share on other sites More sharing options...
Redsign Posted November 26, 2009 Share Posted November 26, 2009 I am designing a form which can be embeddable in a webpage and will take the customers directly to a server management panel. I want to be able to login to whmcs directly through this. (I tried passing to dologin.php?goto=mypage, but that does not seem to work.) I am now trying to set $_SESSION['loggedinstatus'] = 'true'; $_SESSION['uid'] = $login_uid; $_SESSION['upw'] = $encpwd; I figured out what the first two are for. How do I generate the upw? I know the passwords are stored as md5hash:salt in the database, but on a normal login to whmcs, the upw does not match anything I try. Is the algorithm documented somewhere? You have to use the api to encrypt and decrypt password: http://wiki.whmcs.com/API:Encrypt_Password http://wiki.whmcs.com/API:Decrypt_Password (don't think this works now the passwords are irreversible, however you shouldn't need this for what you want) I don't think the salt is available for security reasons. Ben 0 Quote Link to comment Share on other sites More sharing options...
jsemmanuel Posted November 29, 2009 Author Share Posted November 29, 2009 The tblhosting passwords seem to work with the api calls. However the api calls do not generate a hash that matches that which is used by upw. 0 Quote Link to comment Share on other sites More sharing options...
jsemmanuel Posted November 29, 2009 Author Share Posted November 29, 2009 The previous versions 3.x seemed to find the hash from tblclients table and calculate the md5 of that and then use it. Anyone knows how it is done in the latest version 4.x? 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted November 30, 2009 Share Posted November 30, 2009 you can use a proper hook to save the plain userpassword after creating. maybe storing it in additional database. PS: i remember the discussion here - http://forum.whmcs.com/showthread.php?t=21045 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.