Hi,
i m tring to use the whmcs users to give other services to my clients, buy i cant make work the password encription or decription
Any one know a way to do that?

thanks



PD. Sorrry my english

Hi,
i m tring to use the whmcs users to give other services to my clients, buy i cant make work the password encription or decription
Any one know a way to do that?

thanks



PD. Sorrry my english

some comentary?

Can you explain exactly what you want?

Can you explain exactly what you want?

i want to sincronize the users from whmcs to a custom CMS software.

thks

you can not decode the users clientarea password. the api command is for decoding the serverpanel password.

thanks for reply.
Do you know some way to syncronize the client database whit a custum CMS client database?

thanks in advance

with a custom php script ;) compare the datateables of whmcs with the one of the cms.

whmcs table is "tblclients".
then compare the keys and values of both tables and create add new clients to whmcs. best to do this with whmcs api http://wiki.whmcs.com/API:Add_Client

for syncronizing precheck if the client exists. if exists update ( http://wiki.whmcs.com/API:Update_Client ) else add new client. best primary key for comparing should be the email address.

its a good idea, but the problem come when we need syncronize the passwords, the two passwords are encryped in diferents ways.

Only WHMCS should be storing the passwords. That is how true login sharing is suppose to work. Trying to sync passwords site<->site is not a way I would suggest at all. If people want to change there passwords they should do it in WHMCS not the CMS.

you can not decode the users clientarea password. the api command is for decoding the serverpanel password.

You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.



public function checkWHMCSCredentials($email, $password)
{
if($this->login_conf['whmcs_enc'] == "plain")
{
$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

if($result2['password'] == $password AND $email == $result['email'])
return true;
else
return false;
}
else
{
$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

$password_whmcs = explode(":", $result['password']);
$password_form = md5($password_whmcs[1] . $password);

if($password_whmcs[0] == $password_form AND $email == $result['email'])
return true;
else
return false;
}
}

i need to try this!
tks

You are wrong. Here is a sample function that decrypt's between the old plain passwords and COMPARES the new MD5 passwords in WHMCS.



public function checkWHMCSCredentials($email, $password)
{
if($this->login_conf['whmcs_enc'] == "plain")
{
$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);
$result2 = $this->connectWHMCSAPI("decryptpassword", "password2", $result['password']);

if($result2['password'] == $password AND $email == $result['email'])
return true;
else
return false;
}
else
{
$result = $this->connectWHMCSAPI("getclientsdetails", "email", $email);

$password_whmcs = explode(":", $result['password']);
$password_form = md5($password_whmcs[1] . $password);

if($password_whmcs[0] == $password_form AND $email == $result['email'])
return true;
else
return false;
}
}

Hey, I know that script. ;) I'm affraid it doesn't going to work on that way, but it gives you a little indication how you can realize it. If you can edit the login procedure of the external system, you could just use the WMHCS API to request the email and password and check it.

heh :) I just wanted to prove that it can be done.

If we can't decrypt the passwords, we should at least be able to encrypt them. Otherwise how would we check the entered password against the one that's stored in the WHMCS database?

Just figured it out. Couldn't find it before, but the salt used to encrypt the passwords is attached to the end of the password. This is the format:

md5($salt.$password):$salt

ok good to know. but md5 is still an one way encryption. right?

Yes, md5 is one way, so once the password is stored, it cannot easily be decrytped.

This is what I'm using to check if user's password is correct when they log in to my other system (already existing clients as well as WHMCS clients can now log in):

$enc_password = $data['password'];
$salt = substr($enc_password,-5,5);
if ( md5($salt.$entered_password).":$salt" !== $enc_password )
{
return false;
}
else
{
// do login
}