I followed the API documentation to validate a login , which works fine for me.
However, when I set the session variables $_SESSION['uid'] and $_SESSION['upw'] as described there, with the returned userid and passwordhash from the validate login API call, I am not automatically logged in to WHMCS.
Via the forums I found that the passwordhash is (or was once?) computed as follows:
$_SESSION['upw'] = md5($userRow['id'] . $userRow['password'] . $_SERVER['REMOTE_ADDR']);
Because the API is not called from the clients IP but a servers IP, I suppose that this might cause it not to work. However, even if I create the $_SESSION['upw'] hash as described above I am not automatically logged in.
To verify the hashs I obtained the $_SESSION['upw'] variable after a regular login to WHMCS which indeed turns out to be different to the one I am returned by the API call validate login, as well as the manual construction.
Later I discovered AutoAuth . It works for the first page of WHMCS that I enter. However, when I go to other pages of WHMCS the login seems to get lost again.
I even disabled Session IP Checking in the general settings -> security, without success. Also, the timestamp that I use with AutoAuth has the same time as the server time.
Does someone know how this can be succesfully done? Or how I can debug this process in any way in more detail?