Jump to content

Decrypt Client Passwords


valorin

Recommended Posts

I am trying to decrypt client passwords with no success.

 

I have tried both the API Function and the decrypt() function in functions.php and both return some weird characters, and not he password.

 

Is there a of decrypting client passwords?

Link to comment
Share on other sites

Yea i would find this a invasion of privacy.

 

Ha!

Go into your WHMCS installation, bring up a random client, and go to the 'Profile' page, and then look for the 'Password' field. By your reasoning, you have just invaded your clients privacy. How do you feel now?

 

We discovered that the admin section lets staff save clients without passwords, and then lets the clients login without passwords...

So in an effort to protect our clients privacy I was trying to implement a script to look for empty passwords, so we could then go through and update them to have a password.

 

As encrypted passwords aren't a static value (i.e. they change each time they are encrypted), it was impossible to check for an empty password without decrypting it first to see if it was empty.

 

So.... can you understand my intentions now?

Link to comment
Share on other sites

I just did it a number of times on our installation, it let me straight in no problems.

We are running the latest version of WHMCS.

 

I was switching the 'Status' between the various options (Active, Inactive, Closed), so maybe that has something to do with it?

 

Edit: Ok, I just saw your "and dont be logged in as admin".. it doesn't appear to work when I logout of admin.

Link to comment
Share on other sites

I have a similar problem...

We found, after Mbill import, that some clients have empty password, so they can't login.

We found 3 clients with this problem, but we don't know if there are more.

It should be nice to find out all these clients and assign them a password befor they try to login with no success.

Is there a way to extract clients with empty password from db?

Thanks a lot

Alessandro

Link to comment
Share on other sites

  • 2 months later...

It does not "remind" of the password. It resets the password to something random.

 

I used to be able to tell clients what their password was over the phone. Now the only way is to reset the password which really makes me mad. It creates more work for me. I really hate this new security "feature."

 

It forces me to store their password elsewhere as well when they signup or change their password so that I can tell them later what it is. I just have to create an extra function in the skin to do what I need to do.

Edited by floyd
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated