Details
Description
WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.
This was done by updating /config/blesta.php and changing the following:
Configure::set("Blesta.auth_legacy_passwords", true);
Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5");
So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something.
See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same.
See also https://www.ndchost.com/wiki/software/whmcs/client-password-hash for an overview and example.
Activity
Field | Original Value | New Value |
---|---|---|
Rank | Ranked higher |
Rank | Ranked lower |
Description |
WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.
This was done by updating /config/blesta.php and changing the following: Configure::set("Blesta.auth_legacy_passwords", true); Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5"); So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something. See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same. |
WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.
This was done by updating /config/blesta.php and changing the following: Configure::set("Blesta.auth_legacy_passwords", true); Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5"); So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something. See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same. See also https://www.ndchost.com/wiki/software/whmcs/client-password-hash for an overview and example. |
Story Points | 3 |
Sprint | 4.9.0 Sprint 1 [ 98 ] |
Rank | Ranked higher |
Sprint | 4.9.0 Sprint 1 [ 98 ] | 4.9.0 Sprint 2 [ 99 ] |
Rank | Ranked lower |
Fix Version/s | 4.9.0-b1 [ 11301 ] |
Remaining Estimate | 0 minutes [ 0 ] | |
Time Spent | 41 minutes [ 2460 ] | |
Worklog Id | 13081 [ 13081 ] |
Assignee | Jonathan Reissmueller [ jonathan ] |
Status | Open [ 1 ] | In Progress [ 3 ] |
Time Spent | 41 minutes [ 2460 ] | 1 hour, 20 minutes [ 4800 ] |
Worklog Id | 13082 [ 13082 ] |
Status | In Progress [ 3 ] | In Review [ 5 ] |
Resolution | Fixed [ 1 ] |
Status | In Review [ 5 ] | Closed [ 6 ] |
Resolution | Fixed [ 1 ] | |
Status | Closed [ 6 ] | Reopened [ 4 ] |
Security | Private [ 10000 ] |
Status | Reopened [ 4 ] | Closed [ 6 ] |
Resolution | Fixed [ 1 ] |
Re-opened to make the issue public.