Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-3325

Import Manager: Add support for modern WHMCS password hashes

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.9.0-b1
    • Component/s: Plugins
    • Labels:
      None

      Description

      WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.

      This was done by updating /config/blesta.php and changing the following:

      Configure::set("Blesta.auth_legacy_passwords", true);
      Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5");

      So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something.

      See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same.

      See also https://www.ndchost.com/wiki/software/whmcs/client-password-hash for an overview and example.

        Activity

          People

          • Assignee:
            jonathan Jonathan Reissmueller
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              31/Mar/20

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 1 hour, 20 minutes
              1h 20m

                Agile