public function generateToken($type = "form") { $tkval = ($t = $this->getToken()) ? $t : genRandomVal(); $token = sha1($tkval . session_id() . ":whmcscrsf"); if ($type == "plain") { return $token; } if ($type == "link") { return "&token=" . $token; } if ($type == "form") { return "<input type=\"hidden\" name=\"token\" value=\"" . $token . "\" />"; } }
public function setSessionVars($whmcsclass = false) { $_SESSION['adminid'] = $this->getAdminID(); $_SESSION['adminpw'] = $this->generateAdminSessionHash($whmcsclass); conditionally_set_token(genRandomVal()); }
$login_pwd = $data['password']; $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed"))); $data = mysql_fetch_array($result); $login_uid = $data['id']; $language = $data['language']; } if ($login_uid) { $fullhost = gethostbyaddr($remote_ip); update_query("tblclients", array("lastlogin" => "now()", "ip" => $remote_ip, "host" => $fullhost), array("id" => $login_uid)); $_SESSION['uid'] = $login_uid; if ($login_cid) { $_SESSION['cid'] = $login_cid; } $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip(); $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20)); $_SESSION['tkval'] = genRandomVal(); if ($language) { $_SESSION['Language'] = $language; } run_hook("ClientLogin", array("userid" => $login_uid)); $loginsuccess = true; } } } } } } } if (!$istwofa && !$loginsuccess) { if (strpos($gotourl, "?")) { $gotourl .= "&incorrect=true";
private function createWHMCSInstanceID() { $instanceid = genRandomVal(12); $this->set_config("InstanceID", $instanceid); return $instanceid; }
function validateClientLogin($username, $password, $twofadone = false) { global $CONFIG; global $whmcs; if ($username && ($password || $_SESSION['adminid'] || $twofadone)) { } else { return false; } if (isset($_SESSION['uid'])) { unset($_SESSION['uid']); } if (isset($_SESSION['cid'])) { unset($_SESSION['cid']); } if (isset($_SESSION['upw'])) { unset($_SESSION['upw']); } $login_uid = $login_cid = $login_pwd = $loginsharematch = ""; $where = array(); $where['email'] = $username; if (!$_SESSION['adminid']) { $where['status'] = array("sqltype" => "NEQ", "value" => "Closed"); } $result = select_query("tblclients", "", $where); $data = mysql_fetch_array($result); $login_uid = $data['id']; $login_pwd = $data['password']; $language = $data['language']; $authmodule = $data['authmodule']; if (!$login_uid) { $result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => ""))); $data = mysql_fetch_array($result); $login_cid = $data['id']; $login_uid = $data['userid']; $login_pwd = $data['password']; $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed"))); $data = mysql_fetch_array($result); $login_uid = $data['id']; $language = $data['language']; } if (!$login_uid) { $hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password)); foreach ($hookresults as $hookres) { if ($hookres) { $hookid = $hookres['id']; $hookemail = $hookres['email']; if ($hookid) { $result = select_query("tblclients", "", array("id" => $hookid)); } else { $result = select_query("tblclients", "", array("email" => $hookemail)); } $data = mysql_fetch_array($result); $login_uid = $data['id']; if ($login_uid) { $loginsharematch = true; $login_pwd = $data['password']; $language = $data['language']; continue; } if ($hookres['create']) { addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false); return true; } continue; } } } if ($login_uid) { if ($CONFIG['NOMD5']) { $check_pwd = decrypt($login_pwd); } else { $salt = explode(":", $login_pwd); $salt = $salt[1]; $password = generateClientPW($password, $salt); $check_pwd = $login_pwd; } $adminallowedclientlogin = false; if (isset($_SESSION['adminid'])) { $adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120")); } if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) { $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) { $_SESSION['2faverifyc'] = true; $_SESSION['2faclientid'] = $login_uid; $_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme"); return false; } if (!isset($_SESSION['adminid'])) { $fullhost = gethostbyaddr($whmcs->get_user_ip()); update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid)); } $_SESSION['uid'] = $login_uid; if ($login_cid) { $_SESSION['cid'] = $login_cid; } $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip(); $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20)); if (!isset($_SESSION['adminid'])) { set_token(genRandomVal()); } if ($language && !isset($_SESSION['adminid'])) { $_SESSION['Language'] = $language; } run_hook("ClientLogin", array("userid" => $login_uid)); return true; } } if ($login_uid) { logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid); } return false; }