Showing posts with label whmcs. Show all posts
Showing posts with label whmcs. Show all posts

Saturday, May 20, 2017

Billing systems development now available

Good news for current and future clients of Josh Wieder Technical Consulting: customers can now retain a variety of unique services related to popular hosting billing platforms Ubersmith & WHMCS, many of which are not available anywhere else.

The services we are now able to offer include:

     - Automated per-minute DID usage billing integration for Vitelity VOIP resellers for both Ubersmith & WHMCS.

    - Credit card number and profile migration services to and from WHMCS. We are capable of decrypting CC data stored in WHMCS for you and facilitating migration to a token-based payment verification system (such as Authorize.Net CIM) that can improve your compliance with PCI standards.

    - PayPal subscription migration services to, from and between WHMCS & Ubersmith.

    - Authorize.Net CIM profile migration services.

    - Custom development of Authorize.Net & PayPal gateways for WHMCS for extending a variety of functions, for example:
                - Provide support in WHMCS for multiple Authorize.Net and/or PayPal accounts
                - FULL support for Instant Payment Notifications
                - Automatic generation of support tickets, email notifications and/or SMS gateway
                   notifications on payment gateway errors

     - Integration of WHMCS or Ubersmith shopping carts with existing client web properties. We can match the "look & feel" of your existing website with an up-to-date shopping cart without breaking regular update functionality that will keep your cart & payment software secure.

     - Individualized solutions to meet your project requirements.

Contact Josh Wieder Technical Consulting today to discuss how we can make your billing & hosting automation software more secure, effective and profitable.

Tuesday, December 13, 2016

How to Authenticate WHMCS Admin Users with PHP

Over the past few days I've been working on a project that involved building an authentication mechanism for a new website which checks user logins against a WHMCS admin database. There are a variety of options for authenticating normal, non-admin WHMCS users: on the easy side of things, you can simply use the WHMCS API's validatelogin() call, or for a more advanced project its possible to implement OAuth within your WHMCS instance. For my project, neither LDAP nor Active Directory were options.

I was surprised to find that the WHMCS API did not contain a mechanism for authenticating admin users. I'm somewhat sympathetic given the security implications: WHMCS is a billing application and it should not be used to provide a sortof infrastructure authentication backbone, particularly given the many much more mature options available for this sort of thing. With that said, this project wasn't about looking to turn WHMCS into LDAP ... it was about allowing WHMCS admin to authenticate into a custom application that was directly and inextricably linked to WHMCS functionality.

When I came up empty on the API front I started Googling for a reasonable alternative, and I found a small number of other options. I became interested in the idea of building my own WHMCS API function to take care of this, but I still needed to take care of the authentication mechanism itself. WHMCS has a page in its documentation that describes in general terms how Admin passwords are hashed, and this page even contains PHP code samples that purport to allow you to auth admin user:password combinations. There are two samples; the first sample demonstrates how to use the WHMCS\Auth namespace and the comparePasswords() function, like so:

use WHMCS\Auth;
$authAdmin = new Auth;
if ($authAdmin->getInfobyUsername($username) && $authAdmin->comparePassword($password)) {
    $isValid = true;
} else {
    $isValid = false;

Pretty straightforward; and this sample works as far as it goes. However, WHMCS provides a second, more thorough example demonstrating how to use the function within a form. You can download a ZIP fie containing this sample here. Unfortunately, this second snippet is broken in a number of places. This second example provides a single file that contains an HTML form with some javascript to display a popup notification when an authentication failure occurs, and a PHP script that takes care of the password comparison. It is the PHP that has problems. I found a variety of fatal errors which made the example unusual: the WHMCS\Auth namespace was called in the wrong scope, the include for the WHMCS init Autoloader is called within a function in such a way that it remains unavailable for other functions, the example uses a class - WHMCS_Auth - which does not exist ... it took a little while for me to sort them out.

Anyway, I found the experience irksome enough that I posted a corrected version of the WHMCS Admin authentication script in a Github repo so that no one else will have to deal with this in the future. I've tested my new version in WHMCS 6.3.1; no guarantees for the latest version 7 at this time, but I can guarantee that WHMCS' example won't work in 7.

I hope it helps!

Tuesday, July 19, 2016

Can the WHMCS API retrieve Product Bundle information?

    Recent versions of WHMCS introduce a feature called "Product Bundles". The idea is simple - a single link combines a number of products, possibly with a specific set of Configurable Options. These combinations can then be assigned discounts unique to that Bundle.
    This comes in handy for a variety of different scenarios, for example in WHMCS instances where multiple brands are in play and you want to run a sale on a single brand that is still sold on other sites.     I recently encountered a situation that involved integrating a pre-existing pricing form within a CMS platform (think Joomla/Wordpress/Drupal/etc) with an order form and series of products with WHMCS. Not only did the signup buttons on the CMS page for each product need to connect to the corresponding WHMCS order form page, but pricing and product details on the CMS page needed to be generated dynamically from information stored in WHMCS, because updating two platforms to make simple price changes sucks and invites user error.
    The easiest way to do this would be to setup an individual product within WHMCS for each product on the CMS page, use the product link generated for the product upon creation in WHMCS and the `Get_Products` WHMCS API call to generate the product details.
    Ultimately this approach proved problematic in my case. Each product on the CMS represented a preset of Configurable Options, but customers needed to be able to easily upgrade these options either during a purchase or after the purchase. I also wanted to be able to easily pipe these configurable options as input to third party modules and custom scripts that would be used to automatically deploy the products based on customer selections (think automatically handling routing based on how many IP addresses a customer buys). Plus, all of these options were part of the primary product and wouldn't make sense to bill them independently like WHMCS' Add-On products.
    I quickly encountered a problem. The `Get_Products` WHMCS API call only allows developers to filter results by Product ID number ("pid") and Product Group ID number ("gid"). This was unacceptable - in order for me to return results by Product Bundle, I needed to search by Bundle ID ("bid"). It became apparent that there was no simple existing method within WHMCS to accomplish this. So, I wrote my own.
    Googling around I noticed I am not the only person who has needed to accomplish something similar, so I am posting the results here in the hope that it can help save someone else a few minutes of irritation or even having people needlessly create a bunch of different products.
    The example I have posted here produces results in json, but it can be pretty easily modified to generate xml instead. Its been tested thoroughly in WHMCS v6.3. The data can be imported into Wordpress using this guide or into Drupal using this guide (requires Views 3 or above & Views JSON Query).

NSA Leak Bust Points to State Surveillance Deal with Printing Firms

Earlier this week a young government contractor named Reality Winner was accused by police of leaking an internal NSA document to news outle...