https://ndchost.com/wiki/ Mon, 13 Apr 2026 12:02:34 +0000 FeedCreator 1.8 https://ndchost.com/wiki/_media/wiki/logo.png https://ndchost.com/wiki/ https://ndchost.com/wiki/software/whmcs/client-password-hash?rev=1468532327&do=diff WHMCS - client password hash generation WHMCS Versions 6.3.0 and Newer In version 6.3.0 WHMCS changed the method of which they use to hash passwords. Their release notes state that they are now using BCRYPT password hashing. It would appear that WHMCS is now using the password_hash() function provided with php. The following code can be used to generate a valid password to be stored in the DB. anonymous@undisclosed.example.com (Anonymous) Thu, 14 Jul 2016 21:38:47 +0000 https://ndchost.com/wiki/software/whmcs/force-https?rev=1304011525&do=diff Forcing WHMCS to use SSL/HTTPS A problem we found with WHMCS is that it allows client, staff, and admins to log into it using the standard HTTP prefix and does not force them to a SECURE HTTPS URL. Not only that but some areas of WHMCS require you to access them via anonymous@undisclosed.example.com (Anonymous) Thu, 28 Apr 2011 17:25:25 +0000 https://ndchost.com/wiki/software/whmcs/index?rev=1276904920&do=diff WHMCS whmcs index anonymous@undisclosed.example.com (Anonymous) Fri, 18 Jun 2010 23:48:40 +0000 https://ndchost.com/wiki/software/whmcs/mysql-resource?rev=1350660187&do=diff Resource for WHMCS MySQL database connection There may be a time when you need to know the database resource variable for the default WHMCS MySQL connection. This variable is named $whmcsmysql, below is a quick example of how to use it. global $whmcsmysql; $query = sprintf("SELECT * FROM tblclients WHERE id = %d", $_REQUEST['id']); $result = mysql_query($query, $whmcsmysql); if($result === false) die('Query Failed: ' . mysql_error()); $client = mysql_fetch_assoc($result); if(!is_array($clie… anonymous@undisclosed.example.com (Anonymous) Fri, 19 Oct 2012 15:23:07 +0000 https://ndchost.com/wiki/software/whmcs/securing?rev=1419371379&do=diff Securing WHMCS This page has additional steps that one can do to further secure their WHMCS installation. Refer to <http://docs.whmcs.com/Further_Security_Steps> first, then use some of these techniques. Limit Read Access with SuPHP If you're running WHMCS on any server doing virtual hosting (meaning your hosting more than one site on a single server) then you should be running suPHP. SuPHP is an Apache module that changes the uid of the process executing your php scripts to the REAL us… anonymous@undisclosed.example.com (Anonymous) Tue, 23 Dec 2014 21:49:39 +0000 https://ndchost.com/wiki/software/whmcs/session-upw?rev=1408739747&do=diff WHMCS - How to generate the upw session variable Version 5.1.2 or newer As of version 5.1.2 WHMCS added an extra salt bit to the UPW hash and also uses sha1 for the hash. The salt is taken from the CC encryption hash. Version 5.0.3 and older Below is code showing how the upw session variable is generated on a WHMCS install anonymous@undisclosed.example.com (Anonymous) Fri, 22 Aug 2014 20:35:47 +0000