So at my work, we just bought out a couple of other hosting companies, and needed to bring all their customer data from WHMCS into our WHMCS install.
We figured ‘no problems, WHMCS has a merge tool’. Yeah, that didn’t work at all!
So. We sat down and wrote one!
Where things almost came unstuck, was transferring passwords. WHMCS stores all manner of passwords – customer passwords, hosting account passwords, even server passwords. For that matter, they also store credit card details. And they’re all stored Encrypted!
After discovering this helpful class, and mucking about for a few hours working out how they use the hash, I was ready to go! Using it is a breeze. You just need your cc_encryption_hash from your WHMCS configuration.php, and off you go.
1 2 3 4 5 6 7 8 9 |
<?PHP include('hash_crypt.php'); // Encryption hash from WHMCS $cc_encryption_hash='SOmECRAZYLONGHASHROFLCOPTERBBQKTHX'; $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash); $he = new hash_encryption($key); echo $plaintext $he->decrypt('JATa2iUqVdzCkBP5RiyitlQlUiACl8UrpJOeGUJO'); ?> |
If you were to run this code, it would display ‘MyPassword’.
So in my case, transferring between two WHMCS installations, I use a code block like the following:
1 2 3 4 5 6 7 8 9 10 11 |
<?PHP include('hash_crypt.php'); $old_cc_encryption_hash='SOmECRAZYLONGHASHROFLCOPTERBBQKTHX'; $new_cc_encryption_hash='SOMeOtHERLongEnCryptionHashSTRING'; $oldkey = md5 (md5 ($old_cc_encryption_hash)) . md5 ($old_cc_encryption_hash); $newkey = md5 (md5 ($new_cc_encryption_hash)) . md5 ($new_cc_encryption_hash); $he_old = new hash_encryption($oldkey); $he_new = new hash_encryption($newkey); $newpass = $he_new->encrypt($he_old->decrypt($oldpass)); |
Assuming you had the encrypted password from the old system in $oldpass, you will now have the password for the new system in $newpass.
Hopefully this helps someone! Google was no help at all for re-encrypting the password!
Thank you, I just stumbled across your article, facing the same problem. Hopefully it’ll get the problem solved. 🙂
Awesome. Thanks so much for posting this- until now i’ve been using WHMCS’s external API to decrypt() into plaintext and encrypt() again for insertion… One string at a time! Doing it that way is incredibly slow- tens of thousands of http requests which sometimes fail.
This is going to speed things up dramatically!
It’s worth nothing that hash_crypt.php is no longer available
However this file is functionally identical to lib/framework/lib_crypto.php from the smartnet framework at https://sourceforge.net/projects/warp-cms/files/smart-framework/ – however the class name is SmartCryptoCipherHash, not hash_encryption in the smartnet framework
I was able to find a cached page of the original link you posted where the hash_crypt.php class was. Here it is in a pastebin:
http://pastebin.com/RpaFMn6m
Thanks again.