search

pterodactyl / whmcs

WHMCS Module for Pterodactyl (v0.7.3 and higher)
MIT License
185 stars 77 forks source link

Update pterodactyl.php #67

Closed Nickolas00 closed 4 years ago

Nickolas00 commented 4 years ago

Hello everyone,

Sorry for my english.

With those modifications you don't need to send anymore emails to your customers about password setup ...

Every order an user will made the Username & Password will remain the same. Username & Password now is stored in WHMCS + Pterodactyl panel. You can change Username & Password anytime you want, it will update for every service if multiple + Pterodactyl panel.

P.S I saw in some closed pull(s) that is no point to display the password in client area. Well, in my opinion there is nothing wrong in this! i know big hosting platforms and the login credentials are shown in client area.

========
clientarea.tpl
========

<div class="text-left row">
    <div class="col-xs-6">
      <table>
        <tr>
          <td style="padding-right:10px;"><b>Username:</b></td>
          <td><input onClick="this.select();" class="form-control" type="text" value="{$username}"></td>
        </tr>
        <tr>
          <td><b>Password:</b></td>
          <td><input onClick="this.select();" class="form-control" type="text" value="{$password}"></td>
        </tr>
      </table>
        <p></p>
        <a target="_blank" href="{$serviceurl}" class="btn btn-block btn-success">Go to Panel</a>
    </div>
</div>

Thank you.

Cheers, Nickolas.

matthewpi commented 4 years ago

Do you understand that user passwords should never be stored in plain text or even encrypted? Passwords should either be stored as a hash or not at all. Also your reasoning saying that "big hosting companies do this" worries me that you are blindly following bad practices without having any knowledge about proper and secure procedures.

TrixterTheTux commented 4 years ago

As Matthew mentions above, there's no good reason to store the password the way you want to and I don't want the module to use insecure behavior by default.

Additionally, this behavior was implemented for a reason because WHMCS' per-service username/password concept makes absolutely no sense for Pterodactyl. As service is assigned to a single user, having multiple services with different usernames/passwords will just cause confusion for the customer ordering the service. Attempting to keep all of the services' data synced is impossible (due to not being able to detect these events, and password is hashed) and doesn't really solve the problem that it's dangerous to store plaintext/decryptable passwords for other users' accounts in the first place.

I also don't really see the reason to change the username/server name generation, as now it doesn't guarantee unique usernames possibly leading to conflicts with other already existing users in the panel.