modx & WHMCS Ajax integration...

I have been working on integrating WHMCS in to MODx and it’s pretty much complete.

I still have some styling to do but the majority of the work is complete. I have developed my own API, PHP, Json, AJAX/MOOTOOLS system that ties both the framework and WHMCS together. You are signed in regardless of which page you browse.

Many functions including the login system, password reset and domain search have been created with AJAX in mind. I have also taken in to account how many attempts are available for trying to login in using AJAX, after 5 attempts you are banned by IP for 5 minutes.

It’s my first attempt at integrating WHMCS with a framework so it would be nice to hear what you guys think. I do have a few things left to do, test etc so it’s not 100% complete.

Click -> RD-Internet.com

Thanks for reading.

very nice integration work.

How did you handle the auto-login between modx and whmcs user db/apps so users don’t notice it? ajax + curl? or something more tightly bound?

Also, your api sounds very interesting. Care to elaborate/detail a bit about that?

Hey wowzow, I wrote my own login snippet that interacts with WHMCS’s own API. When a user’s email and password is sent via Ajax the inputs are checked using cURL. The password is encrypted in the WHMCS database but there’s a hash at the end of each password. I was able to check this hash against the raw input sent by the user, plus I added some salt and validated it against each other.

Once this is confirmed a successful login message is then sent back using JSON, this successful message is received and another small request to access the user’s menu is made and displayed to you.

You can test using
email - [email protected]
pass - test1234

After everything has been validated I add the user to modx session. Since everything is sent to a snippet in modx, values taken through cURL are easily added to the session. There’s no need to add the users to the modx user list or user groups.... pages can still be made private as well for signed in user only.

Even though I have chosen not to bother adding every user to modx, it is easily done.

Also, if you go to the cloud vps page you will see that they are sold out just now... if you were to fill in your details in the overlay, you are added to a database. Once the service is available again, you will be emailed. I might create a notify button for logged in users so they don’t have to add their email again. You are sent a confirmation of the notification request, I’ll add a hash link that can be clicked in the email to have your email removed I guess.

great
maybe question is "how"

Quote from: rossco at May 25, 2010, 07:30 PM

Hey wowzow, I wrote my own login snippet that interacts with WHMCS’s own API. When a user’s email and password is sent via Ajax the inputs are checked using cURL. The password is encrypted in the WHMCS database but there’s a hash at the end of each password. I was able to check this hash against the raw input sent by the user, plus I added some salt and validated it against each other.

Once this is confirmed a successful login message is then sent back using JSON, this successful message is received and another small request to access the user’s menu is made and displayed to you.

You can test using
email - [email protected]
pass - test1234

After everything has been validated I add the user to modx session. Since everything is sent to a snippet in modx, values taken through cURL are easily added to the session. There’s no need to add the users to the modx user list or user groups.... pages can still be made private as well for signed in user only.

Even though I have chosen not to bother adding every user to modx, it is easily done.

Also, if you go to the cloud vps page you will see that they are sold out just now... if you were to fill in your details in the overlay, you are added to a database. Once the service is available again, you will be emailed. I might create a notify button for logged in users so they don’t have to add their email again. You are sent a confirmation of the notification request, I’ll add a hash link that can be clicked in the email to have your email removed I guess.

very nicely done. Im assuming you did this in evolution, not revolution. Either way, well done, and I like the session login logic you have added too.

Im also looking to code a generic reusable modx "login" component or service that will do something similar. Slightly different approach though, as I’d like to make modx to be the main login point, and then auto-pass the credentials and sessions on to multiple other biz apps. CRMs, accounting apps, custom apps, etc. Hopefully as smooth a user experience as yours looks to be.

Thanks for the details.

You think you will create a tutorial for how you did this?