Table of Contents

WHMCS - How to generate the upw session variable

Version 5.1.2 or newer

As of version 5.1.2 WHMCS added an extra salt bit to the UPW hash and also uses sha1 for the hash. The salt is taken from the CC encryption hash.

<?php

// WHMCS configuration file
require_once('path/to/whmcs/configuration.php');

// DB connection
$dbh = mysql_connect($db_host,$db_username,$db_password) or die('MySQL connection failed');
mysql_select_db($db_name, $dbh) or die('Failed to select whmcs_dbname database');

// Get user info (in this case user id 1)
$query = sprintf("SELECT * FROM `tblclients` WHERE userid = %d", 1);
$result = mysql_query($query, $dbh);
if($result === FALSE) die("Query Failed: " . mysql_error());
$userRow = mysql_fetch_assoc($result);

// Start a session if one hasnt already been started
if(!session_id()) session_start();

// Set Session data
$_SESSION['uid'] = $userRow['id'];
$_SESSION['upw'] = sha1($userRow['id'] . $userRow['password'] . $_SERVER['REMOTE_ADDR'] . substr(sha1($cc_encryption_hash),0,20));

?>

Version 5.0.3 and older

Below is code showing how the upw session variable is generated on a WHMCS install

<?php

// DB connection
$dbh = mysql_connect('localhost','user','pass') or die('MySQL connection failed');
mysql_select_db('whmcs_dbname', $dbh) or die('Failed to select whmcs_dbname database');

// Get user info (in this case user id 1)
$query = sprintf("SELECT * FROM `tblclients` WHERE userid = %d", 1);
$result = mysql_query($query, $dbh);
if($result === FALSE) die("Query Failed: " . mysql_error());
$userRow = mysql_fetch_assoc($result);

// Start a session if one hasnt already been started
if(!session_id()) session_start();

// Set Session data
$_SESSION['uid'] = $userRow['id'];
$_SESSION['upw'] = md5($userRow['id'] . $userRow['password'] . $_SERVER['REMOTE_ADDR']);

?>