Critical Error
CURL is not installed or is disabled on your server and it is required for WHMCS to run"; exit(); } /* if($whmcs->get_req_var('conntest')) { $whmcsurl = "https://www.whmcs.com/index.php"; $postfields = array( 'curltest' => '1' ); $ip = gethostbyname("licensing28.whmcs.com"); echo "Testing Connection to whmcs.com...
URL resolves to " . $ip . "

"; if($ip != "184.94.192.3" && $ip != "208.74.120.227") { echo "Error: The IP whmcs.com is resolving to the wrong IP. Someone on your server is trying to bypass licensing. You'll need your host to investigate and fix.

"; } $query_string = http_build_query($postfields); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $whmcsurl); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $data = curl_exec($ch); if(curl_error($ch)) { $data = "Curl Error: " . curl_errno($ch) . " - " . curl_error($ch); } else { if(!$data) { $data = "Empty Data Response - Please check CURL Installation"; } } curl_close($ch); echo "Connection Response:

"; exit(); } */ $result = select_query('tblconfiguration', "COUNT(*)", array( 'setting' => 'License' )); $data = mysql_fetch_array($result); if(!$data[0]) { insert_query('tblconfiguration', array( 'setting' => 'License' )); } $licensing->remoteCheck(); if($licensing->getStatus() != 'Active') { redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php"); } if(!$licensing->checkOwnedUpdates()) { redir("licenseerror=version", "licenseerror.php"); } if(isset($_SESSION['adminid']) && !isset($_SESSION['2fabackupcodenew'])) { redir('', "index.php"); } $adminfolder = $whmcs->get_admin_folder_name(); if($CONFIG['AdminForceSSL'] && $whmcs->isSSLAvailable() && !$whmcs->in_ssl()) { $whmcs->redirectSystemSSLURL($whmcs->get_admin_folder_name() . '/' . $whmcs->getCurrentFilename(false)); } $disableadminforgottenpw = $whmcs->get_config('DisableAdminPWReset') ? true : false; $action = $whmcs->get_req_var('action'); $sub = $whmcs->get_req_var('sub'); $incorrect = $whmcs->get_req_var('incorrect'); $logout = $whmcs->get_req_var('logout'); $verificationToken = $whmcs->get_req_var('verify'); if($action && $disableadminforgottenpw) { $action = ''; } echo " WHMCS - Login
\"WHMCS\"
"; $adminid = $msgtitle = $msg = $reset = ''; if($action == 'reset' && !$disableadminforgottenpw && $verificationToken) { $tempStore = new WHMCS_TransientData(); $storedVerificationData = $tempStore->retrieve($verificationToken); if($storedVerificationData && ($userData = json_decode($storedVerificationData, true)) && is_array($userData) && !empty($userData['id']) && !empty($userData['email'])) { $hasher = new WHMCS_Security_Hash_Password(); if($hasher->verify($userData['id'] . $userData['email'], base64_decode($verificationToken))) { $result = select_query('tbladmins', '', array( 'email' => $userData['email'], 'disabled' => '0' )); if($data = mysql_fetch_array($result)) { $adminid = $data['id']; $firstname = $data['firstname']; $lastname = $data['lastname']; $username = $data['username']; $emailaddr = $data['email']; } } } if($adminid) { $auth = new WHMCS_Auth(); $auth->getInfobyID($adminid); $randomPassword = base64_encode(crypt_random_string(16)); if($auth->generateNewPasswordHashAndStore($randomPassword) && $auth->generateNewPasswordHashAndStoreForApi(md5($randomPassword))) { $tempStore->delete($verificationToken); update_query('tbladmins', array( 'loginattempts' => '0' ), array( 'email' => $emailaddr )); $message .= "Dear " . $firstname . ", As requested, your password for the admin area has now been reset. Your new login details are as follows: " . $CONFIG['SystemURL'] . '/' . $adminfolder . "/ Username: " . $username . " Password: " . $randomPassword . "\n" . " You can change your password after login from the My Account section of the admin area."; $subject = "Admin Password Reset Completed"; try { $mail = new WHMCS_Mail($CONFIG['SystemEmailsFromName'], $CONFIG['SystemEmailsFromEmail']); $mail->Subject = $subject; $mail->Body = $message; $mail->AddAddress($emailaddr); if(!$mail->Send()) { $msg = "There was an error sending the email. Please try again."; } else { $msg = "Success! Please check your email for the newly generated password."; logActivity("Password Reset Completed for Admin Username " . $username); } $mail->ClearAddresses(); } catch(phpmailerException $e) { logActivity("Admin Email Sending Failed - PHPMailer Exception - " . $e->getMessage() . " (Subject: " . $subject . ")"); } } else { $msg = "There was an error resetting your password. Please try again."; logActivity("Password Reset Storage Error for Admin Username " . $username); } } else { $msg = "Invalid or Expired Link Followed. Please try again."; } $action = ''; $reset = true; $msgtitle = "Password Reset"; } if(!$action) { if(isset($_SESSION['2faverify'])) { if(isset($_SESSION['2fabackupcodenew'])) { $msgtitle = "Login Successful"; $msg = "Backup Codes are valid once only. It will now be reset."; } else { $msgtitle = "Two Factor Authentication"; $msg = $incorrect ? "The second factor you supplied was incorrect. Please try again." : "Your second factor is required to complete login."; } } else { if($incorrect) { $msgtitle = "Login Failed. Please Try Again."; $msg = "Your IP has been logged and admins notified of this
failed login attempt."; } else { if($logout) { $msgtitle = "Logged Out"; $msg = "You have been successfully logged out."; } else { if($reset) { } else { $msgtitle = "Welcome Back"; $msg = "Please enter your login details below to authenticate."; } } } } echo "
" . $msgtitle . "
" . $msg . "
"; if(isset($_SESSION['2fabackupcodenew'])) { $twofa = new WHMCS_2FA(); if($twofa->setAdminID($_SESSION['2faadminid'])) { $backupcode = $twofa->generateNewBackupCode(); echo "

Your New Backup Code is:

" . $backupcode . "

Write this down on paper and keep it safe.
It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.

"; } else { echo "
An error occurred. Please try again.
"; } } else { if(isset($_SESSION['2faverify'])) { $twofa = new WHMCS_2FA(); if($twofa->setAdminID($_SESSION['2faadminid'])) { if(!$twofa->isActiveAdmins() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if($whmcs->get_req_var('backupcode')) { echo "

Enter Your Backup Code Above to Login

"; } else { $challenge = $twofa->moduleCall('challenge'); if($challenge) { echo "
" . $challenge . "

Can't Access Your 2nd Factor Device? Login using Backup Code

"; } else { echo "
Bad 2 Factor Auth Module. Please contact support.
"; } } } else { echo "
An error occurred. Please try again.
"; } } else { echo "
Username
Password
 
Language:
"; } } } else { if($action == 'reset' && !$disableadminforgottenpw) { $email = $whmcs->get_req_var('email'); echo "
"; if($sub == 'send') { $result = select_query('tbladmins', '', array( 'email' => $email )); $data = mysql_fetch_array($result); $adminid = $data['id']; $firstname = $data['firstname']; $lastname = $data['lastname']; $username = $data['username']; $emailaddr = $data['email']; $disabled = $data['disabled']; if($disabled == 1) { echo "Administrator Disabled
Your Administrative account has been disabled.
"; } else { if(!$adminid || $emailaddr != $email) { logActivity("Admin Password Reset Attempted for invalid Email: " . $email); echo "Email Address Not Found
Your IP has been logged and admins notified of this
failed reset attempt."; } else { $hasher = new WHMCS_Security_Hash_Password(); $verificationToken = base64_encode($hasher->hash($adminid . $emailaddr)); $tempStore = new WHMCS_TransientData(); $tempStore->store($verificationToken, json_encode(array( 'id' => $adminid, 'email' => $emailaddr )), 1800); $url = $CONFIG['SystemSSLURL'] ? $CONFIG['SystemSSLURL'] : $CONFIG['SystemURL']; $url .= '/' . $adminfolder . "/login.php?action=reset&verify=" . $verificationToken; $message = "Dear " . $firstname . ", A request was recently made to reset the password for admin username '" . $username . "'. To confirm the request and complete the reset process, simply visit the url below: " . $url . "\n" . " This link will only be valid for the next 30 minutes so if you didn't request this reset, you can simply ignore this email. " . $CONFIG['SystemURL'] . '/' . $adminfolder . '/'; $subject = "Admin Password Reset Request"; try { $mail = new WHMCS_Mail($CONFIG['SystemEmailsFromName'], $CONFIG['SystemEmailsFromEmail']); $mail->Subject = $subject; $mail->Body = $message; $mail->AddAddress($email); if(!$mail->Send()) { echo "Password Reset
There was an error sending the email. Please try again."; } else { echo "Password Reset
Success! Please check your email for the next step..."; logActivity("Password Reset Initiated for Admin Username " . $username); } $mail->ClearAddresses(); } catch(phpmailerException $e) { logActivity($subject . " Sending Failed - PHPMailer Exception - " . $e->getMessage() . " (Subject: " . $subject . ")", 'none'); } } } } else { echo "Password Reset
Enter your email address below to begin the process"; } echo "
Email
 
"; } } echo "
IP Logged: "; echo $remote_ip; echo " Powered by WHMCS
"; if($CONFIG['SystemSSLURL'] && !$CONFIG['AdminForceSSL']) { echo "Secure SSL Access"; } if(!$disableadminforgottenpw) { if($CONFIG['SystemSSLURL'] && !$CONFIG['AdminForceSSL']) { echo " | "; } echo "Forgot your password?"; } echo "
";