In WHMCS user can login with every wrong or right password

259 views Asked by At

I was trying to create a hook to query an external source when a user does not exist:

add_hook("ClientLoginShare",1,"hook_login_user_from_ldap");

Then I removed that piece of code (Now it's the original whmcs without any modifications).

But now whatever password I enter for a user, it logs in! How can this be and what I'm supposed to do?

The records for the users in db seem to be correct and untouched:

email: [email protected]
password: fdc586a75dabee47810667b735a85e25:%cidv
(original password: abc1235)
1

There are 1 answers

0
Mousa On BEST ANSWER

OK, I found out when this occurs. When an admin is logged in at the same session from admin panel, every user with every password can log in from the user panel!

I don't know why this happens, but now at least I can avoid it.