mauriciogofas · July 27, 2019 03:52
diff --git a/auth.php b/auth.php
 <?php
 /**
 * Auto Login Hash Merge Tag Email Template ( Versão resumida )
 * @author     Mauricio Gofas | gofas.net
 * @copyright  Copyright (c) 2016 https://gofas.net
 */
 
 // Modelo de URL para colar no template de email:
 // {$whmcs_url}auth.php?email={$client_email}&hash={$hash}&whmcsurl={$whmcs_url}&goto=viewinvoice.php?id={$invoice_id}
 $autoauthkey = "xxxxx_autoauthkey_xxxxx"; // chave igual à inserida no arquivo /configuration.php
 $secret_key =  "xxxxx_secret_key_xxxx"; // chave igual à inserida no arquivo /includes/hooks/gofas_hash_email.php
 $whmcsurl = $_GET["whmcsurl"].'dologin.php';
 if (md5($_GET['email'].$secret_key) != $_GET['hash']){ // Confere se o hash é válido
 die('Hash inválido. Admin: verifique o formato da tag do template de e-mail, as credenciais e os dados do cliente.'); // Morre se o hash é Inválido
 } 
 // Continua a execução do script e permite o acesso se o hash é válido 
 $email		= $_GET['email'];
 $timestamp	= time();
 $goto		= $_GET["goto"];
 $hash		= sha1($email.$timestamp.$autoauthkey);
 $url		= $whmcsurl."?email=$email&timestamp=$timestamp&hash=$hash&goto=".urlencode($goto);
 header("Location: $url");
 exit;
 ?>
diff --git a/gofas_hash_email.php b/gofas_hash_email.php
 <?php
 /**
 * Auto Login Hash Merge Tag Email Template ( Versão resumida )
 * @author     Mauricio Gofas | gofas.net
 * @copyright  Copyright (c) 2016 https://gofas.net
 */
 if (!defined('WHMCS')) die('This file cannot be accessed directly');
 function gofas_hash_email_template($vars) {
 	$whmcsAdmin							= 1;
 	$invoiceID							= $vars['relid'];
 	$getinvoice							= 'getinvoice';
 	$getinvoiceid['invoiceid']			= $invoiceID;
 	$GetInvoiceResults					= localAPI($getinvoice,$getinvoiceid,$whmcsAdmin);
 	$userID								= $GetInvoiceResults['userid'];
 	$getClient							= 'getclientsdetails';
 	$getClientValues['clientid']		= $userID;
 	$getClientValues['stats']			= true;
 	$getClientValues['responsetype']	= 'json';
 	$getClientResults					= localAPI($getClient,$getClientValues,$whmcsAdmin);
 	$secret_key							= 'xxxxx_secret_key_xxxx'; // chave igual à inserida no /auth.php
 	$merge_fields = array();
 	$merge_fields['hash']				= md5($getClientResults['client']['email'].$secret_key);
 	return $merge_fields;
 }
 add_hook('EmailPreSend',1,'gofas_hash_email_template');
 ?>
	<?php
	/**
	* Auto Login Hash Merge Tag Email Template ( Versão resumida )
	* @author Mauricio Gofas \| gofas.net
	* @copyright Copyright (c) 2016 https://gofas.net
	*/

	// Modelo de URL para colar no template de email:
	// {$whmcs_url}auth.php?email={$client_email}&hash={$hash}&whmcsurl={$whmcs_url}&goto=viewinvoice.php?id={$invoice_id}
	$autoauthkey = "xxxxx_autoauthkey_xxxxx"; // chave igual à inserida no arquivo /configuration.php
	$secret_key = "xxxxx_secret_key_xxxx"; // chave igual à inserida no arquivo /includes/hooks/gofas_hash_email.php
	$whmcsurl = $_GET["whmcsurl"].'dologin.php';
	if (md5($_GET['email'].$secret_key) != $_GET['hash']){ // Confere se o hash é válido
	die('Hash inválido. Admin: verifique o formato da tag do template de e-mail, as credenciais e os dados do cliente.'); // Morre se o hash é Inválido
	}
	// Continua a execução do script e permite o acesso se o hash é válido
	$email = $_GET['email'];
	$timestamp = time();
	$goto = $_GET["goto"];
	$hash = sha1($email.$timestamp.$autoauthkey);
	$url = $whmcsurl."?email=$email&timestamp=$timestamp&hash=$hash&goto=".urlencode($goto);
	header("Location: $url");
	exit;
	?>