[Request] WHMCS ZNC Module

[365Networks]

Hello everyone, I have a special module I need for auto creation of ZNC accounts. I don't have a exact price in mind, but I have a general idea of what I am looking to pay, I know this is a incredibly easy module, so don't expect too much as I don't expect much either!

Basically,

User orders a ZNC account via WHMCS, the module will 'connect' to a private IRC channel, then message an awaiting bot the username and password the user has put in, in the order forms. This will then create the ZNC account for the user, either the ZNC bot will reply saying it has been activated, or there was an error (usually there is no error at all, other then there is sometimes bad characters in the username or pass, or it is too short/long) ...

I am wondering if this is possible, we will speak more about the details if you are actually interested.

Payment via Bitcoin (not sure how much I have on there), PayPal or eInterac Email Money Transfer (Canadian's with Canadian banks only)

Thanks!

 

[acd]

Not that I endorse selling bncs--they're far too prone to abuse, but have you considered using mysql based auth for znc? The pathway is pretty clear:

WHMCS submits credentials -> mysqldb

user connects -> znc + cyrusauth -> saslauthd PLAIN -> pam + pam_mysql -> mysqldb

saslauth is the poop.

 

[Sajan P]

Or...you'd just connect to the server and send the message to the bot.

Not that I endorse selling bncs--they're far too prone to abuse, but have you considered using mysql based auth for znc? The pathway is pretty clear:

WHMCS submits credentials -> mysqldb

user connects -> znc + cyrusauth -> saslauthd PLAIN -> pam + pam_mysql -> mysqldb

saslauth is the poop.

 

[Aldryic C'boas]

The problem with that approach is that connectivity to the bot may not always be guaranteed - IRCds are very prone to DDoS and other attacks. Not to mention the complications with having to then setup an ACL within said bot to ensure that you're only accepting add commands from the panel - and even then, you have to be careful of someone being clever and spoofing their way in.

Using SQL (or any other DB type) negates this - rather than the bot having to be online, you just have to keep the SQLd online; a much easier task, especially if it's VLAN'd. If the bot happens to be down.. well, the auth records are still there in SQL, and will be read by the bot when it comes back up. Not to mention you'll have a much easier time with management being able to interact directly with an SQLdb.

Either way, it's a simple enough project. If I wasn't busy with Stallion I'd offer a quote.

 

[acd]

I had written an overlong post detailing why I disagree with Sajan but mainly it comes down to these things on top of what Aldryic mentioned:

1. It is easier to write secure php to interface with mysql than to connect to and validate a remote ircd.
2. It is easier to manage logins/password changes/account expiry/etc with mysql than again connecting to remote irc at least twice to query for acct, then update as necessary. You don't need a scheduler or cron job, it just works.
3. If you ever expand to additional servers, you can use the same back end and don't have to worry about connecting to multiple servers to update and sync credentials, they are already centralized on relatively dependable storage.

To be perfectly honest, I hadn't even considered the attack target potential for the ZNCs, which is certainly high.

best regards,

-tw