1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Which billing system do you use?

Discussion in 'Servers and Hosting' started by Licensecart, Mar 21, 2014.

Which billing system do you use?

  1. Blesta

    37.5%
  2. ClientExec

    0 vote(s)
    0.0%
  3. WHMCS

    50.0%
  4. HostBill

    0 vote(s)
    0.0%
  5. BoxBilling

    0 vote(s)
    0.0%
  6. Ubersmith

    0 vote(s)
    0.0%
  7. Other

    12.5%
  1. Licensecart

    Licensecart Certified Distributor

    Totally haha Blesta won't be attacked, because they think like attackers when building it.

    WHMCS wouldn't have had loads of exploits fixed in one update where "WHMCS thanked Blesta for their findings" to be honest I don't see why Paul and the guys wasted their time reporting them to WHMCS. I wouldn't have, why? Because it shows how good your software is and not the competitors.

    Nothing is invincible, but have you seen WHMCS code? (Included only snippets)

    cart.php:
    PHP:
        define'CLIENTAREA'true );
        require( 
    'init.php' );
        require( 
    'includes/orderfunctions.php' );
        require( 
    'includes/domainfunctions.php' );
        require( 
    'includes/whoisfunctions.php' );
        require( 
    'includes/configoptionsfunctions.php' );
        require( 
    'includes/customfieldfunctions.php' );
        require( 
    'includes/clientfunctions.php' );
        require( 
    'includes/invoicefunctions.php' );
        require( 
    'includes/processinvoices.php' );
        require( 
    'includes/gatewayfunctions.php' );
        require( 
    'includes/fraudfunctions.php' );
        require( 
    'includes/modulefunctions.php' );
        require( 
    'includes/ccfunctions.php' );
        require( 
    'includes/cartfunctions.php' );
        
    initialiseClientArea$_LANG['carttitle'], '''<a href="cart.php">' $_LANG['carttitle'] . '</a>' );
        
    checkContactPermission'orders' );
        
    WHMCS_OrderForm;
        new (  );
        
    $orderfrm = ;
        
    $whmcs->get_req_var'a' );
        
    $a = ;
        
    $whmcs->get_req_var'gid' );
        
    $gid = ;
        
    $pid = (int)$whmcs->get_req_var'pid' );
        
    $aid = (int)$whmcs->get_req_var'aid' );
        
    $whmcs->get_req_var'ajax' );
        
    $ajax = ;
        
    $whmcs->get_req_var'sld' );
        
    $sld = ;
        
    $whmcs->get_req_var'tld' );
        
    $tld = ;
        
    $whmcs->get_req_var'domains' );
        
    $domains = ;
        
    $whmcs->get_req_var'step' );
        
    $step = ;
        
    $whmcs->get_config'OrderFormTemplate' );
        
    $orderfrmtpl = ;

        if (!
    isValidforPath$orderfrmtpl )) {
            exit( 
    'Invalid Order Form Template Name' );
        }

        
    $orderconf = array(  );
        
    $orderfrmconfig ROOTDIR '/templates/orderforms/' $orderfrmtpl '/config.php';
    aff.php:
    PHP:
        define'CLIENTAREA'true );
        require( 
    'init.php' );

        if (
    $aff $whmcs->get_req_var'aff' )) {
            
    update_query'tblaffiliates', array( 'visitors' => '+1' ), array( 'id' => $aff ) );
            
    WHMCS_Cookie::set'AffiliateID'$aff'3m' );
        }


        if (
    $pid $whmcs->get_req_var'pid' )) {
            
    redir'a=add&pid=' . (int)$pid'cart.php' );
        }


        if (
    $gid $whmcs->get_req_var'gid' )) {
            
    redir'gid=' . (int)$gid'cart.php' );
        }


        if (
    $whmcs->get_req_var'register' )) {
            
    redir'''register.php' );
        }


        if (
    $whmcs->get_req_var'gocart' )) {
            
    $reqvars '';
            foreach (
    $_GET as $v) {
                
    $k = ;
                
    $reqvars .= $k '=' urlencode$v ) . '&';
            }

            
    redir$reqvars'cart.php' );
        }

        
    header'HTTP/1.1 301 Moved Permanently' );
        
    header'Location: ' $whmcs->get_config'Domain' ), true301 );
    includes/api.php
    PHP:
                if (!$adminid) {
                    
    select_query'tbladmins''loginattempts', array( 'username' => $login_unm ) );
                    
    $result = ;
                    
    mysql_fetch_array$result );
                    
    $data = ;
                    
    $loginattempts $data['loginattempts'] + 1;

                    if (
    '3' <= $loginattempts) {
                        
    mktimedate'H' ), date'i' ) + $CONFIG['InvalidLoginBanLength'], date's' ), date'm' ), date'd' ), date'Y' ) );
                        
    $expire_date = ;
                        
    date'Y-m-d H:i:s'$expire_date );
                        
    $expire_date = ;
                        
    insert_query'tblbannedips', array( 'ip' => $remote_ip'reason' => '3 Invalid API Login Attempts''expires' => $expire_date ) );
                        
    update_query'tbladmins', array( 'loginattempts' => '0' ), array( 'username' => $_POST['username'] ) );
                    }

                    
    update_query'tbladmins', array( 'loginattempts' => '+1' ), array( 'username' => $_POST['username'] ) );
                    
    $apiresults = array( 'result' => 'error''message' => 'Authentication Failed' );
                    
    $allowed false;
                }
    else {
                    
    $_SESSION['adminid'] = $adminid;

                    if (!
    checkPermission'API Access'true )) {
                        
    $apiresults = array( 'result' => 'error''message' => 'Access Denied' );
                        
    $allowed false;
                    }
                }
            }
    And that's from 5.2.7 (Decoded version)

    And Blesta's code is open 99.4% open (Just the licensing files encoded) so if a hacker wanted to, they could see the code without any hassle and exploit it if there was anything.

    The only exploits found have been 3 XSS attacks (And it's been only a year in May since 3.0.0 was out in beta), what has WHMCS had? XSS & MySQL Injection, one company was compromised in a big exploit.

    WHMCS hosted servers with Hostgator, and was comprised by Hostgator's social engineering attack. Blesta own their own servers and co-located.
     
    Last edited by a moderator: Mar 23, 2014
  2. S-Jack

    S-Jack New Member

    If you say so Mike :) + thats nice decoding an encoded file. It won't be 100% accurate though now will it?
     
    • Like Like x 3
  3. Licensecart

    Licensecart Certified Distributor

    Yes it is accurate, because someone decrypted the code using a ioncode decrypter, and released it live, I managed to get it before WHT mods removed the url to download it. You can't decrypt ioncube wrongly.


    https://web.archive.org/web/20131028180519/http://localhost.re/
     
    Last edited by a moderator: Mar 23, 2014
  4. mikho

    mikho New Member

    Right this minute I got an urge to post a troll post with a few questions but I wont since that isn't creative. But it would be fun. :)
     
    • Like Like x 3
  5. sjr2004

    sjr2004 New Member

    Fun is always good.
     
  6. Licensecart

    Licensecart Certified Distributor

    Please :) a nice discussion between the two like these:

    http://www.webhostingtalk.com/showpost.php?p=8898652&postcount=14
    http://www.webhostingtalk.com/showpost.php?p=8885045&postcount=183

    The experts who looked over the Blesta code and found next to nothing, the one Vlad found was the first one, then Cody and the guys found two more admin side which would require a admin permission to even attempt to exploit it.

    Now who would you rather trust with your business? A company which has a history of bad coding, exploited or a company who has been checked by experts and found one flaw, the developers found two inside, know what they are doing, and none of them have been attacked?
     
  7. mikho

    mikho New Member

    I've known Steven from Rack911 for a very long time and consider him a friend of mine and spoken to Vlad on numerous times and I know what he can do when it comes to coding so the issue is not if Blesta is safe or not.

    It's been a long day and to much work have taken away the urge to troll .... perhaps it will come back some day, who knows.
     
  8. Licensecart

    Licensecart Certified Distributor

    aww :( need to feed it more :p haha yeah you probably need more features :) Blesta is going responsive on 3.2.x so that's a bonus.
     
  9. mikho

    mikho New Member

    You can feed it all you want, it won't win me over at this point what so ever.

    Perhaps if you focus on things that Blesta can do that other billing software can't.
     
  10. RebornWebs

    RebornWebs New Member

    I use blesta
     
    • Like Like x 3
  11. leyton

    leyton imagineLayer

    We've made use of WHMCS in the past, and were never really quite happy with it, luckily we'd dropped it by the time localhost.re came around.

    I was part of the Blesta development for version 3, and believe that it's a solid product - but for us, we've been working on an internal solution for some time, that just keeps on growing.
     
    • Like Like x 3
  12. FreeHost

    FreeHost New Member

Share This Page