در لینک میتونید ببینید
---------- Post added at 08:50 PM ---------- Previous post was at 08:43 PM ----------
Please pay more attention to security of your clinets.
You have a usefull feature called API , there is a big bug on it.
You have restereced api access to IPs that registered on control panel. but if a user have password of API he can login to panel from web and add his IP to list.
and how a user can lose their domains ?
Consider user enabled api on his script like WHMCS , or a simple api he wrote. he hosted his script on a shared host that is not 100% secure (nothing is 100% secure in web) . if someone can read his config file and access to his api password he can login to control panel and change email and password and move all user domains to another panel (or registrar) in 1 hour.
My suggestion is to use another password for API access that have limited privilages like register and modify NS and ... , and cannot login and change user password. OR define a new user level like Company Users.