WHMCS.Community

You should reinstall the vendor directory for the WHMCS version you are running

Hi everyone, I searched the community first but could not find an exact match for this behavior. I’m trying to determine whether this is expected behavior, a security hardening change, or a possible regression/bug in WHMCS 9.0.4. Environment: - WHMCS version: 9.0.4 - Upgrade path: 9.0.3 to 9.0.4 using the official incremental patch - PHP version: 8.3 - ionCube Loader: 14.4.x - Server module: cPanel/WHM - Client login method involved: Google Sign-In - cPanel/WHM Single Sign-On enabled Issue: After updating to WHMCS 9.0.4, a client reported that the “Login to WHM” / “Login to cPanel” action from the Client Area failed with:   Action Failed Unable to auto-login. Please contact support. Reproduction details: 1. Client logs in to the WHMCS Client Area using Google Sign-In. 2. Client opens the product/service details page for an active cPanel/WHM hosting service. 3. Client clicks the “Login to WHM” or “Login to cPanel” button. 4. WHMCS shows the error above. Expected result: The client should be logged in to WHM/cPanel via SSO. Actual result: The SSO action fails with “Unable to auto-login”. Important details: - This issue appeared to affect only this specific client/user. Other clients with cPanel/WHM services were able to use Client Area SSO normally after the 9.0.4 update. - The affected user was the account owner. - The client account had SSO enabled. - In the database, tblclients.allow_sso = 1. - In tblusers_clients, the affected user had owner = 1 and permissions = NULL, which I understand is normal for the account owner. - Admin-side access/SSO worked. - “Login as Client” from the WHMCS admin area worked. - cPanel API connectivity itself did not appear to be broken. - Other checks did not point to Cloudflare, ModSecurity, tmp path, cPanel API token, or server connectivity. What resolved it: The client usually logged in using Google Sign-In and apparently did not have a local WHMCS password set from the Client Area. After asking the client to define a local WHMCS password, the cPanel/WHM SSO action immediately started working. After that, SSO worked in both scenarios: - when logging in with email + password - when logging in again using Google Sign-In So the local password only had to be set once. After that, Google Sign-In also allowed the cPanel/WHM SSO action to work. Additional checks: - I checked for NULL or empty tblusers.password values and did not find any. - All password fields I checked had bcrypt-style $2y$ prefixes, so checking for NULL/empty passwords does not seem to identify this condition. - I also found a few unrelated clients with allow_sso = 0 and corrected those, but this affected client already had allow_sso = 1. Questions: 1. Is WHMCS 9.0.4 expected to require the account owner to have a local password set before allowing Client Area SSO actions such as cPanel/WHM login? 2. Could this behavior be related to the 9.0.4 Client Area authorization/security hardening? 3. Is this intended behavior, or should it be reported as a bug/regression? 4. Is there a reliable way to identify users who authenticate via Google Sign-In but may not have completed local password setup, if tblusers.password is not NULL/empty? I’m not looking for details about the security issue itself. I’m only trying to confirm whether this new behavior is intentional and how to detect or prevent it for other clients. Thanks.

Version: 5.8.4  Fixed: Email Variable Issue Fixed: Custom Field on checkout Fixed: Custom Field while Printing Fixed: Accept Checkbox placement on product terms Fixed: Expired Quotes Removed: Support for WHMCS V8.12.x Improved: Attachment storage removal

We are excited to announce a new update for the WHMCS GST Addon Module v3.0.0 with major improvements focused on GST reporting, compliance, invoice enhancements, and overall user experience. This release introduces advanced GST reporting capabilities, export summaries, HSN/SAC management improvements, signature support, and a completely refined interface across the module. ✨ What's New in This Release 📊 Advanced GST Reporting Features Added Indian State-wise GSTR-1 Reports for better GST filing and state-level tax reporting. Added Global Export Summary support for foreign/international clients. Added Tax Summary by Tax Type for easier tax analysis and reconciliation. Added HSN/SAC Summary Reports and Credit Notes Summary. 🏷️ HSN/SAC Code Management Added new settings to map HSN/SAC Codes directly with products and services for accurate GST compliance and automated reporting. ✍️ Signature Support Added support for: Manual signature upload Draw signature functionality directly within the module This helps generate more professional invoices and documents. 🎨 Improved UI/UX Experience Refined the layout and user interface across all sections of the addon module. Improved navigation and usability for a smoother experience. 🧾 Invoice & PDF Improvements Refined the View Invoice page design. Enhanced the Invoice PDF Layout with a cleaner and more professional appearance. 🔧 Why Upgrade? This update is designed to simplify GST compliance, improve invoice presentation, and provide more detailed reporting for businesses using WHMCS in India. We highly recommend upgrading to the latest version to take advantage of these new features and improvements. 💬 We’d Love Your Feedback Your feedback helps us continue improving the module. Feel free to share your suggestions, feature requests, or experiences with the latest release. Thank you for choosing our WHMCS GST Addon Module!      

Hi, A client of mine experienced this issue. I opened a ticket and the bug was confirmed. It was suggested to change the PHP version, which wasn't feasible for us, so we updated to the new patch 8.13.3-release.2 instead, and that resolved the issue. Download 8.13.3-release.2 - https://www.whmcs.com/members/dl.php?type=d&id=1949

Frankly, I'm going to stop throwing time at this, though I appreciate your effort. I open the page, hit minimize and it stays minimized on page changes. That will have to do. Loads of effort for a small niggle that WHMCS  could add with little effort, but have no apparent interest in doing.  Giving up, but thanks. 

@bear I did some further testing and I think this is what you want. Curious to hear your feedback. I have 8.13.3 installed. <?php /** * WHMCS Hook: Hide Admin Sidebar by Default (Without Breaking Page Grid Rows) * Compatible with WHMCS 8.13.x and hopefully 9.x Blend Layout */ if (!defined("WHMCS")) { die("This file cannot be accessed directly"); } add_hook('AdminAreaHeaderOutput', 1, function($vars) { if (isset($vars['template']) && (strpos($vars['template'], 'blend') !== false)) { return <<<HTML <script> document.addEventListener("DOMContentLoaded", function() { // 1. Target the native WHMCS minimize button var minBtn = document.getElementById('sidebarClose'); // 2. Target the native WHMCS hidden layout flag class var isAlreadyHidden = document.body.classList.contains('sidebar-hidden'); // 3. If the sidebar is present and not already natively minimized, trigger a native click if (minBtn && !isAlreadyHidden) { // A tiny 10ms timeout lets WHMCS paint its grids first, preventing column row-drops setTimeout(function() { minBtn.click(); }, 10); } }); </script> HTML; } });  

Using blend, that hook doesn't do anything. On first page load, sidebar is open. Why this is not a built in option is baffling.

Hello, since v9 upgrade, when a customer request a cancellation of a service, the item is not removed from the invoice. How to fix?

I'll give that a try, thanks.  I couldn't find this in the docs. Is it really necessary to use AI to figure out hooks in the newer versions?