Leaderboard

Hello Everyone, We are currently using WHMCS version 9.0.1 and after upgrading, we have noticed two issues related to invoice management and staff permissions. We would appreciate clarification from the community. Unpaid Invoice Cannot Be Edited When trying to modify an unpaid invoice, the system shows: "This is an Unpaid Invoice. You cannot modify an Invoice that is Unpaid." Previously, we were able to edit unpaid invoices in cases of pricing corrections, tax adjustments, or client-requested changes. We are unable to find any setting that allows editing unpaid invoices in version 9.0.1. Is this now the intended behavior? Is there any supported method to allow editing unpaid invoices without marking them as paid first? Cancel Invoice Permission Requires Delete Permission We assign the "Cancel Invoice" permission to specific employees so they can cancel invoices when there are billing errors or mismatches. The cancel action keeps proper logs and maintains an audit trail, which is important for internal control. However, it appears that the Cancel Invoice permission now requires the Delete Invoice permission to function. This forces us to grant both Cancel and Delete permissions. This creates a concern because if Delete permission is given, staff may delete invoices instead of cancelling them. Deleted invoices do not provide the same level of audit visibility, and it becomes difficult to track what was removed and why. Our requirement is to allow invoice cancellation with proper logging, but not allow invoice deletion. Has anyone else faced this in 9.0.1? Is this expected behavior, or is there a way to separate Cancel and Delete permissions properly? Looking forward to feedback from the community. Thanks in advance.

add this line to your configuration.php it will go back to normal behavior $allow_adminarea_invoice_mutation = true;

And it was...?

Every WHMCS administrator knows the struggle: adding an announcement, writing a knowledgebase article, or placing an image on a product page often requires more effort than it should. Typically, you have to open an FTP client, navigate through folders, upload the file, and then manually copy the URL. This process is time-consuming and disrupts your workflow. To eliminate this overhead, we have developed a simple yet highly functional solution: Media Manager. Zero-Installation Architecture The greatest advantage of this tool is that it requires no module installation or complex configuration. Consisting of a single PHP file (media-manager.php), you simply upload it to your WHMCS admin directory, and it is ready to go. Native WHMCS Security Instead of building a separate security layer, we integrated the tool directly with the WHMCS admin authentication system. This means that no one can access this file without an active administrator session. It doesn't act as a standalone, vulnerable media manager; it functions as a secure part of your existing panel. What Can You Do? The tool provides all the essential features needed for daily management tasks: Maintain organization by creating and deleting folders. Perform fast file uploads and deletions. Rename files on the fly. Copy the direct URL of any uploaded file with a single click. For administrators who frequently add images to knowledgebase articles, the "Login to FTP, find directory, upload file, copy path" cycle is now a thing of the past. How to Get Started There is only one minor adjustment required before use: open the media-manager.php file and replace the "websiteniz.com" placeholder with your own domain name. Once this edit is made, your system is fully prepared. Our goal wasn't to build a massive, complex media library. Instead, we aimed to provide a fast, secure, and practical file management tool within the WHMCS environment. Born out of necessity and tested in the field, this tool is now available for everyone. Github project: Whmcs Media Manager Website: www.megabre.com

Thank you!

Thank you for your reply. I can't attach a screenshot because I don't have permission to edit the topic :) I'll leave it here, you can download and take a look.

Hi Still waiting on the answer, also. I guess I need to open a ticket then

As product manager, I should think he has more pressing responsibilities than this community. Busy with that job, vacation, who knows?

This is what one WHMCS Staff tell me You have the option to make the change to your WHMCS configuration.php file and add the line $allow_adminarea_invoice_mutation = true;, but it is your decision whether to do so. When this line is present in your configuration.php file, the system will permit most of the changes to invoices that existed before WHMCS version 9.0, notably: Line items can be changed for invoices in any status (when in the "Manage" mode and with the correct admin user permissions set). All attributes are available in the Options tab regardless of the invoice status (when in the "Manage" mode and with the correct admin user permissions set). Payments can be applied in the Add Payment tab regardless of the invoice status (with correct admin user permissions set). Please note that using this configuration line ($allow_adminarea_invoice_mutation = true;) in your WHMCS configuration.php The file is highly discouraged, as it may permit changes that are not compliant with regional/country business regulations and complicate accounting. To bring awareness of this, a Warning health check will appear in the System Health Check summary when the value is present in your WHMCS configuration.php file. Additionally, all “full administrators” will see an Admin Warning banner (which can be dismissed up to every fortnight). You may want to add it temporarily if you do need to make the changes listed above, which were changed in WHMCS version 9.0 to improve invoice management and ensure tax compliance by keeping invoice records consistent. If you do not see any warnings or have issues with editing invoices or changing their status when this line is added, please let us know. Starting with WHMCS version 9.0, non-Draft invoices are immutable. This means you cannot edit transactions (now listed under the Ledger section on the invoice), add or remove items, or modify descriptions on an invoice once it’s no longer in the "Draft" status. This change is intended to improve invoice management and ensure tax compliance by keeping invoice records consistent. For more information on invoice management in WHMCS version 9.0, please refer to the following documentation: https://docs.whmcs.com/9-0/billing-and-invoicing/invoice-management/

Stepping back from this specific issue, it does feel like a broader pattern within WHMCS rather than an isolated problem with NexusCart. I do not have insight into WHMCS internal development processes, and this is not intended as criticism of individual contributors, but from a customer and integrator perspective the overall direction can be difficult to follow. Over recent releases, we have seen recurring regressions, incomplete fixes, and features that appear to ship without being fully validated across real world installations. When combined with limited transparency around known issues or roadmaps, it creates the impression of fragmented development and weak internal communication. WHMCS is a mission critical platform for many businesses, so stability, predictable releases, and timely fixes are just as important as new features. At times it feels like significant bugs or long requested improvements are either delayed for extended periods or quietly deprioritized, which makes long term planning and confidence in upgrades challenging.

Growing a business with limited resources is tough, but the right marketing tools can make it much easier. They help you save time, avoid doing the same tasks over and over, and keep everything in one place so you're not constantly jumping between different apps. Think about all the things that go into marketing: setting up a website, posting on social media, sending emails to customers, and keeping track of projects. Doing all of that manually takes a lot of time. But with the right tools,...View the full blog post

Sure thing. Here are some screenshots: 1. Domain Registration page 2. Domain Results page 3. Cart Drawer 4. Shopping Cart page Please do install the Release Candidate and test it out and share your feedback!

it doesn't use an email template and that email is hard-coded internally to WHMCS... two thoughts.. if you are using PHP Mail for your email settings, I think it will show the client's IP in the header - specifically in the X-PHP-Script setting output... I can't recall if the same applies when using SMTP to send. perhaps you could add just jQuery/JS to the form to add the client's IP value to the message string before it sends to WHMCS ? all that said, there's nothing to stop a user hiding their IP by any number of methods - so there's no guarantee that any value you receive for their IP address, by any method, would be accurate.

Hey @pikerr are you sending to a department or to an email address?

WHMCS has always handled fraud orders poorly and inconsistently, and this is even worse now with the strange "immutable" invoice issues. For example, when an order contains a single DOMAIN REGISTRATION, and is marked as fraud, we can set the order back to pending by clicking the set as pending button for the order. This previously set the invoice as "unpaid" and the client could complete the order by paying the invoice. Now the invoice is set as "Payment Pending" and the user is not able to pay the invoice at all. The only way to resolve this is to add the disable immutable invoices hack to configuration.php and then manually set the invoice to "unpaid". Then the client can pay the invoice and the domain is registered. What's an even bigger mess is when an order contains a single DOMAIN TRANSFER, and is marked as fraud. If we set the order back to pending, for whatever reason, the invoice stays as "cancelled" - this was the case even before WHMCS 9 and is still the case now (this is likely a bug). Previously we would just set the invoice to unpaid, then manually pay it (or have the client pay it). However the issue then is that even after the invoice is paid in this case, the domain is never actually transferred - we have always had to handle this step manually. What's even worse now in WHMCS 9.0 with domain transfer orders initially marked as fraud, is when we set the order back to pending, the invoice is still "cancelled" and we can't do anything with it. If we enable the hack in configuration.php to allow us to edit the invoices again, we can set the invoice to "unpaid", but now for some reason it has a "credit note" in it so the total amount owing on the invoice is now $0 and there is no way to actually complete the order. What a complete mess. One truly wonders what they do with all the extra money from the extortionate price increases. TLDR: If you receive a domain transfer order that is initially marked as fraud, there is literally no way to complete the order.