uname-r

Hi, We wanted to do the same with whmcs. ...we asked for this during the first beta of a previous version, while features were looking like to be still a little open for this. Matt answered this was out of question. Then i found another solution that does this. We did it. We sold block of hours on our website. ...and few months later : i understood why Matt did not liked that idea. You'll get more money by going on a per hour basis. Also : you need to discuss of a task with a customer anyway before you perform it. If the client have a block of hours, it means he can ask you for everything. The reality is you cannot do everything : there's stuff you don't know : always. There will be projects you won't want to work on : always. The customer don't want to pay 200$ for a 1 hour task, and then leave the remaining cash in a sleeping state in he's account. You'll get more clients by going on a per hour basis : sounds more professional also. We changed this on our side. Better now. Projects are getting more interesting for everyone. Clients are peoples we want to work with only, and they understand better when we ask them for more time, because what they asked takes time . Also : we are having more clients on the development side now than at the time we were selling blocks of time on our website. Most clients won't buy and will go somewhere else just because they don't know how much time they need to buy from you. Also : let's say you go with the idea to sell block of hours to your clients... ...before they purchase a block of time, clients will always ask for an evaluation anyway, so you'll have to tell them exactly how much time they need to purchase, and then they will rush you like hell to complete always in the provided time frame, because they purchased a block of time, so they think they already paid their development. ...if they don't ask for an evaluation, then most of the time it will means they may be clients refused / untrusted by every other developers or with very complicated projects that will take a month to complete while they will be rushing you like hell always to complete within the purchased block of time. Beleive me : chances are you won't want to work like this anymore 1-2 years after you started BUT : if you still want to do it, why not using something like http://www.wbteampro.com/ and ask them to perform some more development on their tool if they don't deliver such feature (did not verified, but i think you should have more chances by going this way). or you may ask http://modulesgarden.com for this. They are nice peoples out there, always willing to give a hand on something. I have discussed a few times with their developers : it's seems pretty easy to work with them, and achieve your goals with whmcs. I won't promote the solution i found to manage this since i didn't like it. Hope that help

Hi, Is there any quick tricks i may not be aware of to invoice a customer for more than 3 years? The thing is this part of whmcs is ioncube encoded, so i'm wondering if there is a way to modify this? We would like to do a promo for clients who are paying their hosting package for more than 3 years. How can i achieve this with whmcs? Any idea? Thank you in advance

That's possible.. ...but just take a look at the whmcs website : they are using wordpress, but they do no seems to share the login between whmcs, wordpress, vbulletin, and the feature request tool Yes, i know : it's nice to have a single sign in, but if there is a security issue with, let's say, a wordpress plugin (that will happen for sure!) then your whmcs will be at risk! whmcs handle your client passwords. don't take any chances, and don't share the login unless you absolutely need to do it. But, if you still want to do this, then go with http://docs.whmcs.com/AutoAuth - - - Updated - - - ...but don't start downloading encrypted wordpress share login plugins : you'll end up with troubles imho and if you do this : don't use any plugins unless you reviewed all their code. I would recomment you to use an iframe if you want to embed into your website - if you start with html. if you know html and css, then you can do very great things with whmcs without having to share the login. ...just match it with your website, and split your website sections into sub-domains. peoples will understand the login to forum.yourdomain.com is different than the login at client.yourdomain.com

Hi, The answer is here : http://forum.whmcs.com/showthread.php?72911-WHMCS-Idera-R1soft-module&goto=newpost No need for a full integration, but instead : just fetch the amount of data transfered, and send an invoice. As far as i can see, you do not seems to be using r1soft already. R1soft have the following users: - admin - resellers - users You can fetch all of the infos, and manage the backups for each of those users through the API. Here is the feature request for this (you will get better results if you want this by voting there for this feature) https://requests.whmcs.com/responses/add-r1soft-cdp-enterprise-server-version-3-with-reseller-features

what's the goal of such module exactly? If you don't know how to edit a htaccess file : why are you doing hosting?

Hi, Possible for you to send us a screenshot of those options without any name, so we can see what are those options? ...have you tried using a default language file? Sometimes, when this happen, it's because there is something missing in the language file. possible? - - - Updated - - - is it the tokens?

Hi, I think you will need to create a session. <?php $url = "http://www.yourdomain.com/whmcs/includes/api.php"; # URL to WHMCS API file $username = "Admin"; # API user username goes here $password = "demo"; # API user password goes here $postfields["username"] = $username; $postfields["password"] = md5($password); $postfields["action"] = "addinvoicepayment"; #action performed by the [[API:Functions]] $postfields["invoiceid"] = "1"; $postfields["transid"] = "TEST"; $postfields["gateway"] = "mailin"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 100); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); $data = curl_exec($ch); curl_close($ch); $data = explode(";",$data); foreach ($data AS $temp) { $temp = explode("=",$temp); $results[$temp[0]] = $temp[1]; } if ($results["result"]=="success") { # Result was OK! } else { # An error occured echo "The following error occured: ".$results["message"]; } ?> ...and then post the domains : http://docs.whmcs.com/API:Register_Domain

I know this post if very old, but i am also looking for the same thing. Someone know how we can post from an external form to the bulk one? Thank you in advance!

I prefer to only disable on a per path basis. Here is a very good documentation about how to manage the rules : http://www.atomicorp.com/wiki/index.php/Mod_security ...but i still think some of those rules should be improved to work better with whmcs... Anyhow, as i mentionned, most of them are now fixed or disabled by id since a long time... ...but i would much prefer to do not exclude some of those i excluded, even if it's only a few paths

Is it working with Idera CDP 3 enterprise or only the version 2?

Someone can provide feedback about this module? Have you tried it?

Bonjour kyrotomia I am also from Québec Don't worry about the 3 decimals. It's ok to round up : our money no longer include penny anyway. Everything is rounded up I would like to point you to this : http://cccd-rcc.org/fr/revendication/notice20120705.asp It say : "Après plusieurs échanges avec des représentants du ministère des Finances, ce dernier a confirmé au CCCD qu'il sera toujours possible pour un détaillant, comme par le passé, d'utiliser des facteurs mathématiques arrondis à deux points décimaux lorsque le système de caisse enregistreuse utilisé ne permet pas de déterminer la TVQ au taux réel de trois décimales (art. 69.3.1L.R.Q., chapitre T-0.1, Loi sur la taxe de vente du Québec). Des modifications seront apportées à l'article 69.3.1 à l'automne afin de clarifier la procédure." so nothing to worry about this. ...peoples are used now to get everything rounded up, and i don't think they will bother about this. Hope that help

bump??!!?? Someone have an idea of what can be done to hide a div if the double factor is enabled? Thank you!

Hi, If i only want to div to appear on the clientarea homepage for users who did not enabled the two factor authentication.... what should i do? I am trying with {if $twofastatus} smarty tag, but this do not work. Thank you!

Hi, I am having many problems setting up mod_security with WHMCS on a Ubuntu server. I was not having any problem with the last branch (whmcs 5.1.x) The same problem seems to happen also on CentOS with the exact same ruleset, from OWASP : http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz Possible for someone who know about mod_security owasp rule set to tell me if i should continue with theses rules, or if there are better ones i should use with whmcs? All of theses are just false positives... I do not want to disable the rules : i want to protect the server with mod_security, so i would like to improve them, or get better rules. ...i am wondering if this one (the first rule below) is related to programing issues with whmcs or if this is something i need to improve on the side of the server config. imho, i think this is related to whmcs : [Tue Mar 26 08:55:40 2013] [error] ModSecurity: Warning. Pattern match "(.*?)=(?i)(?!.*secure.*)(.*$)" at RESPONSE_HEADERS:Set-Cookie. [file "/etc/modsecurity/activated_rules/modsecurity_crs_55_application_defects.conf"] [line "99"] [id "981185"] [msg "AppDefect: Missing Secure Cookie Flag for WHMCSWK3SD9jYz3vn."] [tag "WASCTC/WASC-15"] [tag "MISCONFIGURATION"] [tag "http://websecuritytool.codeplex.com/wikipage?title=Checks#cookie-not-setting-secure-flag"] [hostname " "] [uri " "] [unique_id "UVFii8BfN1wAAGavEAwAAAAG"] I am also getting theses : [Tue Mar 26 09:02:34 2013] [error] [ ] ModSecurity: Rule 7f392f069280 [id "950901"][file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-: (null). [hostname " "] [uri " "] [unique_id "UVFkKsBfN1wAAGgtASkAAAAD"] [Tue Mar 26 17:57:32 2013] [error] [ ] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*){4,}" at ARGS:tos. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "171"] [id "981173"] [rev "2.2.5"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "-privee"] [hostname " "] [uri " "] [unique_id "UVHhi8BfN1wAABvtaiAAAAAF"] [Tue Mar 26 17:53:45 2013] [error] [ ] ModSecurity: Warning. Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:message. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2.2.5"] [msg "SQL Comment Sequence Detected."] [data "---"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname " ] [uri " "] [unique_id "UVHgqcBfN1wAACpadloAAAAH"] [Tue Mar 26 17:37:18 2013] [error] [ ] ModSecurity: Warning. Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:message. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2.2.5"] [msg "SQL Comment Sequence Detected."] [data "7#tab3\\x0d"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname " "] [uri " "] [unique_id "UVHczsBfN1wAACpvgiQAAAAJ"] [Tue Mar 26 17:37:18 2013] [error] [ ] ModSecurity: Warning. Pattern match "\\\\W{4,}" at ARGS:message. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "155"] [id "960024"] [rev "2.2.5"] [msg "SQL Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data ",\\x0d\\x0a\\x0d\\x0a"] [hostname " "] [uri " "] [unique_id "UVHczsBfN1wAACpvgiQAAAAJ"] [Tue Mar 26 17:53:46 2013] [error] [ ] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/modsecurity/activated_rules/modsecurity_crs_60_correlation.conf"] [line "37"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20, SQLi=3, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname " "] [uri " "] [unique_id "UVHgqcBfN1wAACpadloAAAAH"] [Tue Mar 26 12:24:42 2013] [error] [ ] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/etc/modsecurity/activated_rules/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=, XSS=): Common SPAM/Email Harvester crawler"] [hostname " "] [uri " "] [unique_id "UVGTisBfN1wAABb9wN8AAAAH"] Thank you in advance for your assistance on this

Does this module bring any advantage? I don't see the point to be able to login to whmcs / cpanel / facebook / google all at same time. This will simply introduice more security risks into whmcs. Think about the amount of zero day exploits running for those provider! There were security issues with whmcs login recently. i wouldn't touch it anymore!

Is it updated for the most recent whmcs version?

+1 on this! I think with what happened recently (ugnasi), if whmcs open a security department to test the addons + whmcs itself, this will show us they really care about security, and such things won't happen due to whmcs security issues. This injection vulnerability was probably also present on the whmcs website, since they are using their own software on their website. I think whmcs should do something not just in regards to whmcs itself, but also the community addons. Addons should be verified, tested and delivered encrypted with ioncube by whmcs itself, same as Google App Store. I think there are aditional income whmcs can get by offering such value added security trust service to their customers: - for example : i suggest to charge something to add/download some verified versions of addons from/to the whmcs store (it's a great promotion tool for developers, and i am pretty sure some of them would be welling to pay a little to get their modules verified and approved by whmcs, and customers would be willing to pay a little extra to download a verified version, instead of the one available on whmcs website!) . This way, they should get back the money they spent on the security team (or at least, a part of it). This would be a great way to add more trust to the whmcs product. I think this can be benefical for sales and security, for your customers (too many companies are using addons, while they don't know the way their code was written) and whmcs own business website. Thank you for reading

Also : let's say i cancel / delete an invoice : it doesn't seems to reflect on our daily / weekly and yearly stats.

Hi, The income forecast say our current income is amount_a$ and it say our income will be of amount_b$ in 2014. But : the actual income for this year is already amount_b$. What's wrong? Think this feature need some improvements to bring something!

Hi, Here is something that might interrest you i think : http://www.whmcs.com/members/communityaddons.php?action=viewmod&id=83 It's an addon that seems to do what you want. I never tested it, but might be usefull for you! Have a nice day!

If you want to share the login with vbulletin, you can take a look at this module : http://www.whmcs.com/members/communityaddons.php?action=viewmod&id=83 I recommend you vbulletin for this, since it's the best discussion forum cms on the market right now. http://www.vbulletin.com/ That's the forum cms you are using right now on whmcs website I recommend you to use an external forum system. That will only be better! BTW : I don't think this would be very useful. Do you think your customers won't go to your forum because you do not share the login between whmcs and the forum, or because it's not integrated into their customer area? I don't think so! Just take a look at whmcs website. You have 2 different logins, even if there is a hook existing for Vbulletin. Peoples register to the forum and use the 2 different logins. Their forum have lots of success, so there is no need for more integration! On our side we are using Drupal for our forum needs, and it work well with the advanced forum module That's the best we found, and it's fully integrated with the customer comments on blog and knowledgebase / tutorials, or any other feature we add on our website. hope that help!

Hi, Due to restrictions in address format, the registration of .ca domains has never worked for any of our customers through whmcs. (tested with the Namecheap module). For registration to complete, The province should always be in this form : Qc, On, Mb, Sk, etc.. (not the full name : Québec, Ontario, etc...) The postal code should be 6 characters if the country is Canada. But there is no validation in the registration / order form... ...if there is no validation, then the API request should be modified to correspond to the CIRA (Canadian Internet Registration Authority) requirements. They need to enter a valid business adress name and a valid business domain. ... ... ...there are many other fields who have no validation, so the registration cannot pass the Cira verifications. I would recommend WHMCS to test this feature. We are using the Namecheap module to register domains, but i assume you can see the same problems with other modules used to register .ca domains. Also : it's not possible for the customer to change the Canadian Internet Registration Authority contract language, and the contract types. The Namecheap API allow to change the language (i think!).. Hope to see improvements on this soon!