Jump to content


Level 2 Member
  • Content count

  • Joined

  • Last visited

  • Days Won


yggdrasil last won the day on November 10

yggdrasil had the most liked content!

Community Reputation

41 Excellent

About yggdrasil

  • Rank
    Level 2 Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. yggdrasil

    Android App

    Well it was working fine for me for years. For some reason now I get errors both on my tablet and phone. When I hit the button Predefined Replies I get: Error An unknown error occurred! If you tell me its working fine I will investigate what changed. Maybe a permission problem on WHMCS or something else. I didn't bothered to check any logs or dig into the issue because since it was happening on 2 different devices I assumed Android or WHMCS broke it, but since you are telling me its working fine I will double check on my side. It seems something is blocking the connection when it tries to pull the predefined replies from the server, tickets and other stuff seem to work fine. Maybe an API permission change. I will try to check later today. WHMCS 7.5.2 + Android 7.0 and Android 9.
  2. yggdrasil

    Switch to HTTPS for admin side

    No, your point is not valid. Nobody has control on what other websites do on the Internet. Some domains in our WHMCS are not hosted with us, we can't do anything if they are not redirected to HTTPS by default. Your logic is that we should contact them and tell them to please redirect to HTTPS so our staff or admin can avoid typing S in the address bar manually? Good luck with that! If I want HTTPS I should request that, not HTTP. Why would I request an insecure protocol when I want the secure one? Second, using HTTP and not redirecting to HTTPS is not a technical issue, it's a choice. Its not incorrectly coded either. Some domains might prefer to stick to HTTP for their own reasons, again, why should I or you or anyone else tell someone how they should manage their websites? You don't seem to realize that we are not talking here about what people do on their websites/server. Some domains might not even resolve because they have no hosting, or some are not redirect to anywhere...and are just dead. This has nothing to do with how websites are setup on a server. You are confusing things. We are talking here about how you open links on the admin side inside WHMCS for customers domains, not how people decide to setup their websites on what ever cloud or service they picked. You also contradict your own point. First you say WHMCS works perfectly fine (using HTTP on links) but then claim it's a technical issue on those sites... Why would you use HTTP and then redirect to HTTPS when you can use HTTPS directly? If you want one protocol, you should request exactly that, not something else and expect a redirection. Redirections have overhead, and they also take longer. Even if all websites in the world use HTTPS tomorrow, it would be really moronic to still link all websites to HTTP instead of HTTPS (because you assume they should redirect). Why would you prefer to have your browser take longer to load a site on every single click? Why would you prefer a web server to redirect first when you can request the correct request from start? Websites redirect to HTTPS because a lot of older software and protocols (just like WHMCS) use to HTTP by default. This is the main reason. It's a temporary fix, not a solution, you are not supposed to stick to redirections in the long run. If you want to go more technical, using HTTP by default means you are connecting with an insecure handshake first, before redirecting to HTTPS. In fact its not even allowed under HSTS anymore which means redirecting from HTTP to HTTPS is completely avoided, you should not even accept HTTP connections at all if you are planning to go that route: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
  3. yggdrasil

    Switch to HTTPS for admin side

    Yes, I understand this is why it should be optional. Maybe a switch on the settings to default links on domains to HTTP or HTTPS (admin choice). While not everyone has switched to HTTPS yet, I would say that the % now is more inclined to HTTPS than HTTP. I personally would prefer to open them in HTTPS now.
  4. yggdrasil

    Switch to HTTPS for admin side

    Did you even read what I posted? I'm talking here about WHMCS and the links you click on WHMCS staff side, not how someone has his website/server configured.
  5. yggdrasil

    Android App

    Is WHMCS going to ever update the Android app? Canned replies don't work anymore on the latest WHMCS updates. I tested this on 2 different Android devices with different Android versions. I'm starting to think they should just pull the Android out of the PlayStore if they are not going to maintain it anymore.
  6. yggdrasil

    Delayed Ticket Reply

    I know nobody from WHMCS is going to read this but I think a nice feature for ticket replies would be a delayed feature. Similar to how Outlook can delay emails. Imagine the scenario on which you reply a sales ticket outside of business hour or a weekend. Instead of the customers receiving the email and ticket reply immediately (could be annoying for some people), you could schedule it to be delayed until a specific time. For example in for Monday at 7:00 AM. You type the ticket reply, hit delay button, set the time/date and click Reply. As far as the staff concerns, the ticket is now replied but the on the customer side, they don't get the reply and email until that specific time. This would allow them to receive it on business hour for example and also give the impression it was replied on business hours while maybe you did it Sunday at 11 PM.
  7. yggdrasil

    Email Notifications Module

    I know and I'm very sorry for that behavior. Ohhh 🤦‍♂️. That is much worse then. Sub-accounts that don't have the proper access permissions to access a specific product from their main account could still access them as the passwords are leaked. I know it's a standard practice to state on emails that customers should change their logins once received by email (since email is not secure either), but lets be realistic. Some people don't and will always just use the defaults that WHMCS creates for them as they find it more comfortable just to log into their services directly from WHMCS.
  8. yggdrasil

    Email Notifications Module

    I know this is off topic but did WHMCS already fixed the bug on which passwords are displayed in the email history? I'm not sure about you guys but that is a no, no in security. Passwords and logins can be viewed by anyone that logs into the customer account from the email history. 😞
  9. Yes but you would sell more, that was my point. Its more likely someone can pay $400 for one API over $1200+ for all of them (most which they are not going to use anyway...) And a new customer is still a new customer. In all cases they are still going to keep paying yearly updates fixes so still a win situation for Modules Garden. I would say that its more likely that someone paying more (non encoded) is more serious than someone buying a cheaper version. Spending more, means they would be more interested to keep their modules patched and with the latest features as well since they already invested more with your company.
  10. The open code version is way to expensive and I'm sure most people don't need all the DNS modules. Why not make an open code version for specific modules only? Example, a cheaper one that only has the cPanel DNS module, or only the PowerDNS module, or only the Amazon, etc. Someone that needs more than one module could purchase them or still get the existing one that comes with everything. I know that most people will not have 10 different DNS services so that would make sense.
  11. yggdrasil

    Switch to HTTPS for admin side

    It would be nice if WHMCS developers decide to switch to HTTPS for all links on domains/urls on the admin side, or at least give us a choice. Its very annoying that when you open a customer domain or another URL it defaults to HTTP only. I understand this comes from legacy code, but since the web is moving towards https only, I see more sites with HTTPS than without it. In particular since most browsers now complain the site is insecure. 'm talking about the links in the admin and customer profile. My installation and site runs only under https for years but opening the www button and other links from the admin interface still does this with http://example.com for customers domains and it forces me to manually edit the url in the browser when some site complaints about the certificate. In most cases I also need to test or debug the https version only so I don't care about opening the HTTP site.
  12. Is this just me or WHMCS allows users to renew domains for over their maximum allowed period? Example, a .com expires in 5 years, and a customer generates a renewal order for 10 years. The renewal fails because it can only be another additional 5 years as the maximum allowed is 10 per the .com registry. Yet the customer already paid the order. Ouch... I don't remember previous WHMCS versions doing this. I might be mistaken but I think WHMCS only allowed someone to select the maximum amount of years in a renewal based on the allowed for that extension. I might be wrong but this is wrong and needs improvements otherwise.
  13. yggdrasil


    You can use the Yubikey in both scenarios actually, as 2FA, Fido, or even storing public keys. I'm actually with you on this. This is why I think for example the implementation on Windows 10 is flawed. Instead of requiring the key + another additional method (like password or fingerprint) you can log in just with the key, still better than just a password but not better than 2 methods. I can see how some people might find this useful but I agree with you on that. Still, for those people its not really more insecure than just using a password because the idea of a hardware key is that you cannot access it. Regular software or spyware can't access the key (I can't vouch how true or false that actually is...), since its hardware based, neither can for example a key logger since there is no password typed on the login process. Also, that setup would be only insecure if you have the key connected to the system at all times. Assuming you take with you and just plug it when required, its still better than 2FA based on software apps like an Android phone because that is software based and can be tampered or intercepted with other sort of software hacks. On Windows the implementation is even more flawed because you don't even need to touch the key, it logs automatically without user intervention. Now, since WHMCS already supports 2FA, for those people using just a password (without 2FA), a single hardware key is still better than a typed software or saved in the browser. If we want to be more picky, the nitro key is even better since its completely open source over the Yubikey which is now proprietary, so several people in the security field have retired its endorsement.
  14. yggdrasil


    It would be great if WHMCS can support FIDO2 login/authentication keys someday. I know it's a new standard but maybe before 2030 would be nice. I think its fair to ask this at least 10 years in advance to give WHMCS developers enough time. I would do it and release it to the open, but I forgot, the code is locked...
  15. For 300 customers, creating a special script or database importer would be more expensive in terms of coding or time than doing it manually. Just open 50 tabs per browser and copy & paste data. For 300 customers it will take you at most 8 hours, and you will be done already than trying to find an automated way which might or not work and you still have to verify and probably fix some fields.

Important Information

By using this site, you agree to our Terms of Use & Guidelines