dgaramond

I see, thanks. I managed to avoid this problem when in step=4 I skip re-entering login information and pressing Submit/Continue, and just enter step=checkout in the address bar. So I guess it is an issue with login and/or session.

Just a suggestion, can we *not* pass password via GET? It will be recorded in web server log, proxy log, browser history, web statistics report, etc.

What exactly is the cause of this error message in order.php, after step=4? Order Failed An error has occured during the processing of your order. Please try again and if the problem persists, please contact us for support. This only happens when I order as an existing user, and not if I order as a new user (which would route me to step=5 and step=6 and finally succeeded).

WHMCS 3.3.0. A new row is inserted even if registration form is not 100% error-free (e.g. the verification image is still wrong). Worse, in those cases, WHMCS inserts duplicate email value even though the configuration says not to allow duplicate email values. Also, sometimes WHMCS *blanks* an existing row. I've experienced this twice. The poor row in the tblclients would suddenly be blank-ed when trying out registrations. Every field value of that row is set to empty/blank except id and datecreated. Though fortunately I haven't been able to reproduce this again. PS: Since I want unique email addresses, I'm turning on the key to the email field.

I ended up wrapping clientsprofile.php (the original renamed to clientsprofile.whmcs). The password field is now blank(ed), and when it is submitted blank too then password will not be changed. Ugly, but at least it works for me. Reprinted here in case someone finds it useful. <?php ob_start(); $keep_password = false; if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'savedetails' && $_REQUEST['password'] == '') { $keep_password = true; $res = mysql_query("SELECT password FROM tblclients WHERE id=$_REQUEST[userid]"); list($orig_epassword) = mysql_fetch_row($res); } include "clientsprofile.whmcs"; # if password is not specified when saving details, reset it if ($keep_password) { $res = mysql_query("UPDATE tblclients SET password='$orig_epassword' WHERE id=$_REQUEST[userid]"); } $ct = ob_get_clean(); # don't show password $ct = preg_replace('#(<td align=right>Password</td>.+ name="password" value=").*?(">)#', '$1$2', $ct); echo $ct; ?>

Can I tell WHMCS to *not* show client's password in cleartext, at least for Sales Operators? I know it's already encoded in the database, but what's the point of showing it in Clients Profile page?

Yes, we need a fine-grained permission setting for administrators. For example, a larger webhosting might have several staffs dedicated to a certain specific task, e.g. cancellation, order processing, account creation, support department/ticket system supervision, etc. without being able to do more than his/her job description.

Can this be done? Currently a support operator seems to be allowed to delete any ticket reply or any ticket in the department(s) that are associated to him/her. There isn't even a log entry recording that the ticket reply/ticket has been deleted. WHMCS 3.2.1