dsmythe

how does WHMCS handle annual signups in monthly income reports? tia! -d

Hmm.. if they are that nuts about it.. then I think I will just remove the password from the welcome email if I can. He does have a point.. If you picked the password, then why send it back to them? if they forget then they can use the forgot password link... I guess... I don't see why people are freaking out about it... is there a global conspiracy I am not aware of? unless the email is intercepted in transit or hackers know your mailbox password... how can it be stolen? And... if it's intercepted on its way to the destination server.. do we have bigger problems? or am I huffing glue?

I had a client complain that their password was send to them in the welcome email in clear text. I know I can edit the template but is this standard behavior for all password related functions such as forgot password? is this something I should worry about? thanks, -d

That does not appear to talk about weather or not you can move the configuration.php file. I want to know if you can move the configuration file specificly... mainly because it seems unsafe to have an encrytpion hash in a file in the webroot. or am I worrying too much? -d

can the "configuration.php" be moved out of the web root? and if not, what else can be done to make sure it is not hacked? TIA -d