Jump to content

Add New Contact ?????

nay27uk

By nay27uk
in General Discussion

 Share

Recommended Posts

nay27uk Member

nay27uk

Posted
Posted (edited)

Hi all.

 

when loged into WHMCS as a client from inside the client area details page is a link that says "Add New Contact" what is it for I tried it out and it allows a client to add new contact details but I think this is not good for security as the client can alredy alter thier contact info from their my details page. so what is the point of the "Add New Contact" page and link. why would a client have two diferant names and addresses. or two diferant contact details.

 

Please how can I disable this? I have serched and searched in admin but dont see it anywher to disable it

Edited by nay27uk
0
Link to comment
Share on other sites
nay27uk Member

nay27uk

Posted
  • Author
Posted (edited)
This is for when a customer needs 1 person in their company to look after invoices and another for support etc etc.

 

As far as disabling it, as far as i know the only way is to edit the template files to remove the links

 

Ok thanks for the reply this makes things a lot clearer for me however I still think this is bad for security as a clent can make a bogus contact up then it even gives them the option in my details off making this new bogus contact the default for the account

 

It would be better if they could add a contact and if they wanted the new contact set to default for the account they would need to send a Request to the admin via some sort of "request the adin to make this the default for the account" link .

 

This gives the admin a chance of being able to check the legality of details of the new contact.

 

Even better would be to store any new contact in a PENDING state untill admins confirm it

Edited by nay27uk
0
Link to comment
Share on other sites
nay27uk Member

nay27uk

Posted
  • Author
Posted (edited)
You can already stop users from updating contact fields via the following:

 

Setup -> General -> Other -> Locked Client Profile Fields

 

You should also take a look at http://docs.whmcs.com/Sub-Accounts

 

What your talking about is nothing to do with the ADD NEW CONTACT link, what your talking about just locks the fields you chose from being altered on the MY DETAILS PAGE

 

Perhaps you should read the thread properly and test what I am talking about, before telling someone that somthing can alredy be done, when clearly they are not even talking about the incorect information you post in reply

 

Ok thanks for the reply this makes things a lot clearer for me however I still think this is bad for security as a clent can make a bogus contact up then it even gives them the option in my details off making this new bogus contact the default for the account
Edited by nay27uk
0
Link to comment
Share on other sites
GGWH-James Senior Member

GGWH-James

Posted
Posted (edited)

Sub-accounts aren't the same as the master account owner. What is it that you're worried about exactly? You can set the option to be notified of all changes made to the details changes of the master account owner and/or lock certain fields from being changed from the client-side.

 

A client cannot turn a sub-account into the master owner of the account; at best, they could make a sub-account the default billing contact. However, the master owner's still locked as per any details you've locked in the configuration settings. All orders placed by the master owner or a sub-account are still tied to the single account of the master owner.

 

If you let us know what it is you're worried about happening exactly, perhaps could help.

Edited by GGWH-James
0
Link to comment
Share on other sites
nay27uk Member

nay27uk

Posted
  • Author
Posted (edited)

Thanks james.

 

I alredy know about locking fields from being altered as I alredy have locked out changing of the first and last names.

 

my worries about this are exactly as the quote bellow

 

at best, they could make a sub-account the default billing contact.

 

this is my worry, A client comes along and clicks the ADD NEW CONTACT link, fills the form out with bogus information, then they go to the MY DETAILS page and set this new bogus information as the default billing contact, Hence they are never going to get thier invoices because they filled out a compleatly bogus email, and hence you dont get payed.

 

This could result in them getting X amount of days or months free hosting or whatever you have set as a suspension time.

 

I am not trying to start any arguments or upset anyone I am just being casious and wanted some answers.

Edited by nay27uk
0
Link to comment
Share on other sites
GGWH-James Senior Member

GGWH-James

Posted
Posted
this is my worry, A client comes along and clicks the ADD NEW CONTACT link, fills the form out with bogus information, then they go to the MY DETAILS page and set this new bogus information as the default billing contact, Hence they are never going to get thier invoices because they filled out a compleatly bogus email, and hence you dont get payed.

If they don't pay you, then you don't give them service do you? However, to address the question you have posed; would you simply want to disable the assignment of a default billing contact rather then additional contacts altogether or do you want no support for additional contacts at all?

0
Link to comment
Share on other sites
nay27uk Member

nay27uk

Posted
  • Author
Posted
If they don't pay you, then you don't give them service do you? However, to address the question you have posed; would you simply want to disable the assignment of a default billing contact rather then additional contacts altogether or do you want no support for additional contacts at all?

 

I think the actual aditional contacts is great for the examples you give so just removing the assignment of a default billing contact from the MY DETAILS page would be great

0
Link to comment
Share on other sites
GGWH-James Senior Member

GGWH-James

Posted
Posted
I think the actual aditional contacts is great for the examples you give so just removing the assignment of a default billing contact from the MY DETAILS page would be great

In "templates/portal/clientdetails.tpl", for example, FIND:

  <br />
 <table width="100%" cellspacing="0" cellpadding="0" class="frame">
   <tr>
     <td><table width="100%" border="0" cellpadding="10" cellspacing="0">
         <tr>
           <td width="150" class="fieldarea">{$LANG.defaultbillingcontact}</td>
           <td><select name="billingcid">
               <option value="0">{$LANG.usedefaultcontact}</option>

{foreach key=num item=contact from=$contacts}

               <option value="{$contact.id}"{if $contact.id eq $billingcid} selected="selected"{/if}>{$contact.name}</option>

{/foreach}

             </select></td>
         </tr>
     </table></td>
   </tr>
 </table>

and REPLACE with:

  <input type="hidden" name="billingcid" value="0" />

0
Link to comment
Share on other sites
nay27uk Member

nay27uk

Posted
  • Author
Posted (edited)

thanks james I will do this later.

 

And thanks to damo for trying to help aswell I agree I could have writen my responce a little bit better than it was maybe adding a "Thanks for the help damo but unfortunatly" to the begining of the post, It was very early morning here in the UK and I had been working on the script all day from 8am so by this time my brain had sort of died and I was not thinking about what I was writing, addmitedly from reading it back today it does apear I came across as grumpy.

 

I thank you all for your help on this and as mentioned I am just being causious about this, being as though I dont realy think I will be hosting any large businesses I.E the kind that would have a department for this and department for that, for example Ebay or facebook, those large companys that have departments for this and departments for that also usualy have thier own servers so host thier own sites, the average joe will only usualy host small businesses like a small gardening company for example.

 

So again thanks to all

Edited by nay27uk
0
Link to comment
Share on other sites
  • 7 months later...
paperweight Senior Member

paperweight

Posted
Posted

I am a few days from implementing some of these changes too. I read through the thread and it appears that the way to disable the creation of "Add New Contact" is to remove it form the form of the page.

 

That appears to be a cosmetic change. If a user knows I'm on WHMCS and wants to override the hidden form or inject something, they still can, right? Again, I am still a few days from implementing and testing this, but from what I saw above it appears that this is not a fool-proof method.

 

An alternative that is better would be to have a hardcoded WHMCS function built-in whereby in the main admin area I could put On/Off the ability for users to have a sub account.

 

Does that make sense? I will test this soon~

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept