snake Posted January 3, 2014 Share Posted January 3, 2014 It used to be that the welcome email was saved WITHOUT the password for security reasons, as the emails are obviously not encrypted. I have noticed today though that the passwords ARE now being saved in the emails. it this intentional ? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted January 6, 2014 WHMCS Support Manager Share Posted January 6, 2014 Hi, Are you referring to the client signup email or the product welcome email? For the former you need to have the Setup > General Settings > Security tab > Disable MD5 Password option UNticked. I don't believe this was ever the case for the latter. 0 Quote Link to comment Share on other sites More sharing options...
snake Posted January 6, 2014 Author Share Posted January 6, 2014 yes the signup email. this email used to be saved with ****** as the password, so you could not view the password in the email. Bit now it DOES display the password in the stored email. why are you suggesting to Disable MD5 Clients Password, This is not recommended as passwords can be decrypted (Disabling this resets all clients passwords) 0 Quote Link to comment Share on other sites More sharing options...
DennisHermannsen Posted January 6, 2014 Share Posted January 6, 2014 John suggests that you turn it on in case it was disabled 0 Quote Link to comment Share on other sites More sharing options...
snake Posted January 6, 2014 Author Share Posted January 6, 2014 So where do you "turn it on" ? I do not have any option to turn it on under security section, the option relating to MD5 is "Disable MD5 Clients Password" Which implies it is ON by default. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted January 8, 2014 WHMCS Support Manager Share Posted January 8, 2014 Hi, Yes you'd need to disable the MD5 password check if you wanted to display the client area password in the emails. This isn't something we recommend doing, but it's there if you want to display the password in emails. 0 Quote Link to comment Share on other sites More sharing options...
snake Posted January 8, 2014 Author Share Posted January 8, 2014 but I don't want to display the password in the emails, and at no point have I implied that is what I want to do, so I am confused why you are telling me how to do that ? - - - Updated - - - and if you have to turn it off in order for the passwords to be displayed, then how come they are being displayed ? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted January 9, 2014 WHMCS Support Manager Share Posted January 9, 2014 Hi, If you want the client area password to appear in emails as ****** then you would need to leave the MD5 Password option UNticked (ie. the default value). Configured in this way, the only time the password can be seen is in the Client Signup Email as that is sent before the password is encrypted. If you don't want to include the password there either, then you can remove the password merge field from the email template itself. 0 Quote Link to comment Share on other sites More sharing options...
snake Posted February 11, 2014 Author Share Posted February 11, 2014 the MD5 password option is unchecked and always has been, we have *NEVER* disabled md5 encryption. this the point. If I randomly go in and look at some customers welcome emails, some have the password in, some don't if I manually send that email to a customer, it doesn't have the password in it. I do want to be able to re-send the welcome email to customers with their password. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.