dgaramond Posted September 22, 2007 Share Posted September 22, 2007 Can I tell WHMCS to *not* show client's password in cleartext, at least for Sales Operators? I know it's already encoded in the database, but what's the point of showing it in Clients Profile page? 0 Quote Link to comment Share on other sites More sharing options...
MACscr Posted September 22, 2007 Share Posted September 22, 2007 I agree, i have always thought it was a bad way. Passwords should never be able to be decrypted in general IMHO. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted September 22, 2007 WHMCS CEO Share Posted September 22, 2007 No, there's no way to do that. Matt 0 Quote Link to comment Share on other sites More sharing options...
dgaramond Posted September 28, 2007 Author Share Posted September 28, 2007 I ended up wrapping clientsprofile.php (the original renamed to clientsprofile.whmcs). The password field is now blank(ed), and when it is submitted blank too then password will not be changed. Ugly, but at least it works for me. Reprinted here in case someone finds it useful. <?php ob_start(); $keep_password = false; if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'savedetails' && $_REQUEST['password'] == '') { $keep_password = true; $res = mysql_query("SELECT password FROM tblclients WHERE id=$_REQUEST[userid]"); list($orig_epassword) = mysql_fetch_row($res); } include "clientsprofile.whmcs"; # if password is not specified when saving details, reset it if ($keep_password) { $res = mysql_query("UPDATE tblclients SET password='$orig_epassword' WHERE id=$_REQUEST[userid]"); } $ct = ob_get_clean(); # don't show password $ct = preg_replace('#(<td align=right>Password</td>.+ name="password" value=").*?(">)#', '$1$2', $ct); echo $ct; ?> 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.