Client Signup Email shows *********** to end user

[krt463]

Hello, Earlier today when Client Signup Emails where sent, the users info was displayed in the e-mails so they can login. Now, emails that I "resend" from the customer profile page: Resend > Client Signup Email

 

It simply sends their email address and a bunch of asterisk for the password.

 

The code used in the template is set with the default:

 

Email Address: {$client_email}

Password: {$client_password}

 

 

Any help would be appreciated.

[krt463]

This was the reply (very FAST!) from support on this. They solved my question.

 

 

"If you wish to use the password reminder method with new versions of WHMCS, you would need to tick "Disable MD5 Clients Password" under Setup > General Settings > Security tab. For security, client area passwords are irreversibly encrypted and cannot be viewed by admins or sent to the client any time other than during the reset process. Enabling this option will switch to reversible encryption allowing admins to view the password and for it to be used as you are attempting to do. Please note that when switching from irreversible to reversible clients will all be assigned a new password and will need to use password recovery.

 

We recommend using the password reset function, either "Reset & Send Password" on the Client Summary page in the admin area or the reset function available to clients in the client area."

[WHMCS Ryan]

Hello krt463,

 

Glad to hear you were able to find a solution for your issue and we appreciate you sharing the response you received. Hopefully this will help others that may have similar issues.

 

--Thanks

[Blueberry3.14]

This function really needs to be rethought and redesigned. I've created new accounts for 2 new clients today... and both times had to get them their passwords another way other than through the "Client Portal Registration" email. This is just plain stupid.

 

The password shows in the "Welcome" email, and in the "reset and resend" email, so why doesn't it show in the portal registration email?

Edited September 12, 2014 by Blueberry3.14

[WHMCS John]

Hi Blueberry3.14,

It is designed like this to increase security. There is a school of thought that says passwords should never be passed via email as they are not secure. Currently WHMCS can operate both ways with a little tweaking from the user.

[Blueberry3.14]

Hi Blueberry3.14,

It is designed like this to increase security. There is a school of thought that says passwords should never be passed via email as they are not secure. Currently WHMCS can operate both ways with a little tweaking from the user.

 

Right, except that the password is already displayed in plain text in 2 other client emails, so not having it in the portal registration email is ridiculous.

 

FTR, while security is an extremely high priority to me, I don't buy into that school of thought. Spend 10+ years giving support to users who can barely send email, much less fill in a CAPTCHA or reset their password, and you'll get there too.

[WHMCS John]

Spend 10+ years giving support to users who can barely send email, much less fill in a CAPTCHA or reset their password, and you'll get there too.

No doubt, this is why both arrangements are possible with WHMCS.