DaveDaveC Posted October 30, 2007 Share Posted October 30, 2007 Hi, Just want to know if this is true, if an invoice is created in the system It will send to client with the following: Customer A get the invoice=436 h t t p s://w w w.domain.com/billing/viewinvoice.php?id=436 So, the next cutomer, customer B invoice=437 : h t t ps://w w w.domain.com/billing/viewinvoice.php?id=437 The problems here is that any clients can just type the php?id=???? to view people's invoice...say customer F type php?id=436 can view Customer A 's record??? Hmm..sure it is not a good ideas, right? Anything can be done to avoid this...? David 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted October 30, 2007 WHMCS CEO Share Posted October 30, 2007 Of course not. You would be able to if you are logged in as admin but a customer certainly can't. Matt 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.