Jump to content

How to send users an email to confirm a password change?

paperweight

By paperweight
in Using WHMCS

 Share

Recommended Posts

brian! Senior Member

brian!

Posted
Posted
When a user changes their password using the "Lost Password" feature, they receive an email afterwards telling them the password was changed successfully.

Is there also a way to send users an email when they change their password at clientarea.php?action=changepw from inside the clientarea?

not from the admin settings - you should probably be looking at using an action hook to trigger an email to be sent.

 

there is a Password Manager module by ModulesGarden, though I suspect that it may be overkill if all you want to do is send an email on a password change! :)

 

https://marketplace.whmcs.com/product/1786

0
Link to comment
Share on other sites
twhiting9275 Senior Member

twhiting9275

Posted
Posted (edited)

Here you go. Change the one variable you need to change (admin username), Save this as a php file in includes/hooks/

 

<?php
/*
Client area password change notification for WHMCS
Developed by http://www.whmcsguru.com
*/

use Illuminate\Database\Capsule\Manager as Capsule;
function hook_client_password_notify($vars)
{

   $userid = $vars['userid'];
   $filename = APP::getCurrentFileName();
   $action = $_GET['action'];

   if ($filename=='clientarea' && $action=='changepw') {
       send_password_notify($userid);
   }
}

function send_password_notify($userid)
{
   $ip = $_SERVER['REMOTE_ADDR'] ;
   $hostname = gethostbyaddr($ip);
   $userinfo = Capsule::table('tblclients')->select('firstname', 'lastname')->WHERE('id', $userid)->get();
   //greet them
   foreach ($userinfo as $userrow)
   {
       $firstname = $userrow->firstname;
       $lastname = $userrow->lastname;
   }
   $command = "sendemail";
   $adminuser = "CHANGEME";
   $values["customtype"] = "general";
   $values["customsubject"] = "Password Modification from $hostname";
   $values["custommessage"] = "<p>Hello $firstname $lastname,<p>A remote user successfully changed your password. If this was not you, please do contact us immediately<br /> You may contact us by replying directly to this email<p>IP Address: $ip<br/>Hostn
ame: $hostname<br />";
   $values["id"] = $userid;

   $results = localAPI($command, $values, $adminuser);
}

add_hook('ClientChangePassword', 1, 'hook_client_password_notify');

 

 

This won't precisely 'confirm' the change, but it will let them know it's been changed. Confirmation isn't something terribly possible to do, at least easily.

Edited by twhiting9275
0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted (edited)

it does work - though it also sends an email to the client if the password is changed by an admin in the admin area - though that's not a bug, it's how the ClientChangePassword hook is supposed to work... so just be aware of that.

 

... if you wanted to change it so that the email is only triggered when the client changes their password in the client area, you could use the code below to modify the function in the above hook...

 

function hook_client_password_notify($vars)
{
   $userid = $vars['userid'];
   $filename = APP::getCurrentFileName();
   $action = $_GET['action'];

   if ($filename=='clientarea' && $action=='changepw') {
       send_password_notify($userid);
   }
}

Edited by brian!
0
Link to comment
Share on other sites
paperweight Senior Member

paperweight

Posted
  • Author
Posted
Good catch Brian!

Post edited to include that ;)

 

Thanks for all your help. Is there a method to get around using this:

$adminuser = "CHANGEME";

 

It's easy to put the admin's username in there, but it adds one extra worry in the future if the admin is removed/changed and then I forget to change the hook. Is there like a "sudo root" method to mimic the admin without their username, or does that create security issues?

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
Thanks for all your help. Is there a method to get around using this:

$adminuser = "CHANGEME";

It's easy to put the admin's username in there, but it adds one extra worry in the future if the admin is removed/changed and then I forget to change the hook. Is there like a "sudo root" method to mimic the admin without their username, or does that create security issues?

the value has to be there, but I suppose you could query the DB to get the ID of an admin who hasn't been disabled and use that in the code...

 

<?php
/*
Client area password change notification for WHMCS
Developed by http://www.whmcsguru.com
Tweaked by brian!
*/

use Illuminate\Database\Capsule\Manager as Capsule;

function hook_client_password_notify($vars)
{
   $filename = APP::getCurrentFileName();
   $userid = $vars['userid'];    
   $action = $_GET['action'];

   if ($filename=='clientarea' && $action=='changepw') {
       send_password_notify($userid);
   }
}

function send_password_notify($userid)
{
   $ip = $_SERVER['REMOTE_ADDR'] ;
   $hostname = gethostbyaddr($ip);
   $userinfo = Capsule::table('tblclients')->select('firstname', 'lastname')->WHERE('id', $userid)->get();
   $adminid = Capsule::table('tbladmins')->where('disabled','0')->pluck('id');
   //greet them
   foreach ($userinfo as $userrow)
   {
       $firstname = $userrow->firstname;
       $lastname = $userrow->lastname;
   }
   $command = "sendemail";
   $adminuser = $adminid;
   $values["customtype"] = "general";
   $values["customsubject"] = "Password Modification from $hostname";
    $values["custommessage"] = "<p>Hello $firstname  $lastname,<p>A remote user successfully changed your password. If  this was not you, please do contact us immediately<br /> You may  contact us by replying directly to this email<p>IP Address:  $ip<br/>Hostname: $hostname<br />";
   $values["id"] = $userid;

   $results = localAPI($command, $values, $adminuser);
}

add_hook('ClientChangePassword', 1, 'hook_client_password_notify');

when using this on v7, you will likely need to change 'pluck' to 'value'. :idea:

0
Link to comment
Share on other sites
paperweight Senior Member

paperweight

Posted
  • Author
Posted
and you can do that by changing the line of code to...

 

    $adminid = Capsule::table('tbladmins')->where('disabled',0)->where('roleid',1)->pluck('id');

 

Got it and makes sense. Many thanks!

 

on v7... sheez... we just finished, finally, upgrading and updating everything to v6 actually a few days ago -- process took about a year to get everything fully working. I see v7 is coming and I hesitate to think about more huge structural changes :(

0
Link to comment
Share on other sites
twhiting9275 Senior Member

twhiting9275

Posted
Posted

The structural change is there, for sure.

The only huge difference I've (personally) noticed? Pluck seems to be returning an array, rather than a single value.

Rather than create two separate versions of code, I simply created a function that will check if the response is an array, if so return $array['0']; , otherwise, return the value ;)

I'm sure there are other structural differences, but I haven't run across any other deal breakers (yet)

 

Alas, this is getting a bit off topic, just thought I'd throw my 0.02 in ;)

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept