Jump to content

HOWTO: Disable or remove "You are entering an administrative area of WHMCS and must confirm..."

USA_Webmaster

By USA_Webmaster
in Developer Corner

 Share

Recommended Posts

USA_Webmaster Member

USA_Webmaster

Posted
Posted

I wish to disable and remove the prompt looks like this and reads like: "Confirm password to continue: You are entering an administrative area of WHMCS and must confirm your password to continue."

 

ToSuNG8.png

 

It's just that I use a manager to generate a 24 length password and it's a nag to have to waste like 6 clicks to login, what appears to be so often.

 

I get that it's a great security feature but I'll assume full responsibility and don't requires others to do it for me. This admin password prompt reminds me of the two-factor authentication prompts I see all across the web.. STEAM is the WORST (btw)!

Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted

ironically, I PM'd someone @ WHMCS about this same thing yesterday as i'm in a similar boat with regards to using a long password - I don't mind the feature being there, but it needs to be optional, i.e so we can turn it off. :roll:

 

I previously toyed with a few ideas to workaround it - e.g it uses it's own template (authconfirm.tpl), so at the most basic level, you could add the password into the template itself (not great security-wise and could get overwritten during an update anyway); pulling the password using a hook... though I had no real intention of wasting any serious time coding around a bloody security feature that I can't recall a great demand for in the first place.

 

I now just use a Firefox clipboard addon as a quick way of pasting the password in... it'll do until this feature is removed or disabled. :idea:

Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
You think this feature will be removed or disabled? Also, you think I should PM that same person to push for it>? Not sure how much WHMCS surfs these forums..

a lot of them come out of the woodwork during a beta period - once over, they quickly return to the shadows! :roll:

 

I don't think PM'ing them would help - as it happens, I think the "person" pretty much agrees with us on this matter... as to if WHMCS will disable or remove it, I don't know - I would hope so, but who knows!

 

after all these years, I still haven't really found a guaranteed way to get WHMCS to do something (or even listen) - I long ago gave up on the feature request system - so, often it comes down to trying to cajole someone @ WHMCS to start "an internal discussion" in the hope that, at the end of the day, something will be done... hardly they way to run a business - but hey that's not my problem. :)

 

Happy Friday the 13th and stay scary,

I hadn't realised it was until you mentioned it. :evil:

-1
Link to comment
Share on other sites
twhiting9275 Senior Member

twhiting9275

Posted
Posted

You know what, I'll take this over what it used to be any day of the week.

Yes, it's annoying, but fill in the password, and be done with it.

It used to be that any time you made changes to an admin account it needed to be verified with your own password.

 

Now, it seems somewhat cookie/session based . If you haven't entered your password in XXX time, it gets asked for again

Given that this is protecting some pretty sensitive areas, yeah, I'd say it's useful.

Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
Please submit a Feature Request for the team to consider in a future request (Yes brian! I saw your eyes roll :roll:)

have you placed a hidden camera near me ? that's exactly what I did when I read it.. :lol:

 

the more people that vote and contribute the more likely the team are to consider this request.

well in my experience over the the years, that hasn't been the case (perhaps consideration, but implementation is far more relevant) - but let's not extinguish your optimism on this so early in your reign. :)

 

I hear what you're saying - if nobody makes requests, nothing changes... but even when they do, nothing changes... or a solution may be added in 3 years time - by which time, the ship has sailed... if an issue is time-critical (e.g you need it in <6 months), a feature request would be pointless and they'd be better getting a developer in.

 

one of the major problems with the feature requests is searching for an existing specific/relevant request - even when you know it exists, they can be hard to find... so you end up with similar requests all getting one or two posts... pointless.... there are requests in there, with hundreds of votes and suggested many years ago, that are still "Under Consideration". :roll:

 

do you think if there was a request with 200 votes to get the WHMCS logo removed from the admin emails, it would be completed? I don't.

 

i'm open to being convinced about the validity of the requests system - but i'm still waiting to see the proof.

 

Given that this is protecting some pretty sensitive areas, yeah, I'd say it's useful.

we didn't say it wasn't useful to some - just that we don't need it and would be good to make it optional.

 

now if WHMCS don't want to change it, there's no point moaning about it - you just find a workaround.

1
Link to comment
Share on other sites
  • 1 month later...
jclarke Senior Member

jclarke

Posted
Posted
it isn't working for me, still having to periodically enter the password.

 

I noticed that to and posted an update which should fix the issue (same url). You will still periodically see the confirm screen but it will automatically reload and you will not have to put a password in.

1
Link to comment
Share on other sites
  • 2 months later...
ChrisTERiS Senior Member

ChrisTERiS

Posted
Posted
this is one of the most annoying features of WHMCS and the hook hasn't worked since the first v7.2 beta.

 

hopefully Joe can fix it. :idea:

 

Count my vote !! Have seen many new scripts using it, but all have an option to disable it. Last one was xenForo. Can't understand. I'm the master (and not only Webmaster) of my site. I want to have the freedom to do anything that I want to my site. Even to let admin area available even to visitors. If they'll explode my site ok. It's MY site.

1
Link to comment
Share on other sites
ChrisTERiS Senior Member

ChrisTERiS

Posted
Posted

Ok. I spent some time and found a solution.

 

1.- Open template: authconfirm.tpl in admin/templates/your_template directory

 

2.- Give an id to the form eg:

<form id="idiot" method="post" action="">

 

3.- Add value="......your password...." eg

<input type="password" class="form-control" id="inputConfirmPassword" name="confirmpw" placeholder="" value="MyPassWord" autofocus>

 

4.- For (3) credits are going to Brian! :)

 

5.- At the end of the form add:

{literal}
<script>    
   jQuery(window).load(function(){
       document.getElementById("idiot").submit();
   });
</script>
{/literal}

 

Chris

 

- - - Updated - - -

 

PS: Just be sure that you're working on the correct template as I wasted 10 minutes modifying blend template while I'm using v4 :twisted:

 

- - - Updated - - -

 

Works fine with 7.2.1 but I'll not be surprised if it will not works on the next version. I can bet that they'll add a timer to count the elapsed time for posting :)

Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
Ok. I spent some time and found a solution.

Works fine with 7.2.1 but I'll not be surprised if it will not works on the next version. I can bet that they'll add a timer to count the elapsed time for posting :)

it does indeed work fine, but I won't be using it for a number of reasons.

 

with this method, i'm going to have to potentially re-edit the file after ever update - the two good things about Joe's hook were that it didn't need to store the password and wouldn't require any changes to templates.

 

i'll go back to using the clipboard addon until the hook is fixed.

Link to comment
Share on other sites
ChrisTERiS Senior Member

ChrisTERiS

Posted
Posted

This is just a fast and dirty solution. Actually I came here to post about this problem (for me is more problem than security protection), when I seen this thread.

As for hooks. Have bad experiance with vB for 10 years now, so I'm trying to avoid them like the hell.

Replacing a template is just some seconds work (not a big deal for the peace of your mind), but what if that hook place removed in an furure upgrade or renamed, or whatever. This is my bad experiance with vB. And the glory was on vB5 when, all suddently, they removed hooks at all (now start adding them back, one by one, but not all).

Link to comment
Share on other sites
  • 2 months later...
  • 1 month later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept