Jump to content
USA_Webmaster

HOWTO: Disable or remove "You are entering an administrative area of WHMCS and must confirm..."

Recommended Posts

I wish to disable and remove the prompt looks like this and reads like: "Confirm password to continue: You are entering an administrative area of WHMCS and must confirm your password to continue."

 

ToSuNG8.png

 

It's just that I use a manager to generate a 24 length password and it's a nag to have to waste like 6 clicks to login, what appears to be so often.

 

I get that it's a great security feature but I'll assume full responsibility and don't requires others to do it for me. This admin password prompt reminds me of the two-factor authentication prompts I see all across the web.. STEAM is the WORST (btw)!

Share this post


Link to post
Share on other sites

ironically, I PM'd someone @ WHMCS about this same thing yesterday as i'm in a similar boat with regards to using a long password - I don't mind the feature being there, but it needs to be optional, i.e so we can turn it off. :roll:

 

I previously toyed with a few ideas to workaround it - e.g it uses it's own template (authconfirm.tpl), so at the most basic level, you could add the password into the template itself (not great security-wise and could get overwritten during an update anyway); pulling the password using a hook... though I had no real intention of wasting any serious time coding around a bloody security feature that I can't recall a great demand for in the first place.

 

I now just use a Firefox clipboard addon as a quick way of pasting the password in... it'll do until this feature is removed or disabled. :idea:

Share this post


Link to post
Share on other sites

It's all about options - Firefox FTW!

 

You think this feature will be removed or disabled? Also, you think I should PM that same person to push for it>? Not sure how much WHMCS surfs these forums..

 

Happy Friday the 13th and stay scary,

Share this post


Link to post
Share on other sites
You think this feature will be removed or disabled? Also, you think I should PM that same person to push for it>? Not sure how much WHMCS surfs these forums..

a lot of them come out of the woodwork during a beta period - once over, they quickly return to the shadows! :roll:

 

I don't think PM'ing them would help - as it happens, I think the "person" pretty much agrees with us on this matter... as to if WHMCS will disable or remove it, I don't know - I would hope so, but who knows!

 

after all these years, I still haven't really found a guaranteed way to get WHMCS to do something (or even listen) - I long ago gave up on the feature request system - so, often it comes down to trying to cajole someone @ WHMCS to start "an internal discussion" in the hope that, at the end of the day, something will be done... hardly they way to run a business - but hey that's not my problem. :)

 

Happy Friday the 13th and stay scary,

I hadn't realised it was until you mentioned it. :evil:

Share this post


Link to post
Share on other sites

Hey guys,

 

Thanks for your feedback.

 

Please submit a Feature Request for the team to consider in a future request (Yes brian! I saw your eyes roll :roll:) the more people that vote and contribute the more likely the team are to consider this request.

Share this post


Link to post
Share on other sites

You know what, I'll take this over what it used to be any day of the week.

Yes, it's annoying, but fill in the password, and be done with it.

It used to be that any time you made changes to an admin account it needed to be verified with your own password.

 

Now, it seems somewhat cookie/session based . If you haven't entered your password in XXX time, it gets asked for again

Given that this is protecting some pretty sensitive areas, yeah, I'd say it's useful.

Share this post


Link to post
Share on other sites
Please submit a Feature Request for the team to consider in a future request (Yes brian! I saw your eyes roll :roll:)

have you placed a hidden camera near me ? that's exactly what I did when I read it.. :lol:

 

the more people that vote and contribute the more likely the team are to consider this request.

well in my experience over the the years, that hasn't been the case (perhaps consideration, but implementation is far more relevant) - but let's not extinguish your optimism on this so early in your reign. :)

 

I hear what you're saying - if nobody makes requests, nothing changes... but even when they do, nothing changes... or a solution may be added in 3 years time - by which time, the ship has sailed... if an issue is time-critical (e.g you need it in <6 months), a feature request would be pointless and they'd be better getting a developer in.

 

one of the major problems with the feature requests is searching for an existing specific/relevant request - even when you know it exists, they can be hard to find... so you end up with similar requests all getting one or two posts... pointless.... there are requests in there, with hundreds of votes and suggested many years ago, that are still "Under Consideration". :roll:

 

do you think if there was a request with 200 votes to get the WHMCS logo removed from the admin emails, it would be completed? I don't.

 

i'm open to being convinced about the validity of the requests system - but i'm still waiting to see the proof.

 

Given that this is protecting some pretty sensitive areas, yeah, I'd say it's useful.

we didn't say it wasn't useful to some - just that we don't need it and would be good to make it optional.

 

now if WHMCS don't want to change it, there's no point moaning about it - you just find a workaround.

Share this post


Link to post
Share on other sites
it isn't working for me, still having to periodically enter the password.

 

I noticed that to and posted an update which should fix the issue (same url). You will still periodically see the confirm screen but it will automatically reload and you will not have to put a password in.

  • Like 1

Share this post


Link to post
Share on other sites
I noticed that to and posted an update which should fix the issue (same url). You will still periodically see the confirm screen but it will automatically reload and you will not have to put a password in.

thanks Joe, seems to be working fine now. :idea:

Share this post


Link to post
Share on other sites

This seems to no longer be working with the update to 7.21

Any ideas?

Share this post


Link to post
Share on other sites
This seems to no longer be working with the update to 7.21

Any ideas?

this is one of the most annoying features of WHMCS and the hook hasn't worked since the first v7.2 beta.

 

hopefully Joe can fix it. :idea:

Share this post


Link to post
Share on other sites
this is one of the most annoying features of WHMCS and the hook hasn't worked since the first v7.2 beta.

 

hopefully Joe can fix it. :idea:

 

Count my vote !! Have seen many new scripts using it, but all have an option to disable it. Last one was xenForo. Can't understand. I'm the master (and not only Webmaster) of my site. I want to have the freedom to do anything that I want to my site. Even to let admin area available even to visitors. If they'll explode my site ok. It's MY site.

  • Haha 1

Share this post


Link to post
Share on other sites

Ok. I spent some time and found a solution.

 

1.- Open template: authconfirm.tpl in admin/templates/your_template directory

 

2.- Give an id to the form eg:

<form id="idiot" method="post" action="">

 

3.- Add value="......your password...." eg

<input type="password" class="form-control" id="inputConfirmPassword" name="confirmpw" placeholder="" value="MyPassWord" autofocus>

 

4.- For (3) credits are going to Brian! :)

 

5.- At the end of the form add:

{literal}
<script>    
   jQuery(window).load(function(){
       document.getElementById("idiot").submit();
   });
</script>
{/literal}

 

Chris

 

- - - Updated - - -

 

PS: Just be sure that you're working on the correct template as I wasted 10 minutes modifying blend template while I'm using v4 :twisted:

 

- - - Updated - - -

 

Works fine with 7.2.1 but I'll not be surprised if it will not works on the next version. I can bet that they'll add a timer to count the elapsed time for posting :)

Share this post


Link to post
Share on other sites
Ok. I spent some time and found a solution.

Works fine with 7.2.1 but I'll not be surprised if it will not works on the next version. I can bet that they'll add a timer to count the elapsed time for posting :)

it does indeed work fine, but I won't be using it for a number of reasons.

 

with this method, i'm going to have to potentially re-edit the file after ever update - the two good things about Joe's hook were that it didn't need to store the password and wouldn't require any changes to templates.

 

i'll go back to using the clipboard addon until the hook is fixed.

Share this post


Link to post
Share on other sites

This is just a fast and dirty solution. Actually I came here to post about this problem (for me is more problem than security protection), when I seen this thread.

As for hooks. Have bad experiance with vB for 10 years now, so I'm trying to avoid them like the hell.

Replacing a template is just some seconds work (not a big deal for the peace of your mind), but what if that hook place removed in an furure upgrade or renamed, or whatever. This is my bad experiance with vB. And the glory was on vB5 when, all suddently, they removed hooks at all (now start adding them back, one by one, but not all).

Share this post


Link to post
Share on other sites

This is making it impossible for me to access the General Settings area.

I enter the password and the password dialog simply comes back.

So frustrating!

Share this post


Link to post
Share on other sites

This is so annoying s I am the only person with login rights so why is this password forced on me every time I move around the admin?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By stuntnmore
      Hello, i would like to show you today how to tweak around the admin login page to make it a bit more unique
       
      Based on the main template, the admin login page cannot be fully customized but you can mess with the css to change it a little bit.
       
      Starting off, there is one CSS file within the login page of the admin area call UI.all.css, this file is the only one available as a css attribute, what we can do is modify this file to suit our needs within the login page.
       
      For example, if you wish to change the background you can add this at the end of the CSS file, the file is located
       
      /includes/jscript/css/ui.all.css
       
      You can add at the bottom this css and customize it to your liking

      /*CUSTOM CSS*/ body { background-color:#000 !important; background-image:url([b][color=red]BACKGROUND URL HERE[/color][/b]) !important; background-repeat:repeat !important; } body #login_container { background-image:url(url([b][color=red]BACKGROUND URL HERE[/color][/b])); }
      You can also just put a background as well, just go onto google and type in texture and just replace BACKGROUND URL HERE, and your all set, just make sure it points to the right directory.
       
      Screenshot example:
      /http://s1.postimg.org/sb90m2v3j/Capture.png
       
      Other thoughts:
      Only thing is the rest of the whmcs will also have that background, thats the only bug that i havnt gotten around, although though i could make a script that would hide the image and show the one thats default on the main page.
    • By onel0ve
      i need to disable auto credit apply function for selected client(s). how can i do it? this function was available in client profile tab at old version. i cannot see this function in latest version.
    • By DewlanceHosting
      Hello,
       
      WHMCS allow us to hide radio button but its possible to mark as disabled so customer can't select out of stock location?
       
      For example:

       
       
      Thanks.
  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines