Syed Ans Shah Posted April 24, 2019 Share Posted April 24, 2019 hi everyone, i am newbie here at WHMCS. i am running WHMCS v7.7 .1 i want to remove password from the Order Form. i have seen post in the whmcs community and i can/have hide password like this: <input type="hidden" name="address2" style="width:80%;" value="NA" /> or <input type="hidden" name="password" id="inputNewPassword1" class="field" placeholder="{$LANG.clientareapassword}" value="{$generatedpassword}"> but still the error comes and cannot submit the order. My Use Case is following: 1. i dont want to get password from clients at Order Form. instead i want to email them their generated Password. 2. i have server which is using seperate password to use my services. meaning there are 2 passwords right now. One for WHMCS Client Area that user enters in the order form and Second the service password that i generate and send via email. SO I WANT THESE TWO to be same as Clients get Confused. Please tell me What to do and how to generate automatic ONE password for Both? that is Client Password and Service Password and send it to the client VIA email. i would be really thankful to you. 0 Quote Link to comment Share on other sites More sharing options...
Syed Ans Shah Posted April 25, 2019 Author Share Posted April 25, 2019 23 hours ago, Syed Ans Shah said: hi everyone, i am newbie here at WHMCS. i am running WHMCS v7.7 .1 i want to remove password from the Order Form. i have seen post in the whmcs community and i can/have hide password like this: <input type="hidden" name="address2" style="width:80%;" value="NA" /> or <input type="hidden" name="password" id="inputNewPassword1" class="field" placeholder="{$LANG.clientareapassword}" value="{$generatedpassword}"> but still the error comes and cannot submit the order. My Use Case is following: 1. i dont want to get password from clients at Order Form. instead i want to email them their generated Password. 2. i have server which is using seperate password to use my services. meaning there are 2 passwords right now. One for WHMCS Client Area that user enters in the order form and Second the service password that i generate and send via email. SO I WANT THESE TWO to be same as Clients get Confused. Please tell me What to do and how to generate automatic ONE password for Both? that is Client Password and Service Password and send it to the client VIA email. i would be really thankful to you. dear @brian! and @WHMCS Lawrence, i am hoping you guys can help me out in this too. 0 Quote Link to comment Share on other sites More sharing options...
Kian Posted April 25, 2019 Share Posted April 25, 2019 (edited) The {$generatedpassword} in the example you posted needs to be specified with an action hook. That said, you can make passwords equal with PreModuleCreate hook point. Edited April 25, 2019 by Kian 0 Quote Link to comment Share on other sites More sharing options...
Syed Ans Shah Posted April 25, 2019 Author Share Posted April 25, 2019 (edited) 20 minutes ago, Kian said: The {$generatedpassword} in the example you posted needs to be specified with an action hook. That said, you can make passwords equal with PreModuleCreate hook point. i added this hook as well but it says "Please correct the following errors before continuing: You did not enter a password" add_hook("PreModuleCreate", 1, function($vars){ if ($vars['filename']!="cart"){ return; } $passwordLength = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $generatedPassword = ''; for ($i = 0; $i < $passwordLength; $i++) { $generatedPassword .= $characters[mt_rand(0, $charactersLength - 1)]; } return array("generatedpassword" => $generatedPassword); }); Edited April 25, 2019 by Syed Ans Shah 0 Quote Link to comment Share on other sites More sharing options...
steven99 Posted April 25, 2019 Share Posted April 25, 2019 Try returning "password" instead of generatedpassword . 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst II WHMCS Lawrence Posted April 25, 2019 WHMCS Technical Analyst II Share Posted April 25, 2019 What I would suggest here is using some custom logic like the above posters have mentioned to generate a random password for the client's password, and then use the PreModuleCreate hook point to do the same there too. The only gotcha is that the client's password is always stored using an one way encryption, so it isn't possible to decrypt and use it for that hook point. Also it is generally considered bad for security to use the same password in multiple locations, so I would strongly recommend against doing so. The safest option would be to generate default secure passwords for the client ordering process and then let WHMCS generate the service passwords as needed. 0 Quote Link to comment Share on other sites More sharing options...
Syed Ans Shah Posted April 29, 2019 Author Share Posted April 29, 2019 On 4/25/2019 at 11:05 PM, WHMCS Lawrence said: What I would suggest here is using some custom logic like the above posters have mentioned to generate a random password for the client's password, and then use the PreModuleCreate hook point to do the same there too. The only gotcha is that the client's password is always stored using an one way encryption, so it isn't possible to decrypt and use it for that hook point. Also it is generally considered bad for security to use the same password in multiple locations, so I would strongly recommend against doing so. The safest option would be to generate default secure passwords for the client ordering process and then let WHMCS generate the service passwords as needed. so you are suggesting that i should only generate the client password and let the whmcs generate the service password. okay that is good option too but problem is again the same that client has 2 password: client password and service password and they get confused which password to enter and where. i am sending the service password via email but can you tell me how to send the generate client password via email. i tried it but it gave me this 0 Quote Link to comment Share on other sites More sharing options...
Syed Ans Shah Posted May 1, 2019 Author Share Posted May 1, 2019 so finally i found the solution: 1. hide the password field in checkout.php >>>> /templates/orderforms/[your_cart]/checkout.tpl <input type="hidden" name="password" id="inputNewPassword1" class="field" placeholder="{$LANG.clientareapassword}" value="NA"> <input type="hidden" name="password2" id="inputNewPassword2" class="field" placeholder="{$LANG.clientareaconfirmpassword}" value="NA"> 2. Add hook to change password of service and client add_hook('PreModuleCreate', 0, function($vars) { $clientid = $_SESSION['uid']; $permitted_chars = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'; //ALLOWED CHARACHTERS function generate_string($input, $strength = 16) { $input_length = strlen($input); $random_string = ''; for($i = 0; $i < $strength; $i++) { $random_character = $input[mt_rand(0, $input_length - 1)]; $random_string .= $random_character; } return $random_string; } $random_string = generate_string($permitted_chars, 8); $command = 'ModuleChangePw'; //TO CHANGE SERVICE PASSWORD $postData = array( 'serviceid' => $vars['params']['serviceid'], 'servicepassword' => $random_string, ); $results = localAPI($command, $postData); $command = 'UpdateClient'; //TO CHANGE/UPDATE CLIENT PASSWORD $postData = array( 'clientid' => $clientid, 'password2' => $random_string, ); $adminUsername = 'YOUR_ADMIN'; //ADD YOUR ADMIN NAME HERE $resultss = localAPI($command, $postData, $adminUsername); return array( 'password' => $random_string, ); } ); 3. Now the Client and Service password are same. so you can send the EMAIL to user with USERNAME AND SERVICE PASSWORD. which is same as Client password in this way client doesnt have to remember 2 different password nor client has to get confused which password is used for which purpose. cheers. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst II WHMCS Lawrence Posted May 2, 2019 WHMCS Technical Analyst II Share Posted May 2, 2019 That should work as expected 🙂 The main reason why I talked about keeping separate passwords is that sharing passwords between multiple logins (in this case their hosting service and the WHMCS client area) is considered a bad security practice and inadvisable. If their hosting service password was compromised somehow, the attacker now has a possible valid password to try on the client area, which they could then use to access it and possibly compromise their other services, domains, etc as well. Separate passwords helps to eliminate such a possibility. 0 Quote Link to comment Share on other sites More sharing options...
airbytes Posted January 11, 2025 Share Posted January 11, 2025 Will it be possible for the /register.php page to do that, too? I'm using a Hook to send the password via email as soon as the account is created. However, the password is randomly generated, not the one the customer types during registration. Therefore, I want to somehow remove the Password fields from the registration and checkout pages because customers receive a randomly generated password via email anyway. thanks, Alex 0 Quote Link to comment Share on other sites More sharing options...
Azhar Patel Posted January 12, 2025 Share Posted January 12, 2025 Technically it should not generate the random password. Better put ticket to WHMCS as it should create user with provided password. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.