RESOLVED Unable to remove created users

[ThemeMetro]

Hello,

Its not possible to remove created users  permanently from WHMCS admin.  If i am wrong, how to remove them if none of client account is associate with that user account.

In Manage Users page should be an option to remove account permanently  if the users is not associate any client.

 

Edited October 2, 2020 by ThemeMetro

[wsa]

I think they report as a bug already

[HardSoftCode]

If you delete a client all users will be able to become clients if the user order a product

[Ludo]

Okay, but it is not normal to be unable to completely  remove a user no ?

I think that it's an issue and i didn't see it in the list of known bugs

is there an official hotfix for that or should i remove them via SQL ?

thanks

Ludo

[wsa]

I guess they did not fix this because I still see it 

[DennisHermannsen]

On 10/4/2020 at 3:34 PM, HardSoftCode said:

If you delete a client all users will be able to become clients if the user order a product

That's just not good enough. The account should be completely deleted.
If a customer asks us to delete their account, we cannot keep any information about them. Everything has to go. It's very weird how WHMCS didn't even consider that keeping the email address and name would be an issue.

[HardSoftCode]

11 hours ago, DennisHermannsen said:

That's just not good enough. The account should be completely deleted.
If a customer asks us to delete their account, we cannot keep any information about them. Everything has to go. It's very weird how WHMCS didn't even consider that keeping the email address and name would be an issue.

Do you know that you can invite other client with active products to be users on your account if admin delete your account with that users accounts that mean the admin will delete the client account that you invited

Edited October 6, 2020 by HardSoftCode
Add screenshot

[DennisHermannsen]

You should be able to delete different users. It shouldn't delete every user connected to a client - it should just delete the user that you select. That ain't hard.

[HardSoftCode]

4 minutes ago, DennisHermannsen said:

You should be able to delete different users. It shouldn't delete every user connected to a client - it should just delete the user that you select. That ain't hard.

But those users did not give permission to delete their accounts

Example: You add me as a user to your account and i accepted the company terms of service and registered, why you go and delete my account without my permission?

[DennisHermannsen]

Just now, HardSoftCode said:

But those users did not give permission to delete their accounts

Of course you shouldn't just go on a rampage and delete random users... You should only delete users that ask for it.
Example: I am the owner of an account. 4 other are invited to access my account. I contact the company and ask to have my user account deleted. They delete only my user account - the 4 other users will still have their account, but won't be able to access my account as it no longer exists.

[ThemeMetro]

2 minutes ago, HardSoftCode said:

But those users did not give permission to delete their accounts

Example: You add me as a user to your account and i accepted the company terms of service and registered, why you go and delete my account without my permission?

Because its property of company and have full rights to remove any of accounts. also admin should capable to remove any user, or client account. because the admin has full rights.

[Ludo]

1 hour ago, HardSoftCode said:

Do you know that you can invite other client with active products to be users on your account if admin delete your account with that users accounts that mean the admin will delete the client account that you invited

Absolutely not...

We just want to be able to delete a user without active product. It is just a RGPD requirement...

If a "user" has been invited by another "client" with an active product, WHMCS just have to notify the admin before deletion and admin will take a decision.

It seems that the user feature is not totaly released, it is not just a bug, when you select a user, you cannot even deactive it with the switch button.

I hope that a new release will come soon, i'm to the limit to rollback

[Biswashost]

Hello all, I also notice this issue yesterday. After updating to whmcs 8.0.1 I opened two testing account & I deleted them by visiting client profile from admin area using "Delete Clients Account" but when i go to "Manage users" then i can see both of them are there & there have no way to delete them. Even if i try to reopen account using that email address then it's showing email already exits, kindly try using a new email. Does anyone found any solutions. Thanks.

Edited October 6, 2020 by Benjamin Biswas

[Ludo]

No, there is no solution for the moment

which means that the platform no longer meets RGPD standards and this is a real problem for me.

I hope that the team will publish a new release very soon. even the 8.0.2 doesn't fix the problem.

[wsa]

V8.0.2 and still not fix this 

[WHMCS John]

Hi all,

Thanks for sharing your feedback on the management of Users.

One of the key concepts of Users is that a User is independent of Client Accounts.

Once users have registered, they will always have a set of access credentials with your company, and can login - regardless of actions to Client Accounts they belong to or are a member/owner of.

The presence of Users without an assigned Account does not pose a problem for the system; it's designed to handle that as HardSoftCode identified. If that user ever returns in future, they can login as before and won't need to re-signup or be surprised their credentials have stopped working.

If one was to receive a genuine formal GDPR erasure request, one could potentially satisfy it by anonymising the record by editing the User data via the UI.

We're very much watching and listening to this thread, and would be interested to hear further thoughts and reasoning for any other approaches.

[DennisHermannsen]

21 minutes ago, WHMCS John said:

If one was to receive a genuine formal GDPR erasure request, one could potentially satisfy it by anonymising the record by editing the User data via the UI.

I'll have to stop you right there, John.  The same thing goes for regular clients. In theory, you could just change their details. It's just a hell lot easier to delete everything than to have hundreds of inactive users (all with unique email addresses).

22 minutes ago, WHMCS John said:

Once users have registered, they will always have a set of access credentials with your company, and can login - regardless of actions to Client Accounts they belong to or are a member/owner of.

... And so can a client. But - if the client wants their account deleted, we should (and must) delete it.

If a user (not a client) actually decides to contact us and asks us to have their account removed, why shouldn't we be able to delete it? Sorry, but I just can't wrap my head around why a 'Delete User' button and/or API function has been made.
 

25 minutes ago, WHMCS John said:

We're very much watching and listening to this thread, and would be interested to hear further thoughts and reasoning for any other approaches.

Reasoning? We're forced to delete data about a client if the client requests it. Not doing so is punishable with huge fines.
In 2018, WHMCS made a lot of steps to make it look like they cared about GDPR  - and then they basically ruined it with a single update and can't understand why we feel something is wrong.

Please, please, please, please (!!!!!) let us know why it has now taken 3 releases (I reported it before GA) and there's still no solution to this. It's really just a matter of deleting the user the same way that a client is deleted.

 

Sorry about my tone in this reply, my it really frustrates me. You can't make a release that is so GDPR focused back in 2018 and then ruin it two years later saying: "You know, you can just manually edit out the personal information for each user" - WE COULD VERY WELL DO THAT WITH CLIENTS AS WELL BEFORE 2018, It's just a lot easier NOT having to do that.

 

[wsa]

100 % True Dennis is like whmcs.com dont care about GDPR policy. I have 2 client right tell me if I dont remove they information they going to report to GDPR.

Now I need to go to PHPMyAdmin and remove it that more work for me  This V8 your did making staff do more work then V7

[ThemeMetro]

3 hours ago, wsa said:

100 % True Dennis is like whmcs.com dont care about GDPR policy. I have 2 client right tell me if I dont remove they information they going to report to GDPR.

Now I need to go to PHPMyAdmin and remove it that more work for me  This V8 your did making staff do more work then V7

Yes at least admin should have permission to remove any account permanently. 

[Biswashost]

We must need complete power to delete any account @WHMCS John

[wp4all]

Slowly it seems to me as if only zombies work here without a brain. 💀

If you want to sell your software only in the US where no one cares about privacy anyway then do it and I'm out.

We have very strict and restrictive rules here in the EU area. 

If you need some tutoring please do so:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

If a customer demands that I delete all his data, I have to do it.
If he can log in again after a year for whatever reason, as if nothing ever happened, I can hang myself from the next tree.

The quality and consideration of the customers here is getting worse and worse.

This is not a charity here but we are still paying customers and I can damn well ask to get attention.

More and more often reseller products are implemented here than regular customer requests for system changes and functions.
Only when the outcry of several customers becomes too loud changes are made with minimal effort.

All too often customers will leave themselves to deal with hooks and coding to get functions that worked before working again after a main release.

In the future it would make sense to announce elementary changes to system functions, then the community can announce early that there could be problems in some scenarios.

There are areas that are very sensitive in some countries and there is no room for maneuver.

- Privacy
- Data security
- Finance and tax law

I already see a preferred solution by whmcs:
Then simply anonymize the user with a dummy entry: It is the year 2021 the database points to 5000 dummy entries 🤮

[Plambee]

I am also of the opinion that there must be a delete function. That the admin should make the data anonymous by hand cannot be the answer to the problem.
If I drive my car to the garage and the mechanic tells me that the solution to the problem is to take the bus in the future, he gets the spanner to his head 😉
So please WHMCS integrates a delete function, that does not cost you much work and relieves your customers, who are paying for the software.

[wsa]

Make easy of you to add a option that the admin can delete the user that should not take you year to do it  :)

[HardSoftCode]

It's not hard to create a small hook to do this, I always say you can do anything with WHMCS by using hooks and APIs

Just upload the attached file to the includes\hooks directory and now when you deleted a client the owner user will be deleted

 

<?php

if(!defined("WHMCS")) die("This file cannot be accessed directly");

use WHMCS\User\Relations\UserClient;
use WHMCS\User\Client;
use WHMCS\User\User;

add_hook('ClientDelete', 855412, function($vars)
{
  $clientid = $vars['userid'];
  $userid   = UserClient::where('client_id', $clientid)->value('id');
  
  if(User::find($userid)->isOwner(Client::find($clientid)))
  {
    if(User::where('id', $userid)->delete())
    {
      logActivity('User Deleted - ID: '.$userid, 0);
    }
  }
});

 

deleteClientUser.zip

Edited October 9, 2020 by HardSoftCode

[wp4all]

This is only partially correct, the user will be deleted only when the customer owner will be removed.

But if there is a request to delete just the user information without the customer owner, the only way is through the database.

As I said, why do you always have to use a hook or API for the simplest logical operations ?

As administrator / owner I should be able to create, change and remove users/ accounts at any time.

A orderly user management is needed here, everything else is nonsense.