Jump to content

{$client_password} returns nothing


Ranjan

Recommended Posts

Hi there,

I don't know it's right category or not to ask this question, but {$client_password} field returns nothing, not even ******* kind of thing in new user welcome email.

I already double checked email templates, using latest version 8.0.2

Is this a new privacy feature or bug?

Link to comment
Share on other sites

  • 1 month later...
On 09/10/2020 at 12:41, Ranjan said:

Is this a new privacy feature or bug?

with all the password reset changes, I would assume intentional.

14 hours ago, joedavis said:

It's a total pain in the backside is what it is.

it's certainly a silly change, if intentional, because at least outputting **** is something - if it's returning nothing, there's no point in the default email templates including "Password: {$client_password)" in the content.

14 hours ago, joedavis said:

Right along with WHMCS not answering questions like this one.

if I wanted to ensure receiving an answer from WHMCS themselves, I wouldn't post a question here, i'd open a support ticket - outside of the beta forums, there is no guarantee that a post will be seen, or even replied to, by WHMCS staff.

Link to comment
Share on other sites

I get that WHMCS doesn't want to show the passwords in emails anymore but they need to provide guidance on the token we can use in the Client Signup Emails to give users a chance to create their password. Having them go to the website and click the link to request a new password looks very unprofessional. 

Maybe I'm just missing where WHMCS has already provided this guidance.

Link to comment
Share on other sites

57 minutes ago, brian! said:

i've just sent the Client Signup Email direct from a clients profile, and it's including the **** in the password field.

 

That's fine and expected at this point. 

The workflow that I'm having a hard time with is this:

  1. Client signs up for services via the phone or after an in-person meeting and signing of a physical contract.
  2. We setup the client's account in WHMCS and send them the Client Signup Email.
  3. Client Signup Email doesn't contain a password so we ask the client to click a link in the email that takes them to the password reset request page on our WHMCS site.
  4. Client enters their email address on our site and WHMCS tells them to check their email for further instructions.
  5. Client checks their email and clicks the "Reset your password" link.
  6. Client enters their desired password on the page.
    1. Password reset page is titled "Lost Password Reset" (password has never been known to the client so it's not really lost). This looks ridiculous to a new customer trying to get setup on their account for the first time.
  7. Client can click the continue button and finally be logged into the site.

This is a drawn-out process that appears slapped together and cumbersome to clients who are hiring us as a technology company that they expect to make things easier for them.

So, what I'd like to do is include a link in the email that allows the client to immediately set their password. Is there a token that would allow that?

Link to comment
Share on other sites

On 11/12/2020 at 7:32 AM, brian! said:

if I wanted to ensure receiving an answer from WHMCS themselves, I wouldn't post a question here, i'd open a support ticket - outside of the beta forums, there is no guarantee that a post will be seen, or even replied to, by WHMCS staff.

There's always feature requests. 👼

Link to comment
Share on other sites

19 hours ago, joedavis said:

Is there a token that would allow that?

I don't know - it's possible that the token is only created for "user" type emails and not for others... you might need to ask WHMCS Support direct about that.

19 hours ago, joedavis said:

The workflow that I'm having a hard time with is this:

  1. Client signs up for services via the phone or after an in-person meeting and signing of a physical contract.
  2. We setup the client's account in WHMCS and send them the Client Signup Email.
  3. Client Signup Email doesn't contain a password so we ask the client to click a link in the email that takes them to the password reset request page on our WHMCS site.
  4. Client enters their email address on our site and WHMCS tells them to check their email for further instructions.
  5. Client checks their email and clicks the "Reset your password" link.
  6. Client enters their desired password on the page.
    1. Password reset page is titled "Lost Password Reset" (password has never been known to the client so it's not really lost). This looks ridiculous to a new customer trying to get setup on their account for the first time.
  7. Client can click the continue button and finally be logged into the site.

This is a drawn-out process that appears slapped together and cumbersome to clients who are hiring us as a technology company that they expect to make things easier for them.

let me ask - for your situation, do you want the password that you manually create for the client to be visible in that signup email?

in your circumstances (as I understand them), I think there is a non-coding way to do that... though there then might be coding needed at a later point to remove evidence in the database of that password being included in the content.

Link to comment
Share on other sites

45 minutes ago, brian! said:

for your situation, do you want the password that you manually create for the client to be visible in that signup email?

I agree that including the password in the email makes it less secure but I guess including a link to reset the password without causing the user to verify themselves is an issue as well. To me, there should be some kind of a work around that doesn't require the user to go back and forth between email and our WHMCS site so many times. With all of this focus on not sending passwords in emails, I'd like to know why we're sending service passwords in plain text. Seems like there's hyper focus on one thing and none on the others. 

I think we may just start sending our new clients a link to our WHMCS site registration page asking them to sign up before we setup their services. I'm not confident it'll work very often.

Link to comment
Share on other sites

20 hours ago, joedavis said:

I agree that including the password in the email makes it less secure but I guess including a link to reset the password without causing the user to verify themselves is an issue as well.

just to be clear, I was genuinely trying to not phrase the question as to be leading, e.g if you said that you want to include the visible password in the email, then I was not about to berate you for wanting that... that's your business if you want to go down that road.

for completion (before i forget), if you wanted to include passwords in these emails (in your situation), then one option would be to use a Client Custom Field, e.g an admin only password field, e.g when you're creating the client, you enter the password in the password field as normal, but you also enter it into the CCF... with a slight modification to the signup email template (literally 1 IF statement I think), it could include the CCF instead of $client_password... and so the user would at least receive a working password and can login immediately.

now at that point, I think that's where the coding would begin and could include...

  • upon login, forcing the client to change their password.
  • hiding/remove the CCF password field from the admin area profile (password value would be visible but encrypted in the db) - though if user forced to change password, that might not be relevant.
  • remove password from stored welcome emails.
  • hide welcome emails from client.
  • ... and possibly other issues.
21 hours ago, joedavis said:

To me, there should be some kind of a work around that doesn't require the user to go back and forth between email and our WHMCS site so many times.

I can see that.... though even if WHMCS have an epiphany and agree with you, their solution would be months away.

21 hours ago, joedavis said:

With all of this focus on not sending passwords in emails, I'd like to know why we're sending service passwords in plain text. Seems like there's hyper focus on one thing and none on the others. 

oh there's always hyperfocus on the latest thing @ WHMCS and that more often that not leads to inconsistencies throughout the software.

often hosting passwords might not have been chosen by the user, whereas they should know their client passwords if they're signing up directly.

21 hours ago, joedavis said:

I think we may just start sending our new clients a link to our WHMCS site registration page asking them to sign up before we setup their services. I'm not confident it'll work very often.

I don't think there's much doubt that option would be less successful than handing them existing login details.

Link to comment
Share on other sites

  • 3 months later...
  • WHMCS Technical Analyst

Just want to inform everyone that the  {$client_password} merge field is no longer available as of v8.0. Using it is will return empty.

It has been removed from the default Client Signup Email template as of WHMCS 8.1.

Please see  CORE-15899 on the release notes for 8.1: https://docs.whmcs.com/Changelog:WHMCS_V8.1.0_GA

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated