Jump to content

How to see a clients password

zippohosting

By zippohosting
in Using WHMCS

 Share

Recommended Posts

zippohosting Member

zippohosting

Posted
Posted

We noticed that in version 4 we are unable to view a client's password in their profile summary page.

 

After the upgrade to 4.0 that WHMCS performed we noticed a change that has effected our clients.

 

1. Login to the admin center

2. Click on a client

3. Click on Profile

4. The profile password is MISSING - it just says "Enter to Change" - no matter what we type there it is NEVER DISPLAYED.

 

How do we get their profile password displayed?

 

Many of our clients keep entering this information over and over and over because it says "Enter To Change" and when they do enter it they get the same message.

 

From an Admin aspect we need to see the password as well when they call asking us to provide it to them.

0
Link to comment
Share on other sites
  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

zippohosting Member

zippohosting

Posted
  • Author
Posted

Well I read all of those and became very confused.

 

I was hoping someone found a way to do it.

 

Every business practice is unique and this aspect of not being able to see passwords - even the client themselves is going to be a customer service nightmare.

 

Thanks for your reply.

0
Link to comment
Share on other sites
keliix06 Senior Member

keliix06

Posted
Posted

This was a "feature" that never should have existed in the first place. It's a good thing they have fixed it.

 

At this point, even if they wanted to change it back, you wouldn't be able to see any of the passwords since they are encrypted.

0
Link to comment
Share on other sites
Zeon Member

Zeon

Posted
Posted

I've found that knowing the client's password allows a more personalized service. Sure there should be an option to disable it for those who don't want it but for those who do there should also be that option.

0
Link to comment
Share on other sites
johannes Member

johannes

Posted
Posted

I can see also advantages, I have friends and customers who contacting me directly and ask a) for password because they cant find right now or b) how to do this or that inside whmcs, so it would be a good thing to be able to login as customer in their accounts to provide exactly help.

 

I understand also the security option view. So far from this I would say the best would be to have a choice.

 

This thing with one-way-encryption seems also to be a wired thing in many threads here, where people try to integrate the whmcs-login with other cms (eg. joomla. wordpress, .. every is MD5 in databases, but no chance to get it with whmcs encryption..)

 

And the really best would be to have both: the choice if/if not to see the client-pw, and the option to choose how the datas are encrypted in the database. This is my personal wisheslist for the next whmcs-version.

0
Link to comment
Share on other sites
SilverNodashi Senior Member

SilverNodashi

Posted
Posted
To see clients password is privacy issue. I am happy that it was fixed

I am not interested in knowing their password.

 

How exactly is that a privicy issue? You have his website, his email accounts, his databases (which could very well contain a LOT MORE private info than a password for this WHMCS account) and could very very easily do MUCH more harm with that, then his WHMCS password.

 

This is a needed feature by MANY, and if you don't trust yourself, or your staff then neither you or they should work for a hosting company.

0
Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted
I have friends and customers who contacting me directly and ask a) for password because they cant find right now

 

You actually verbally give users their password......

 

not here and anyone that I catch doing that will be headed for unemployment...

 

if they cant remember their password then they can

1 use the forgot password link

2 put in a ticket and we will resend the welcome email ( ONLOY to the email address on record )

0
Link to comment
Share on other sites
9DollarDomains Senior Member

9DollarDomains

Posted
Posted

My understanding from another thread is that if the client uses the 'forgotten password' link, it'll generate them a new random password and send that to them. If that is correct, that's the part that I have a problem with.

 

Personally - I think that a full 'root' admin should be able to view everything - but I mainly don't want the system changing their passwords to random ones.

0
Link to comment
Share on other sites
keliix06 Senior Member

keliix06

Posted
Posted (edited)
ask a) for password because they cant find right now

 

http://www.yourwhmcssite.com/passwordreminder.php

 

or b) how to do this or that inside whmcs, so it would be a good thing to be able to login as customer in their accounts to provide exactly help.

 

When looking at the client in the admin panel there is a link that says "Login as Client". Click that to login as them. You don't need access to their password to do that.

 

I really fail to see the problem with the client password encoded or not. The 4.0.1 patch introduced the ability to get the md5 encoded password by supplying the clients email so where's the problem?

 

No it didn't. While that's technically possible, it's not feasible and not something WHMCS would do. They can get a new password emailed to them, but it can't recover their old password.

 

2 put in a ticket and we will resend the welcome email ( ONLOY to the email address on record )

 

The welcome email can't tell them their password, it's encrypted. It's sent as ********. The only two ways they can get a password if they've forgotten it is using the password reminder your you manually resetting it in the admin panel and telling them directly, outside of a welcome email.

Edited by keliix06
0
Link to comment
Share on other sites
djpete Senior Member

djpete

Posted
Posted

by the way the prompt is really misleading.

It says: If you have forgotten your Client Area password, then enter your email address below to have it sent to that address.

 

I have changed mine to:

If you have forgotten your Client Area password, then enter your email address below to have it reset and sent to that address.

0
Link to comment
Share on other sites
johannes Member

johannes

Posted
Posted

The 4.0.1 patch introduced the ability to get the md5 encoded password by supplying the clients email so where's the problem?

 

if the original mail is deleted from the queue or logs, theres no way to get it again. it`ll resend a new one if you hit forgotten pw resend. and this is not what i need or my customers, some of them change it to their own (they want to be able to remember) and want that to do, so i must be able to read it in any way. i am the admin, so if i cant read it, what am i for a admin??

 

@merlinpa1969 - please dont take my head, i know my people on telefon and have reasons for that. its nothing what i would do with unknown people from whmcs or internet.. 8) .. forgot pw link brings new pw, but i need the original (or that choosen by my customers) ... resend welcome mail dont show up the pw, it shows ***, its only possible if the original logs/queue are not deleted.

 

@9DollarDomains - yeah, thats what i mean. as simple backup solution i store all pw`s encrypted on txt file and i am prepared for every question to every time.

 

@keliix06 wrote "When looking at the client in the admin panel there is a link that says "Login as Client". Click that to login as them. You don't need access to their password to do that." - thank you , i`ve overseen that. but still i want to be able to read it (and however it would be good to know kind of encryption or having MD5 for possible bridges to cms)

 

would it be a disadvantage (or security hole) for them who like it in the new way, if this would be an option to choose if readable (old way) or not (new way)? i think the code is already there for both ways, so it could be something like a checkbox?

0
Link to comment
Share on other sites
9DollarDomains Senior Member

9DollarDomains

Posted
Posted
WHY then they can login and change it again
Yes, I know. It's a PITA.

 

Like some others on here, most of my customers are known to me personally - I recognize their voices on the phone, I know them to see them - they've counted on me for years to be able to quickly and easily provide them all sorts of info, including forgotten passwords. They will email me files and ask me to upload them to their site - and I like being able to lookup user/pass so that I can do that. Often their MySQL passwords will be the same as their FTP/CPanel passwords, so again - I like being able to look it up and it's always helped me service my customers.

 

Fundamentally - I see no security advantage to having a full 'root' admin not being able to see all info, including passwords.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept