Get PDF invoice without loging in

[Vincent Vega]

Is there a sollution to do this?

 

Cloning the session of the admin is not a (good) solution.

[tsiedsma]

Is there a sollution to do this?

 

Cloning the session of the admin is not a (good) solution.

 

What is your objective? By doing this, you would compromise the security of your customers by allowing anyone to view any invoice and in turn view customer information.

[craigedmonds]

What is your objective? By doing this, you would compromise the security of your customers by allowing anyone to view any invoice and in turn view customer information.

 

Not if you pass an additional parameter in the string such as customerid or someother unique variable. (cloning admin session is obviously a bad idea though)

 

I am looking for this solution also for normal invoices.

 

Alot of my clients just want to be sent a link, open the invoice in their browser and pay the invoice.

 

They perceive it as being a hassle and inconvenience to have to login somewhere and view the invoices.

 

I would like to see in future releases this option in the settings, of course giving a warning that it reduces the security slightly. Perhaps allowing this to be set at the client level even.

 

It cant be any worse than those people who run WHMCS on none SSL sites.

 

Kindest Regards

Craig Edmonds

[drtduarte]

Yes, that is possible.

 

Matt could do it for you.

 

In our case we have the invoices on a public folder with index protection, and we have added a 12 characters md5 string to the invoice number with dinamic parameters as date and others, so it's impossible for someone to guess what is the link to the invoice unless he receives the link on the email or access it on the customer area as in our case...

 

Here you have the example of the link:

107_1a6fg0d72c65b309ae777fadb8c6f8bc.pdf

 

Take care

David

[Vincent Vega]

What is your objective? By doing this, you would compromise the security of your customers by allowing anyone to view any invoice and in turn view customer information.

 

Retreiving invoices by a module for otherkinds of processing.

[edercoll]

Hello Craig,

 

Were you able to implement it with the least security?

I'm in the same situation, with a few hundred invoices to send and only yesterday I noticed that the client has to be logged in to view and print the invoice,. That will put a drag on my process as I will receive a lot of complaints, cause Im migrating from a system that would send the invoice straight into their mailboxes.

 

I know I can send a pdf to them, but the pdf wont link to the payment gateway we use, so they have to get to the invoice inside the browser to be redirected.

 

If you have accomplished it and can provide me with instructions I'd really appreciate it.

 

Thanks!

 

Eder

 

Not if you pass an additional parameter in the string such as customerid or someother unique variable. (cloning admin session is obviously a bad idea though)

 

I am looking for this solution also for normal invoices.

 

Alot of my clients just want to be sent a link, open the invoice in their browser and pay the invoice.

 

They perceive it as being a hassle and inconvenience to have to login somewhere and view the invoices.

 

I would like to see in future releases this option in the settings, of course giving a warning that it reduces the security slightly. Perhaps allowing this to be set at the client level even.

 

It cant be any worse than those people who run WHMCS on none SSL sites.

 

Kindest Regards

Craig Edmonds

[m00]

Well, the easiest method is just creating a new PHP-page, sett an admin id, load the invoice and unset the admin id.

 

<?php
session_start();
$_SESSION['adminid'] = 1;
require "viewinvoice.php";
unset($_SESSION['adminid']);
?>

 

Secure? No. But you could build a check where you give in the password hash and user-id to verify the user.

Edited March 26, 2010 by m00