I was wondering if this would be possible to add 2 tags to the invoice template: [CLIENT_USERNAME] and [CLIENT_PASSWORD] or something of the likes. That way the template could be customized to say:

Payment Instructions:
1) Log into our client management site at [CLIENTAPPLICATIONURL] with your username [CLIENT_USERNAME] and password [CLIENT_PASSWORD].
2) Click on the "Billing" tab
3) Select the invoice you want to pay
4) Click on pay invoice

Those tags of course would be linked to the info from the client profile. I'm asking this because okay new signups know exactly what username/password they chose.... but those old clients we had before did not create their CE account: we did it for them. And even though we keep telling them we used the username/password combo for their site (same as they use for everything else), many of them keep on forgetting. And since most my clients seem to be afraid to ask the info, we remained with many unpaid invoices until I decided to email each and everyone of those clients withh an email including their username and password. All the invoices were paid after that.

So I think this would be a nice addition.

I agree too, the email tags are too little to be able to be include in the welcome email, things such as Hosting Plans tags, Payment Method tags is not inside.

I mean when we generate the Invoice Email, naturally we will want to include all the above tags in it...

You have to remember that the username and password for CE is one way encrypted. You can not get to it after the initial setup.

well there's gotta be a way or something cause... right now this is really something lacking. I only have 26 customers at the time being so ... worst case scenario I email each of them to give them the info. But I sure wouldn't do it with 100+ clients.

Why is it actually encrypted? There ain't THAT crucial information in the control panel. And if they hack your database .. they got all data anyway?

Originally posted by Dreas@Apr 18 2003, 02:00 AM
Why is it actually encrypted? There ain't THAT crucial information in the control panel. And if they hack your database .. they got all data anyway?
I believe that once CC batching is added security will be a major factor.

Personally I wouldn't want anyone getting in and changing my password on me or
getting any other details in there and I certainly wouldn't be sending passwords
via email any more than is absolutely neccessary.

my 2 bits B)

I agree on that but ..

The passwords to access the information are encrypted. The information including the passwords are in the database. The only way to get the password out is to access the MySQL database. But once you're in the MySQL database you got access to all the info aswell.

I'd never store CC info in a MySQL database. That can't be done safe enough.

Passwords being send by email happen all the time. It's mainly a service. If someone has access to your email account he or she can manually request a new password aswell or pretend to be someone else. There is no secure way.

We will take a closer look at this after the "autopayment" features are added.

Alberto, so if someone forgets their password, they have to click forgot password and then use the link in the email to generate a new one?

(Also, they can use their email as their login, correct?)

Originally posted by infinityws@Apr 25 2003, 09:09 PM
(Also, they can use their email as their login, correct?)
We can only hope they'd remember which email to use! I'm not saying my customers are stupid but some have been known to have a dimmer on their thought processor switch... if you know what I mean. ;)

Originally posted by infinityws@Apr 25 2003, 09:09 PM
Alberto, so if someone forgets their password, they have to click forgot password and then use the link in the email to generate a new one?

(Also, they can use their email as their login, correct?)
correct

Alberto, you should see if there is any way to encrypt the CC number once in the database so even if the DB is compromised, the info would still be encrypted. I don't know how that would be done though. You can' t make it 1-way, so it would have to be a key system or something

If you dont want all crackers to try to crack your application/server I'd never store the CC info in a database. There is no way that can be done secure for as far as I know.

I'd have the webhoster print all CC details on paper and then warn him from within Clientexec to enter a creditcard number for the real-time transaction.

Modernbill already has autopayment features which require the CC info to be stored in a DB. In not sure how they do it, but its most likely secure. It would be really annoying if a customer had to re-enter their CC info every month to pay.

Originally posted by Jacynthe@Apr 17 2003, 07:52 AM
I was wondering if this would be possible to add 2 tags to the invoice template: [CLIENT_USERNAME] and [CLIENT_PASSWORD] or something of the likes. That way the template could be customized to say:

Payment Instructions:
1) Log into our client management site at [CLIENTAPPLICATIONURL] with your username [CLIENT_USERNAME] and password [CLIENT_PASSWORD].
2) Click on the "Billing" tab
3) Select the invoice you want to pay
4) Click on pay invoice
Since our clients can login with their email address, why not write it out like this:

1) Log into our client management site at [CLIENTAPPLICATIONURL] with the email [CLIENTEMAIL] and password (hidden for account security)

Just a suggestion... :)

Very nice suggestion