How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Disable Autocomplete / AutoFill across WHMCS Admin

  • myworksdesign shared this idea 7 years ago
  • Admin Area

This topic has already unfortunately been broached on a smaller issue for the SMTP fields in settings, but there is an annoying issue across all of the WHMCS admin, where any browser will autofill / autocomplete the WHMCS admin (or any saved login info) login to any username/password fields in WHMCS. This is extremely annoying in the following cases, to name a few.

- Editing / Viewing a client Profile
- Editing / Viewing custom support ticket fields that contain a username/password field
- Editing / Viewing custom module options that contain a username/password
- Editing / Viewing WHMCS General Settings > SMTP settings
- And many more scenarios.

This can be resolved very easily by either adding a hidden username/password field to the top of the page code to trap this browser autocomplete/autofill or using the autocomplete="off" css setting in the fields above.

This is a very simple fix that will save 100% of WHMCS users grief every day.
Merged Ideas
    Disable autocomplete in Setup->General->Mail on smtp user/pass fields
    Well this "feature" is a bit annoying:If I save my access credentials to whmcs in Firefox and then go to Setup->General Settings->Mail, those SMTP user/pass fields are autocompleted with my whmcs credentials. If I change anything else, it gets saved to database in plain text.The relevant HTML is here:<tr><td class="fieldlabel">SMTP Username</td><td class="fieldarea"><input type="text" name="smtpusername" size="35" value=""></td></tr><tr><td class="fieldlabel">SMTP Password</td><td class="fieldarea"><input type="password" name="smtppassword" size="20" value=""></td></tr>All that is needed is adding a parameter to both fields:autocomplete="off"This surely can be done easily and in a timely manner, right? :)b.


Login to post a comment.

FYI I just opened a ticket and proved to the development team that this is necessary. They haven’t necessarily committed to making it happen but I think I have a very compelling reason to implement it. Their workaround was to disable autofill on Safari for usernames and passwords but after discovering that disabling the autofill feature on iPadOS or iOS completely removes any capabilities of auto filling passwords on any website, not just WHMCS installations. This is an unacceptable workaround and I hope it will come sooner rather than later at this point. I have seen the flaw with Safari on the client product where it addresses the username/password field along with the quick pick of the client when looking at a client profile. It affects both iCloud Keychain and LastPass autofill features.
Any updates on this issue? Hook presented in comments doesn't work anymore.
Just wanted to update this topic with a finding that ios12 (Public Beta 4, at least) now tries to suggest a saved password when viewing any client summary/profile page in mobile in the WHMCS Admin - by thinking the Client Select Dropdown (used to switch to view a different client) needs to be autofilled, for some reason.

We opened this issue in a ticket with WHMCS - but in the meantime, it's easy to resolve by simply hiding this dropdown in mobile - it's not like we ever use it anyways (isn't that what the search in the top right of WHMCS is for?).

Attached the updated hooks file to share.
Finally got it working properly!
It turns out LastPass has a setting you have to enable in order to force it to respect the autofill=off stuff. For anyone needing this info go to LastPass Preferences > Advanced > Respect AutoComplete=off: allow websites to disable AutoFill.

EDIT: You have to add the tag data-lpignore="true" to the code that myworksdesign provided. I added it to the last section as shown below. Now LastPass no longer autofills the Username or Password forms on my account pages but it still allows me to log into the back end by clicking the LastPass icon in the fields if needed.

  • <label for="pw">Password</label> <input id="pw" readonly type="password" data-lpignore="true" onfocus="if (this.hasAttribute(&#39;readonly&#39;)) { this.removeAttribute(&#39;readonly&#39;); this.blur(); this.focus(); }" /> </form>
  • [/co]
    Sorry, myworks, you are just too fast for me... I edited the post while you were replying before... :)

    If I paste in the code to that file I created and then browse back to my WHMCS back end the password and Username fields are still being filled in... See attached image if needed.
    No problem! LastPass might be treating those fields differently. We've confirmed our hook fix resolves the issue for normal browser autofill, like Safari or Chrome. We use 1Password internally and it doesn't automatically autofill, so we've never seen that Lastpass issue before. You might have to reach out to LastPass and ask them if there's a setting to not Autofill on a specific domain, or to turn off autofill.
    That's correct. WHMCS automatically loads any hooks in that folder, so nothing else necessary.
    Thank you for that post. Just to clarify then, all I have to do is make a file like disable_password_autofill.php in that folder, paste in that code, and that's it? Do I need to activate that hook somewhere in WHMCS?
    If I paste in the code to that file I created and then browse back to my WHMCS back end the password and Username fields are still being filled in...
    I thought we shared a hook that we use internally earlier, but we've already found a solution to this by simply adding the below code in a hook in your WHMCS /includes/hooks folder.
    Let me bump this again as being something that definitely needs to be addressed. By the way, found another potential solution to this on another site that sounds fairly easy to implement... Simply adding this to the input fields in the forms will prevent LastPass from autofilling them. Please add this as soon as possible!
    I agree on this as well. Also have the problem in Safari, when looking a client, the search box gets auto filled with my login username, so it finds client matching my name and pops out a list of them, cover the client info and some tabs. Very annoying.
    Password for the SMTP should not be autofill EVER!

    Having invoices not go out is a huge lass of business.
    OMG!!! Thank you for this comment!!!

    It made me realise that it was lastpass autofilling much more than just Email and Password (which is weird as that's all the info it should keep). Name Fields and Description (eg Support Departments) were being autofilled.

    Once you Edit the LastPass Advanced Settings for the site and check "Disable Autofill" then WHMCS works fine.

    I was completely losing my mind and wanted to abandon WHMCS but in the end it was LastPass and a simple fix :)

    Thank you! Thank you! Thank you!
    Glad to hear it :)
    @myworksdesign this entire requests section is full of things that drive away clients when things have been sitting for many years with no comment or progress from @whmcs.
    Please fix this ASAP!
    vote on this, especially on lastpass, it keeps getting autofill on user/password and very dangerous to cause access lost because user/pass would get overwritten
    Yes please fix this. For me the most annoying place is the Yubikey 2 factor field on login.