Force password reset after "Reset and Send Password"
When an admin clicks "Reset and Send Password" in the admin area, the password is emailed to the client in plain text.
This is insecure.
It would be better if either:
- WHMCS forced a password change the first time the client logged in, or
- the button was renamed 'Send Password Reset' and instead of a plain text password, the client was sent a reset password link and could enter their own password. This method is used elsewhere in WHMCS. Why not here too?