Feature Requests
Share ideas, discuss and vote on requests from other users in community
This object is in archive! 

Manually approve account details changes

Toki shared this idea 5 years ago
Under Consideration

WHMCS only allows to block some fields to be changed by user accounts and it does not register changes, only has an option to send them by email. This is troublesome.

We would like to have an option where admins have to approve updated details on each account. First of all, this would register changes on user account besides just the email notification. WHMCS SHOULD log profile changes on customer accounts.

This would also allow more flexible in user account details, instead of having to block a field from being updated, you could allow it to be changed, but have an admin approve the changes manually.

This would also stop hacking attempts by bots, which register as normal user, then update the fields to some MYSQL table trying to do a SQL injections. This would stop them from even trying to hack WHMCS this way.

This would also avoid people changing their details to avoid billing collections but updating the account with dummy details.

I can go on and on on why this feature would be very helpful. Please, vote this. This would be entirely optional. You could mark an option in the admin side like:

Admin has to approve account changes

It could be then created as a to do list.

The user would receive an message after updating the details like "Thank you, your account details will be updated in the next 24 hours or what ever you want here"

An admin then goes to the To Do list and approves or rejects new details.

Please vote or comment.

Comments (3)


Either that or prevent certain keywords in the fields when changing address.


The MySQL injections issue is the biggest problem I have with WHMCS at the moment. Whilst it's not productive for the hacker (we trust anyway) any and all measures to help prevent it are required and must be implemented.

This type of issue shouldn't even be disccused - WHMCS should just do it.


I also experienced this issue with 2 sql injection attempts in the current week alone and think this feature will be very useful.

My "Open Discussion" is not available in my account in the forum...

How can we open a discussion about this reques so more whmcs clients will vote for it?