• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Xenforo customers security

#1
Why dont they generate a user and password which only they can change, as they always ask me for the transaction id from paypal but if you cant find it as they wasnt registered company or too many pages of transactions its hard...

Vbulletin asks you for a auth code which you must enter the password to transfer which is much user friendly in my opinion i hate ib but thats the best reason to use them instead of all this hard to do ways, i know they are growing but when Xenforo told me it was a company email i got into the customer area but why dont they trust me though, might as well give everyone access as they cant do nowt without my paypal account.
 
#6
I believe it's in relation to the Customer area and tickets, etc.
I am in the customer area and they cant help me when im logged in i have to have the transaction id, i have had two, one i had for personal reasons and one i had for business use. Why cant they be like Vbulletin and just make sure you are logged in, or even ask you for your full address you used to order it and email you use to purchase it via paypal, which would be much user friendly and better support.
 

Kier

XenForo Developer
Staff member
#7
I am in the customer area and they cant help me when im logged in i have to have the transaction id, i have had two, one i had for personal reasons and one i had for business use. Why cant they be like Vbulletin and just make sure you are logged in, or even ask you for your full address you used to order it and email you use to purchase it via paypal, which would be much user friendly and better support.
When I was at vBulletin, we required transaction IDs etc. to verify that people requesting transfers were eligible to do so. I can't speak to their requirements now. Nonetheless, we have no intention of changing our security procedures.
 

Forsaken

Well-known member
#8
When I was at vBulletin, we required transaction IDs etc. to verify that people requesting transfers were eligible to do so. I can't speak to their requirements now. Nonetheless, we have no intention of changing our security procedures.
Thats standard procedure for every company that does online business as well.
 

Ashley

Business Guy
Staff member
#9
I know it is a pain. The information is requested to authenticate the request (specifically to make changes to customer details or licenses). It should be information that is available to only the license owner. It is a question of security as we do not want some clever clogs sending an email on behalf of a customer to change the license or customer details, only to find out that the request was not from the license owner.

That would not be good, for all concerned.
 
#10
ok i see your points but support never asked me for transaction ids just their address, mine and the code from something like members.vbulletin.com/auth.php where i entered my customer password and a code comes up.
 

EQnoble

Well-known member
#11
Well I was transfering a license a few weeks ago (a vb one) and because I bought it with a card other than my own I had to give tons of personal info of someone else to transfer it even though it wasn't my info to give.

- Email address -
- Billing address -
- Telephone number -
- Approximate date of purchase -
- Type of license (owned or leased) -

- Order Method (Credit Card, Paypal, etc) -
and that is besides that code.
since license transfers are an internal thing and I have to assume isn't something that is going to happen nearly as much as license purchases, that is something that I think should be worried less about...I read the thread title and was like uhh oh what happened LOL. If the team changes that cool..if they don't even cooler IMO.
 

Marc

Well-known member
#12
Personally I would much rather the inconvenience of trying to find a transactionid and details than I would K&M spend time on writing something for this in place of time that they could be spending on xenforo development itself.
 
F

Floris

Guest
#13
ok i see your points but support never asked me for transaction ids just their address, mine and the code from something like members.vbulletin.com/auth.php where i entered my customer password and a code comes up.
Yeah, but .. you're on XenForo.com - and they're not the same company as vBulletin Solutions Inc.
 
F

Floris

Guest
#15
They have.

Give the unique transaction id.

Then they know it's you - unless your paypal account got hacked.
 
F

Floris

Guest
#17
If you use paypal a lot you should realize there's an advanced search available where you can fill in payments@xenforo.com and set the period to 24 months.

You will get the few results - giving you what you are looking for.