Registration Page
New clients register at /register, reachable from the Get Started button in the portal navigation. No authentication is required to access the registration form.
Required Fields
| Field | Notes |
|---|---|
| First name | Required |
| Last name | Required |
| Email address | Must be unique; used as the login identifier |
| Password | Minimum 8 characters |
| Country | Dropdown; drives default tax rules |
Optional Fields
| Field | Notes |
|---|---|
| Company name | Appears on invoices and the client record |
[!TIP] If you have custom client fields enabled (Admin → Settings → Custom Fields), they will appear on the registration form if marked as "Show on registration".
Email Verification
Whether email verification is required depends on your configuration at Admin → Settings → Client Portal → Require email verification.
- Enabled (default): After registration, a verification link is emailed to the client. The link expires after 60 minutes. The client cannot log in or place orders until their email is verified.
- Disabled: The client is logged in immediately after registering and redirected to their dashboard.
[!IMPORTANT] If a client does not receive the verification email, ask them to check their spam folder. Staff can manually verify a client's email from Admin → Client → Edit → mark "Email verified".
Resending the Verification Email
If the link expires, the client can request a new one from the login page banner that appears for unverified accounts. Staff can also trigger a resend from the client record.
After Registration
Once the account is active (either immediately or after email verification):
- The client is redirected to
/client/dashboard. - A welcome email is sent (configurable under Admin → Settings → Email Templates → Welcome Email).
- The client can immediately browse the store and place an order.
Logging In
Existing clients log in at /client/login. The login form accepts the registered email address and password. If 2FA is enabled, a second challenge step follows — see Two-Factor Authentication.
Password Reset
Clients who have forgotten their password can use the Forgot password? link on the login page, which leads to /client/forgot-password. A reset link is emailed to the registered address and expires after 60 minutes.
Admin-Created Accounts
Administrators can create client accounts manually at Admin → Clients → New Client.
| Behaviour | Self-Registration | Admin-Created |
|---|---|---|
| Email verification required | Depends on setting | Never required |
| Password source | Set by client | Auto-generated and emailed, or set manually |
| Active immediately | After verification | Yes |
Admin-created accounts are useful for:
- Migrating clients from WHMCS or another billing platform
- Onboarding clients who contacted you by phone or email
- Setting up internal or test accounts
[!TIP] When creating an account for a migrated client, you can set their credit balance, assign a client group, and pre-fill custom fields all in one step. See Creating Client Accounts.
Security Notes
- Passwords are hashed using bcrypt and are never stored in plaintext.
- There is no limit on registration attempts by default; rate limiting is applied at the web server level (configure in your Nginx/Apache config or using middleware).
- Registration can be disabled entirely at Admin → Settings → Client Portal → Allow self-registration.