How to access SESSIONS

[rosscoD]

Hello folks,

 

I am currently redesigning my hosting site and I want to integrate WHMCS a bit more by showing someone logged in to the site or not.

 

I'm happy to use WHMCS to control the user login but how do I access the WHMCS SESSIONS to be able to integrate these functions properly?

 

I have searched the site and seems most people are using JOOMLA which I hate (personally) and wondered if there was a general way to access WHMCS SESSIONS?

 

Thanks.

[m00]

Have a look at this post: http://forum.whmcs.com/showpost.php?p=136028&postcount=2

[rosscoD]

Not exactly what I'm after unfortunately. I need to access the WHMCS SESSIONS so I can log in to some custom work that I have worked on. For example, I need to gather a users ID which would be a great start. From there I should be able to start integration in to my system.

[jeremyhaber]

If your looking for a php function, I believe I mentioned this before in a question here.

 

This is what I use for my live support addon:

 

session_start();

if ($_SESSION["adminid"] != "") {
$uid = $_SESSION["adminid"];
$utype = 2;
} elseif ($_SESSION["uid"] != "") {
$uid = $_SESSION["uid"];
$utype = 1;
} else {
$uid = 0;
$utype = 0;
}

 

Pretty much after this runs:

The $uid variable holds the current user id, 0 if guest.

If the user is an admin the $utype variable has a value of 2

If the user is a client the $utype variable has a value of 1

If the user is a guest the $utype variable has a value of 0

 

So if I want to know if its a client I use an if statement like this:

if ($utype == 1) {
echo "Hello Client #".$uid; // Example Output: Hello Client #1
}

[rosscoD]

What would be perfect would be the user signing in to WHMCS itself and then being able to access the SESSION data from the main site so it can see that you are signed in. Rather than using the site login separately from WHMCS.

 

I posted the above without seeing the reply! I'll take a look at that now. I'm using a framework that already uses session_start(); will this cause conflicts?

[jeremyhaber]

Yes.

 

Remove the session_start(); on the code above.

 

It only needs to be initiated once. As long as this code runs after session_start(); has been initiated you should be good to go!

[rosscoD]

OK, so how does my site know about the SESSIONS in WHMCS? This is what I need to find out, is there some sort of way to access the SESSIONS in order to pass the info back and forth?

 

I mean how would my site know $_SESSION["adminid"] exists if it's not accessing the WHMCS? Should I include a file from the WHMCS directory?

 

I have managed to integrate forums in to sites using my own bridges but the forum softwares always had a way to gather basic data through SESSIONS.

 

Thanks

[m00]

As long as your WHMCS environment and "normal" website are on the same webspace, you can just access the session using session_start(); and the $_SESSION['variable']. The session is not something WHMCS specific, but is just stored on the webserver.

[rosscoD]

This is what I thought, however the sessions are not appearing on my main site. I have tried to echo $_SESSION['uid'] after I have signed in to WHMCS on my main site and it won't show the ID. My main site runs off a framework that uses session_start(); already so I'm wondering if this is causing the issue?

 

What would be the normal process of taking the SESSION from one app to another like that? Both are on the same webserver and domain, the site is in the root, WHMCS is is /accounts/

 

Appreciate your time and help so far.

[m00]

This is what I thought, however the sessions are not appearing on my main site. I have tried to echo $_SESSION['uid'] after I have signed in to WHMCS on my main site and it won't show the ID. My main site runs off a framework that uses session_start(); already so I'm wondering if this is causing the issue?

 

What would be the normal process of taking the SESSION from one app to another like that? Both are on the same webserver and domain, the site is in the root, WHMCS is is /accounts/

 

Appreciate your time and help so far.

 

I've tested this, with in the /whmcs/ folder my WHMCS-environment, and in the /testsite/ folder a system which also relies on sessions. I placed a simple php-file in the root and it just saw the session variables set by both environments. You could check the declared variables in the session with this code:

<?php 
session_start();
print_r($_SESSION);
?>

Is it maybe possible that your application tries to set some variables of WHMCS? (uid or upw)

Edited April 12, 2010 by m00

[HerrZ]

you have to know:

whmcs is using the PHP Session. the session is not stored in a database (like in joomla).

so you can use the following: http://de3.php.net/manual/de/book.session.php

 

session_start();

gets the PHP SESSION (=whmcs session) into the 3rd environment. thats your luck.

 

for getting the session outside of whmcs the following is an option:

session_write_close();
session_name('PHPSESSID');
session_id($_COOKIE['PHPSESSID']);
ini_set('session.save_handler', 'files');
@session_start();
// ... work with session

 

in your case for checking "logged in" the very short version should be:

session_start();
if ($_SESSION['uid']) {
}

[rosscoD]

Thanks for all your ideas folks, Herzz I think your code is possibly what I'm looking for. I have just quickly tested it and it's showing the uid when I echo the session. I will continue to work on this and see if I can further expand it.

 

Herzz, is your method safe from hijacking? I am still a relative newbie at PHP so I just want to make sure.

[HerrZ]

when someone is able to write his session on your site, then is is still hacked.