Jump to content

Verify if user is logged into whmcs?

gary4gar

By gary4gar
in Developer Corner

 Share

Recommended Posts

gary4gar Junior Member

gary4gar

Posted
Posted (edited)

I have written a custom PHP script to which client submit requests from the client area via AJAX. the data is passed as GET/POST method.

 

Now, When I receive the XHR request in my custom php script, I need validate if the request is coming from user who is logged in & not from random script kiddie. I have observed that each valid request will have the following cookies, If XHR request is sent within the client area after login is done.

 

  • WHMCSUID
  • WHMCSPW
  • PHPSESSID

 

Currently, I am just checking is these are set which is not secure. I want actually verify these against whmcs's client database to be sure that the request is indeed coming from client who has successfully logged in by providing valid username & password.

 

Any ideas?

Edited by gary4gar
0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept