markjwilliamson Posted January 27, 2016 Share Posted January 27, 2016 Hi, I only want to use whmcs to manage existing users without letting anyone else view the site or place orders so I was looking for a way to hide ALL pages, (except the login page) from non-logged in users. I've redirected all users to the login page using the option in general settings but there's nothing to stop someone from typing "/cart.php" onto the end of the domain name in the address bar and getting access to the order forms etc. I've tried using an {if $loggedin || $templatefile == 'login'} before the main content part in header.tpl and an {/if} at the end of section in footer.tpl but that just gave me non-formatted pages even for logged in users. The only way I can think of doing it is to put the {if $loggedin} at the start of every tpl page? ...does anyone have any ideas. kind regards Mark. Link to comment Share on other sites More sharing options...
sentq Posted January 27, 2016 Share Posted January 27, 2016 hello Mark, I think the best way to do this is using ActionHook to redirect who ever access your client area to login page. below I wrote simple ActionHook function that will force anyone access your WHMCS client area to login before they can browse other pages in it, create new file in /includes/hooks/ directory, with the name "forceeveryonetologin.php" and put the following code inside it: <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function hook_ForceEveryoneToLogin($vars) { $clientID = intval($_SESSION['uid']); if ($vars['filename']!="login" && $vars['filename']!="dologin" && $vars['filename']!="clientarea" && $clientID===0){ header("Location: login.php"); exit; } } add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin"); Link to comment Share on other sites More sharing options...
brian! Posted January 27, 2016 Share Posted January 27, 2016 nice solution sentq it possibly might be useful to add another exception to your list - e.g the password reset link for those clients who have forgotten their password. if ($vars['filename']!="login" && $vars['filename']!="dologin" && $vars['filename']!="clientarea" && $vars['filename']!="pwreset" && $clientID===0){ Link to comment Share on other sites More sharing options...
sentq Posted January 27, 2016 Share Posted January 27, 2016 thanks brian also we don't need to force Admin to login as client to browse client area, so lets improve it a little <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function hook_ForceEveryoneToLogin($vars) { $clientID = intval($_SESSION['uid']); $adminID = intval($_SESSION['adminid']); if ($adminID===0){ if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset") && $clientID===0){ header("Location: login.php"); exit; } } } add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin"); Link to comment Share on other sites More sharing options...
markjwilliamson Posted January 28, 2016 Author Share Posted January 28, 2016 That works perfectly, exactly what I wanted. Thank you to both of you for taking the time to help me - it's really appreciated. The third solution was throwing an error, an unexpected "{" which gave a server 500 error. but I couldn't see an unmatched bracket so I used a mix of the solutions... <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function hook_ForceEveryoneToLogin($vars) { $clientID = intval($_SESSION['uid']); $adminID = intval($_SESSION['adminid']); if ($adminID===0){ if ($vars['filename']!="login" && $vars['filename']!="dologin" && $vars['filename']!="clientarea" && $clientID===0){ header("Location: login.php"); exit; } } } add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin"); ...I didn't include the password reset clause as I've removed that button from the login screen anyway. thanks again guys. -Mark Link to comment Share on other sites More sharing options...
sentq Posted January 28, 2016 Share Posted January 28, 2016 the third solution was missing one of the ")", below is fixed <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function hook_ForceEveryoneToLogin($vars) { $clientID = intval($_SESSION['uid']); $adminID = intval($_SESSION['adminid']); if ($adminID===0){ if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset")) && $clientID===0){ header("Location: login.php"); exit; } } } add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin"); 1 Link to comment Share on other sites More sharing options...
Andyucs Posted October 17, 2017 Share Posted October 17, 2017 is there any way possible to exclude the register page in this mod as if they are not a member they can not register thanks in advance Andy Link to comment Share on other sites More sharing options...
sentq Posted October 18, 2017 Share Posted October 18, 2017 5 hours ago, Andyucs said: is there any way possible to exclude the register page in this mod as if they are not a member they can not register thanks in advance Andy sure: <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function hook_ForceEveryoneToLogin($vars) { $clientID = intval($_SESSION['uid']); $adminID = intval($_SESSION['adminid']); if ($adminID===0){ if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset", "register")) && $clientID===0){ header("Location: login.php"); exit; } } } add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin"); 1 Link to comment Share on other sites More sharing options...
Andyucs Posted October 18, 2017 Share Posted October 18, 2017 Thank You sentq Link to comment Share on other sites More sharing options...
Recommended Posts