Jump to content

Client Account Login Notification Hook


Recommended Posts

15 hours ago, twhiting9275 said:

I haven't spent a ton of time analyzing the user database changes, but this code snippet will only work up to a point.

I wouldn't argue with that - it was a sticking plaster to get the show back on the road temporarily until your revival... with you working on a commercial version of this (any thus me not wanting to damage sales and take food from your cats mouth lol), I saw no point in stepping on your toes wasting time on a 100% fix . 🤪

15 hours ago, twhiting9275 said:

It looks like tblusers and tblclients are being used , clients for 'owners' as it were, users for everyone (owners and contacts).

contacts are irrelevant as they can't login in any version - previously clients & subaccounts can login - now it's only users who can.

16 hours ago, twhiting9275 said:

When a 'contact' is added, it's thrown into tblusers. This is where the $userid is coming from. 

to be accurate (in v8.1 and I assume 8.0), when a contact is added, it is still added to tblcontacts as before - it is *not* added to tblusers... but as I said, for this purpose, contacts can be ignored as they can't login.

subaccounts in pre v8 versions, should have been duplicated as tblusers during the v8 upgrade process... similarly, clients will have been duplicated to users and marked as owners.

15 hours ago, twhiting9275 said:

This will not notify contacts (sub accounts, etc) on login, because SendEmail does not like tblusers any longer. I'll look into a better approach , perhaps, over time. Or, maybe WHMCS can change that API call. not sure there though, honestly

it's fixable.

17 hours ago, twhiting9275 said:

This will not notify the admins if a sub account logs in to their account. Why? Who's to say that sub account only belongs to them, so, I'm not going to add that. Maybe I'll look into something a bit more complicated there, but for now, this will do

if it's a subaccount, e.g pre v8, then a subaccount logging in can easily be identified and it's client informed... subaccounts are linked to one client...

granted, the whole situation gets messy in v8. 🙄

 

 

Link to comment
Share on other sites

10 hours ago, brian! said:

subaccounts are linked to one client...

See last post. Not sure why the community cut off all of my text?
User 154 is a dummy subaccount, and is tied to 2 different clients. I would have found it odd if it wasn't able to work this way, myself, so, that doesn't surprise me
To be fair, that is using 8.0, and I did add that sub to the second account (via invite) through the admin area. Maybe they changed that in 8.1? Maybe a client cannot add subaccount if it's already tied to another client? don't know. All I know is that it can (in 8.0) be done, and shows up in the admin area, in both clients

Like I said, I would have been surprised if this wasn't possible, given the scarcity of 'good' help these days. That's why I deliberately left that out of there.

10 hours ago, brian! said:

subaccounts are linked to one client...

I'm all ears 🙂 . If you've got another idea for how to handle this (preferably through API), drop me a link to the API, or basic docs on the function and I'll poke through it.
I could probably use phpmailer to do this, but not sure how deep WHMCS is involved in that, and I really don't want to go down that rabbit hole, which is why I chose to just continue with sendemail (which support has confirmed is working as it should).

 

 

10 hours ago, brian! said:

contacts can be ignored as they can't login.

As far as 'contacts', I meant to use 'subaccounts', not the 'contacts' reference, that is my bad. You're correct, contacts can't login, they're merely just a point of contact for a company, and yes I refereed to them incorrectly 🙂

 

Link to comment
Share on other sites

Hi @brian! 

What to do in case they are not the owner but only users ?  As this is a great security concern and during COVID-19 circumstances cyber attacks and frauds have increased  many folds...I have split the previous hook you gave me, Admin notifier I have copied and update with an individual file then I have uploaded the current user (Owner) hook you provided here.

(i) For Admin Login 

(ii) For User (Owner Login) - the hook you provided here...

Please help...thanks 

 

On 11/10/2020 at 10:31 PM, brian! said:

<?php use WHMCS\Database\Capsule; function hook_client_login_notify($vars) { $user = $vars['user']; $userid = $user->id; send_login_notify($userid); } function send_login_notify($userid) { $ip = $_SERVER['REMOTE_ADDR'] ; $hostname = gethostbyaddr($ip); $userinfo = Capsule::table('tblusers')->select('first_name', 'last_name')->WHERE('id', $userid)->get(); //greet them foreach ($userinfo as $userrow) { $firstname = $userrow->first_name; $lastname = $userrow->last_name; } $command = "sendemail"; $values["customtype"] = "general"; $values["customsubject"] = "Account Login from $hostname"; $values["custommessage"] = "<p>Hello $firstname $lastname,<p>Your account was recently successfully accessed by a remote user. If this was not you, please do contact us immediately<p>IP Address: $ip<br/>Hostname: $hostname<br />"; $values["id"] = $userid; $results = localAPI($command, $values); } add_hook('UserLogin', 1, 'hook_client_login_notify');

 

Link to comment
Share on other sites

13 hours ago, twhiting9275 said:

To be fair, that is using 8.0, and I did add that sub to the second account (via invite) through the admin area. Maybe they changed that in 8.1? Maybe a client cannot add subaccount if it's already tied to another client? don't know. All I know is that it can (in 8.0) be done, and shows up in the admin area, in both clients

I think it's the language that you're using that's confusing me, e.g you said that you added a contact, but you meant that you invited a contact to become a user - which is slightly different.... and you're talking about v8, but still using phrases like subaccounts - which I now think of as only applicable to v7 and earlier.

I don't think the invite system has changed in 8.1 - we're just talking at crossed purposes. 🙂

4 hours ago, VirtualWorldGlobal said:

What to do in case they are not the owner but only users ? 

oh I so wished you hadn't updated to v8 - it was so easy to identify a client or subaccount logging pre-v8 and react accordingly... but the v8 clients/users system has been so badly developed, documented and implemented, it has more holes in it than Swiss cheese. 🧀

even if you ignore the GDPR issues (which is of great concern for those affected), there's a seeming disconnect between some of the tables - so changes to one, are not necessarily reflected in related fields in others - which long-term could become a nightmare... and i'm not sure that will be addressed in the later v8.1 betas.

let me have a ponder on this tomorrow.

Link to comment
Share on other sites

4 hours ago, VirtualWorldGlobal said:

What to do in case they are not the owner but only users ?

Right now, nothing can be done. As I mentioned a couple of posts back, the SendEmail API , which I originally wrapped this up in, for convenience, doesn't affect subaccounts, etc. So, there's nothing that can be done there

One of the reasons I dug deep (??) into this with 8 was to figure out how 8 affected users/clients/subaccounts , knowing I'd have to rewrite some pretty major stuff. Now that I have that figured out,  I expect I'll be adding some stuff to the paid module upgrade coming out q1-2 2021 (hopefully). I've been working rather intensely at getting that upgrade done, and something keeps throwing me off though. This is one of those things that I'll take a look at adding into that. Given how I wrote that code (so far), shouldn't be too hard 🙂

Link to comment
Share on other sites

14 minutes ago, brian! said:

still using phrases like subaccounts

subaccounts, users, clients.... Yeah, the terminology used here is rather bad, and confusing.

But hey, at least they got to the point where I can use one email address, multiple times, right!!!!!! That was a rather frustrating point back in the day, from what I recall..

Looking at how these are handled across tables, you're not wrong. It does seem to be the usual jumbled mess 😉 . I haven't bothered with GDPR, because that doesn't affect me (yet), but I can imagine it would be ugly

Link to comment
Share on other sites

On 04/12/2020 at 16:37, twhiting9275 said:

Right now, nothing can be done. As I mentioned a couple of posts back, the SendEmail API , which I originally wrapped this up in, for convenience, doesn't affect subaccounts, etc. So, there's nothing that can be done there

just so we're singing from the same hymn sheet here - in v7 (probably v6 but can't say i've checked), subaccounts *can* be detected on login and so therefore you can tell their client that a subaccount of theirs has logged in using SendEmail.

if you read the documentation for the relevant API (granted it's now been removed from the docs site), it isn't mentioned or even implied - so if purely relying on the docs as a resource, you might think it's impossible... it's not. 🙂

with regards to nothing can be done - it depends what you want to do @VirtualWorldGlobal ?

  • admins logging in should be unaffected by v8 changes as there are no relevant changes to the AdminLogin API AFAIK - so that admin hook should continue to work fine.

even Tom's latest version of the script wouldn't work for all owners - it assumes the user logging in is only owner of one client... and that might not necessarily be the case.

i'm convinced the docs are wrong (and god knows what's missing from them that might be useful) - values that should work, return nothing... and a working script on v8 fails on v8.1b1 and I can see no reason why.... the whole situation is a mess.

Link to comment
Share on other sites

21 hours ago, brian! said:

i'm convinced the docs are wrong (and god knows what's missing from them that might be useful) - values that should work, return nothing... and a working script on v8 fails on v8.1b1 and I can see no reason why.... the whole situation is a mess.

If @brian! says so then it's a difficult time ahead...I am already worried 😷

Link to comment
Share on other sites

On 12/6/2020 at 12:01 PM, brian! said:

Tom's latest version of the script wouldn't work for all owners

Precisely, which is why I deliberately checked to see if they were an account owner, and if not, bailed.

That said, I did a bit of work here, and once again (haha) reworked this a bit, so that it will kind of do what you want.

This will notify the client of a subaccount logging in, if the following conditions are met

A: The subaccount doesn't 'own' it's own account (who knows which account you're logging in for, right??)
B: The subaccount doesn't have multiple subs (ie: isn't assigned to more than one client)
 

I've tested this 5 ways from Sunday, and I believe this will work. I wasn't able to find any issues with it anyways. if you do, LMK and I'll do what I can to get it worked through.

As usual, if an admin session is detected, the hook will bail (as it should).

There are two separate emails that should be sent out now. One to the client, if they are logging in directly. One to the client if one of their subaccounts logs in

Still nothing to directly notify subaccounts, but at least clients get notified when subaccounts login
 

 

<?php

/*
Client area login notifications for WHMCS (works with versions 6-8)
Created by whmcsguru
Contributions by brian!
*/

use WHMCS\Database\Capsule;
$myver = get_whmcs_version();
$isadmin = $_SESSION['adminid'];
if (!empty($isadmin))
{
	//go no farther, get out of here.. No login notifications necessary
	return;

}

function hook_client_login_notify($vars)
{
	$mailsent=FALSE;
	
	global $myver;
	$myver = get_whmcs_version();
	if ($myver < 8)
	{
		$userid = $vars['userid'];
		send_login_notify($userid);
	}
	if ($myver >= 8)
	{
		$user = $vars['user'];
		$userid = $user->id;
		//a dirty hack to try to work around a couple of things, maybe

		$acctowner = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->where('owner', '=', 1)
		->count();

		$numrows = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->count();
		
		//we own our account. We must always notify us directly
				if ($acctowner > 0)
				{					
					send_login_notify($userid);
					return;
				}
		
		//we don't own our account, so, notify the owner, if we only exist once.
		if ($numrows < 2)
		{
			foreach (Capsule::table('tblusers_clients')->WHERE('auth_user_id', '=', $userid)->get() as $userstuff){
				$userid = $userstuff->auth_user_id;
				$clientid = $userstuff->client_id;
				$owner = $owner;
				if ($acctowner < 1)
				{
					send_login_notify($clientid, $userid);
					return;
				}

			}
		}

		return;
	}



}


function send_login_notify($myclient, $theuserid="")
{
	
	$ip = $_SERVER['REMOTE_ADDR'] ;
	$hostname = gethostbyaddr($ip);
	$clientinfo = Capsule::table('tblusers')->select('first_name', 'last_name')->WHERE('id', $myclient)->get();
	//greet them
	foreach ($clientinfo as $clrow)
	{
		$firstname = $clrow->first_name;
		$lastname = $clrow->last_name;
	}

	$command = "sendemail";
	$values["customtype"] = "general";
	if (empty($theuserid))
	{
		$values["customsubject"] = "Account Login from $hostname";
		$values["custommessage"] = "<p>Hello $firstname $lastname,<p>Your account was recently successfully accessed by a remote user. If this was not you, please do contact us immediately<p>IP Address: $ip<br/>Hostname: $hostname<br />";
	}

	elseif ($theuserid > 0)
	{
		$moreinfo = Capsule::table('tblusers')->select('first_name', 'last_name', 'email')->WHERE('id', $theuserid)->get();
		//greet them
		foreach ($moreinfo as $userrow)
		{
			$ufirst = $userrow->first_name;
			$ulast = $userrow->last_name;
			$uemail = $userrow->email;
		}

		$values["customsubject"] = "Subaccount Login from $hostname";
		$values["custommessage"] = "<p>Hello
		$firstname $lastname,<p>
		A subaccount of yours just logged in. Please see the details of the login below
		<p>
		Name: $ufirst $ulast
		Email: $uemail
		IP Address: $ip
		Hostname: $hostname<br />";
	}
	$values["id"] = $myclient;

	$results = localAPI($command, $values);
	
}
function get_whmcs_version()
{
	$theversion = Capsule::table('tblconfiguration')->where('setting', '=', 'Version')->value('value');
	$retver = substr($theversion, 0,1);

	return ($retver);

}
if ($myver < 8)
{
	add_hook('ClientLogin', 1, 'hook_client_login_notify');
}
if ($myver >= 8)

{
	add_hook('UserLogin', 1, 'hook_client_login_notify');
}

 

Link to comment
Share on other sites

7 hours ago, twhiting9275 said:

Precisely, which is why I deliberately checked to see if they were an account owner, and if not, bailed.

my point being that it would be inaccurate if a user was an owner of more than one account.

7 hours ago, twhiting9275 said:

I've tested this 5 ways from Sunday, and I believe this will work. I wasn't able to find any issues with it anyways. if you do, LMK and I'll do what I can to get it worked through.

i'm not a believer - i've tested this in v7.10 and v8.04 and I get absolutely nothing by email - it doesn't seem to work whether I login as a subaccount or owner... i'm definitely not logged in as an admin.

now from my point of view, I don't care about v7 as I solved the subaccounts issue a long while back, e.g I can get their inside leg measurement or whatever else is required upon login if I need to and inform the relevant client... so as far as i'm concerned, I am now only looking at this issue in v8 and beyond.

19 hours ago, VirtualWorldGlobal said:

if brian says so then it's a difficult time ahead...I am already worried 😷

you know, the relevant docs might well be correct... I think the problem is that the UserLogin hook point is literally triggered at login AND so *before* a user with multiple account relationships being asked to choose the client account to use... that's why the client variables I was testing were empty - the user hasn't chosen a client yet! 🙄

going forward, if a user logs in and only has a relationship with one client, then you easily identify that and inform the client that user x has logged in - and it shouldn't matter if x is an owner or just a user (subaccount in Tom's language).

the problem is if that user is associated with multiple clients - at the time of login, there's no way to know which client they are going to manage and so you can't know which client to inform.

one would hope that somewhere down the road, the SendEmail API will be given a "user" type and so can be used to inform the user rather than the client.... maybe that's going to be the case in v8.1, but I doubt the documentation will not be published until v8.1RC142 gets a release.

Link to comment
Share on other sites

9 hours ago, brian! said:

it would be inaccurate if a user was an owner of more than one account.

An email address won't be the 'owner' of more than one account, or rather it shouldn't be... I'm unaware of any circumstance that this would be possible? 

9 hours ago, brian! said:

i've tested this in v7.10 and v8.04 and I get absolutely nothing by email

Just checked again, to be absolutely, 100% sure , and mails fired off immediately, as long as I'm not running an admin session, hmmm. Nothing in your logs? 

logins.thumb.jpg.aa963c732008aeddec477abefd5288e3.jpg

Link to comment
Share on other sites

18 hours ago, twhiting9275 said:

An email address won't be the 'owner' of more than one account, or rather it shouldn't be... I'm unaware of any circumstance that this would be possible? 

substituting 'user' for 'email address' - why shouldn't it be?

if I login as a user and order new services, at checkout I will be asked if I want to use an existing account that i'm linked to, or to create a new account...

pzyrEGM.png

if you choose to create a new account, then a new account will be created with the current user assigned as the owner - so in the above example, the current user is the owner of two accounts, and a user of the other.

8ebGRsx.png

granted, I would assume that client/account emails still need to be unique, but they don't necessarily need to be the same as the owner, and certainly over time might not be... remember that in v8, clients don't login - only users do.

18 hours ago, twhiting9275 said:

Just checked again, to be absolutely, 100% sure , and mails fired off immediately, as long as I'm not running an admin session, hmmm. Nothing in your logs? 

i'm not disputing it isn't working for you, just that it didn't work for me yesterday.... tested again today and it's still not working in v7 - not logged in as admin, no other hooks in play..... it does now run in v8, so possibly hidden admin session I wasn't aware of there. 🙄

however, when logging in as the above user, your db queries will just return the first instance of the result, e.g this user is the owner of both White House accounts/clients, but it finds Donald Trump client first and so only emails them as the owner - even though at the time of logging in and this email being sent, I won't have made any choice about which user i'm going to manage.

Link to comment
Share on other sites

Hi @brian!  in that case the Specific User Specific Login hook would stop working ? I am seriously getting worried...

On 12/8/2020 at 5:22 PM, brian! said:

the problem is if that user is associated with multiple clients - at the time of login, there's no way to know which client they are going to manage and so you can't know which client to inform.

 

Link to comment
Share on other sites

23 hours ago, VirtualWorldGlobal said:

Hi @brian!  in that case the Specific User Specific Login hook would stop working ? I am seriously getting worried...

in v8, as soon as a user logs in successfully, the UserLogin hook point is triggered and this hook would kick into action.

  • if the user is only associated with one account (client), then there is (should be) a link in the database between user-> client ... at that point, the client can be informed that user X has logged in (it shouldn't matter whether the user is an owner or not,  but that ownership status can easily be determined and the email content changed if necessary based on it - Tom's hook already does it to a point.. though not the way I would do it.).
  • if the user is associated with multiple accounts (clients), then when this hook point is triggered, they won't have made a choice of which account to manage, and so you (or the hook) won't know which account (client) to inform.

potentially, I can see a couple of workarounds, but they would involve much more coding, more testing and i'd be reluctant to go down that path if Tom is going down it too.

I don't think this has changed much in v8.1, but I wouldn't really bother testing that thoroughly until we get the 8.1 docs.

for this issue, life was simpler in v7 and earlier when you would know exactly who was logging in and their relationship to a client (if they weren't one directly)..

Link to comment
Share on other sites

I improved it (hope so) not it uses a template email (useful if you want it multilanguage) and checks a client's custom field. So if the client down't want to receive this notification he can stop this.

<?php

/*
Client area login notifications for WHMCS (works with versions 6-8)
Created by whmcsguru
Contributions by brian!
*/

use WHMCS\Database\Capsule;
$myver = get_whmcs_version();
$isadmin = $_SESSION['adminid'];
if (!empty($isadmin))
{
	//go no farther, get out of here.. No login notifications necessary
	return;

}

function hook_client_login_notify($vars)
{
	$mailsent=FALSE;
	
	global $myver;
	$myver = get_whmcs_version();
	if ($myver < 8)
	{
		$userid = $vars['userid'];
		send_login_notify($userid);
	}
	if ($myver >= 8)
	{
		$user = $vars['user'];
		$userid = $user->id;
		//a dirty hack to try to work around a couple of things, maybe

		$acctowner = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->where('owner', '=', 1)
		->count();
		
		$client_id = Capsule::table('tblusers_clients')
		->where('auth_user_id', $userid)
		->value('client_id');

		$numrows = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->count();

		//controlla il customfield
		$cfid = Capsule::table('tblcustomfields')->where('fieldname', 'Notifica email login')->where('type', 'client')->where('fieldtype', 'tickbox')->value('id');

		//we own our account. We must always notify us directly
				if ($acctowner > 0)
				{	

					if( !Capsule::table('tblcustomfieldsvalues')->where('fieldid', $cfid)->where('relid', $client_id)->where('value', 'on')->exists() ) {
						send_login_notify($client_id);
						return;
					}
				}
		
		//we don't own our account, so, notify the owner, if we only exist once.
		if ($numrows < 2)
		{
			foreach (Capsule::table('tblusers_clients')->WHERE('auth_user_id', '=', $userid)->get() as $userstuff){
				$userid = $userstuff->auth_user_id;
				$clientid = $userstuff->client_id;
				$owner = $owner;
				if ($acctowner < 1)
				{
					if( !Capsule::table('tblcustomfieldsvalues')->where('fieldid', $cfid)->where('relid', $clientid)->where('value', 'on')->exists() ) {
						send_login_notify($clientid, $userid);
						return;
					}
				}

			}
		}

		return;
	}



}


function send_login_notify($myclient, $theuserid="")
{
	
	$ip = $_SERVER['REMOTE_ADDR'] ;
	$hostname = gethostbyaddr($ip);
	$clientinfo = Capsule::table('tblusers')->select('first_name', 'last_name')->WHERE('id', $myclient)->get();
	//greet them
	foreach ($clientinfo as $clrow)
	{
		$firstname = $clrow->first_name;
		$lastname = $clrow->last_name;
	}

	$command = "sendemail";
	
	$values["messagename"] = "Account login notification";
	
	if ($theuserid > 0) {
		$subaccount = true;
		$moreinfo = Capsule::table('tblusers')->select('first_name', 'last_name', 'email')->WHERE('id', $theuserid)->get();
		//greet them
		foreach ($moreinfo as $userrow)
		{
			$firstname = $userrow->first_name;
			$lastname = $userrow->last_name;
			$uemail = $userrow->email;
		}
	}
	
	$values['customvars'] = base64_encode(
		serialize(
			array(
				"login_email"=> $uemail,
				"ip"=> $ip,
				"hostname"=> $hostname,
				"subaccount"=> $subaccount,
				"logintime"=> date('d-m-Y H:i:s')
			)
		)
	);
	
/*	
	$values["customtype"] = "general";
	if (empty($theuserid))
	{
		$values["customsubject"] = "Account Login from $hostname";
		$values["custommessage"] = "<p>Hello $firstname $lastname,<p>Your account was recently successfully accessed by a remote user. If this was not you, please do contact us immediately<p>IP Address: $ip<br/>Hostname: $hostname<br />";
	}

	elseif ($theuserid > 0)
	{
		$moreinfo = Capsule::table('tblusers')->select('first_name', 'last_name', 'email')->WHERE('id', $theuserid)->get();
		//greet them
		foreach ($moreinfo as $userrow)
		{
			$ufirst = $userrow->first_name;
			$ulast = $userrow->last_name;
			$uemail = $userrow->email;
		}

		$values["customsubject"] = "Subaccount Login from $hostname";
		$values["custommessage"] = "<p>Hello
		$firstname $lastname,<p>
		A subaccount of yours just logged in. Please see the details of the login below
		<p>
		Name: $ufirst $ulast
		Email: $uemail
		IP Address: $ip
		Hostname: $hostname<br />";
	}
*/

	$values["id"] = $myclient;

	$results = localAPI($command, $values);
	
}
function get_whmcs_version()
{
	$theversion = Capsule::table('tblconfiguration')->where('setting', '=', 'Version')->value('value');
	$retver = substr($theversion, 0,1);

	return ($retver);

}
if ($myver < 8)
{
	add_hook('ClientLogin', 1, 'hook_client_login_notify');
}
if ($myver >= 8)

{
	add_hook('UserLogin', 1, 'hook_client_login_notify');
}

 

Link to comment
Share on other sites

  • 3 weeks later...
On 3/31/2020 at 5:35 PM, brian! said:

if you're using any recent version of WHMCS, just remove the references to $adminuser...


$command = "sendemail";
$values["customtype"] = "general";
$values["customsubject"] = "Account Login from $hostname";
$values["custommessage"] = "<p>Hello $firstname $lastname,<p>Your account was recently successfully accessed by a remote user. If this was not you, please do contact us immediately<p>IP Address: $ip<br/>Hostname: $hostname<br />$signature";
$values["id"] = $userid;

... or ensure that the admin is authenticated to use SendEmail.

Hello @brian! in WHMCS V8.x.x  This hook is not working can you please look once. Also can we use different smtp in this hook to send alert email?

Link to comment
Share on other sites

2 hours ago, Hardik Joshi said:

Hello @brian! in WHMCS V8.x.x  This hook is not working can you please look once. Also can we use different smtp in this hook to send alert email?

This does indeed work in both 8.0 and 8.1 . Just updated (was waiting on theme devs to release an 8.1 theme)

If you're not seeing this working on 8.0 or 8.1, then something is up with your install, but the hook (as of my last update) works like a charm

The most common issue is going to be you being logged in to the admin area. You'll need to be logged out entirely, or use a different browser to test this.

Not sure on 7.0 yet, haven't been playing around in that beast for a bit. Will do some digging on that this afternoon, as Brian did mention it seems to not.

 

login-notify.jpg

Edited by twhiting9275
Link to comment
Share on other sites

18 minutes ago, wtricks said:

You can check my version, it works on 8.1, using email template and custom field to make it better

Please create your own thread for your modifications, rather than diluting this one. As it is, yours is not documented, and will end up causing confusion, because of this

I realize that you think you're trying to improve this, but this isn't helping at all. As posted, your modification does not work, while the hook I created can indeed simply be cut and pasted into a file and works as posted on 8.0 and 8.1.

Edited by twhiting9275
Link to comment
Share on other sites

<?php

/*
Client area login notifications for WHMCS (works with versions 6-8)
Created by whmcsguru
Contributions by brian!
*/

use WHMCS\Database\Capsule;
$myver = get_whmcs_version();
$isadmin = $_SESSION['adminid'];

$admnotify = FALSE;
//change this to true you want to send notifications when admin logged in..
//NOT advisable. this will let your clients know when you're logging into their account

if (!empty($isadmin))
{
	if (!$admnotify)
	{
		return;
	}
}
function hook_client_login_notify($vars)
{
	$mailsent=FALSE;


	global $myver;
	$myver = get_whmcs_version();
	if ($myver < 8)
	{
		$userid = $vars['userid'];

		send_login_notify($userid);
		return;
	}
	if ($myver >= 8)
	{
		$user = $vars['user'];
		$userid = $user->id;
		//a dirty hack to try to work around a couple of things, maybe

		$acctowner = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->where('owner', '=', 1)
		->count();

		$numrows = Capsule::table('tblusers_clients')
		->where('auth_user_id', '=', $userid)
		->count();

		//we own our account. We must always notify us directly
		if ($acctowner > 0)
		{
			send_login_notify($userid);
			return;
		}

		//we don't own our account, so, notify the owner, if we only exist once.
		if ($numrows < 2)
		{
			foreach (Capsule::table('tblusers_clients')->WHERE('auth_user_id', '=', $userid)->get() as $userstuff){
				$userid = $userstuff->auth_user_id;
				$clientid = $userstuff->client_id;
				$owner = $owner;
				if ($acctowner < 1)
				{
					send_login_notify($clientid, $userid);
					return;
				}

			}
		}

		return;
	}



}


function send_login_notify($myclient, $theuserid="")
{
	global $myver;

	$ip = $_SERVER['REMOTE_ADDR'] ;
	$hostname = gethostbyaddr($ip);

	if ($myver < 8)
	{

		$clientinfo = Capsule::table('tblclients')->select('firstname', 'lastname')->WHERE('id', $myclient)->get();
		foreach ($clientinfo as $clrow)
		{
			$firstname = $clrow->firstname;
			$lastname = $clrow->lastname;
		}
	}
	if ($myver >= 8)
	{

		$clientinfo = Capsule::table('tblusers')->select('first_name', 'last_name')->WHERE('id', $myclient)->get();
		foreach ($clientinfo as $clrow)
		{
			$firstname = $clrow->first_name;
			$lastname = $clrow->last_name;
		}
	}


	$command = "sendemail";
	$values["customtype"] = "general";
	if (empty($theuserid))
	{
		$values["customsubject"] = "Account Login from $hostname";
		$values["custommessage"] = "<p>Hello $firstname $lastname,<p>Your account was recently successfully accessed by a remote user. If this was not you, please do contact us immediately<p>IP Address: $ip<br/>Hostname: $hostname<br />";
	}

	elseif ($theuserid > 0)
	{
		$moreinfo = Capsule::table('tblusers')->select('first_name', 'last_name', 'email')->WHERE('id', $theuserid)->get();
		//greet them
		foreach ($moreinfo as $userrow)
		{
			$ufirst = $userrow->first_name;
			$ulast = $userrow->last_name;
			$uemail = $userrow->email;
		}

		$values["customsubject"] = "Subaccount Login from $hostname";
		$values["custommessage"] = "<p>Hello
		$firstname $lastname,<p>
		A subaccount of yours just logged in. Please see the details of the login below
		<p>
		Name: $ufirst $ulast
		Email: $uemail
		IP Address: $ip
		Hostname: $hostname<br />";
	}
	$values["id"] = $myclient;

	$results = localAPI($command, $values);
	
}
if ($myver < 8)
{
	add_hook('ClientLogin', 1, 'hook_client_login_notify');
}
if ($myver >= 8)

{
	add_hook('UserLogin', 1, 'hook_client_login_notify');
}

function get_whmcs_version()
{
        $theversion = Capsule::table('tblconfiguration')->where('setting', '=', 'Version')->value('value');
        $retver = substr($theversion, 0,1);

        return ($retver);

}

Updated version!
1 - there was an issue with 7.x installs pulling the greeting name (thusly causing the notification to bail) . I had the wrong table / values used in the last update. This version corrects that, and I've tested on 7.x all the way up to 8.1.  All good
2 - I added an admnotify bool . This is a quick way to test that this is working, or to send notifications if you're logged in as an admin user (really not recommended, as it'll let users know when you're logging into their account, and give them your ip address).

As far as templating and the like:
The reason I chose not to do this (could have , years ago) was to reduce the confusion and possible areas of issues. This way, all you have to do is drop the code into a file and you're done.

Edited by twhiting9275
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated