Hook to block subdomains from being used as existing domains

[WHMCS Josh]

When it comes time to order a hosting plan, sometimes you don't want your users to be able to enter in a subdomain when using an existing domain for their order.

In this post I am going to walk you through a basic hook that prevents entering a subdomain by using some client-side JavaScript.

Our first order of business will be to check out the WHMCS hooks index to see if there is a hook point that will fit our needs: https://developers.whmcs.com/hooks/hook-index/

It turns out, the ClientAreaFooterOutput hook will do nicely: https://developers.whmcs.com/hooks-reference/output/#clientareafooteroutput

The reason for this is because that hook point will allow you to inject HTML code, which also can contain JavaScript, into the client-side template so you can make the magic happen.

Before getting into more detail, let's go ahead and dive right into the code. You can also download it from this link block_subdomains.txt (then rename the extension to .php). Here is the entire snippet:

<?php
add_hook('ClientAreaFooterOutput', 1, function($vars) {
    $jqueryCode = '<script>
    $("#owndomainsld").on("keyup", function(e) {
        var str = $("#owndomainsld").val();
        if ( str.indexOf(".") != -1 ) {
            $("#owndomainsld").val("");
            alert("Subdomains are not allowed!");
        }
    });
    </script>';
    if (strpos($_SERVER['REQUEST_URI'], 'cart.php') !== false ) {
        return $jqueryCode;
    }
});

The first thing to notice is the add_hook function is being called with the ClientAreaFooterOutput hook point as the first argument and an anonymous function as the second argument. The anonymous function also has a $vars variable being passed into it. For this example the $vars variable is not actually being used in the body of the function, but it does contain some useful parameters should you need to access them. Those parameters can be found in the documentation for the hook point linked above.

The next thing to notice is the $jqueryCode variable. which is actually a PHP string that contains the JavaScript code we will be injecting into our client-side page. Since WHMCS uses the jQuery JavaScript library and loads it on the page, we can use it in our code.

First, we need to bind an event listener to the keyup event on the domain text box and provide it a callback function to execute when that event occurs. This can be easily done by targeting the element's HTML ID attribute. That is what is happening here:

$("#owndomainsld").on("keyup", function(e) {...

After that, the value of the domain text field is stored in a JavaScript variable called str. Since this code is inside our callback function, it will be executed every time the user presses a key on the keyboard and then releases it:

var str = $("#owndomainsld").val();

Once we have that text stored in our str variable, we need to check it for a dot or period '.' character to see if it is a subdomain.

This can be done with indexOf string function in JavaScript. If the text appears to be a subdomain, we'll go ahead and empty out the text field and then show an alert to the user to let them know that subdomains are not allowed:

if ( str.indexOf(".") != -1 ) {
    $("#owndomainsld").val("");
    alert("Subdomains are not allowed!");
}

Finally, the last part of the hook does a case-insensitive string search on the $_SERVER['REQUEST_URI'] (the URL of the page you're visiting), to check and see if a cart page is being rendered. If a cart page is detected, the JavaScript code is injected into that page so it can run.

if (strpos($_SERVER['REQUEST_URI'], 'cart.php') !== false ) {
    return $jqueryCode;
}

Putting it all together, we get the final results in WHMCS which look like the picture here:

I hope this post proved helpful and gives some insight on some of the ways that WHMCS can be extended to do many different things outside the box! 

At the time of writing this post, this hook was tested on the latest stable release of WHMCS 7.4.2 and should work with any that fall under Active Support as per the LTS schedule here: https://docs.whmcs.com/Long_Term_Support#WHMCS_Version_.26_LTS_Schedule

If you have any feedback, questions, or concerns that I did not cover in this post, please feel free to reach out!

[Remitur]

I didn't tried your script, but it seems to block also full legit third-level domains: i.e., .co.uk ...

I guess the only way to be sure if it's a sub-domain or if it's a legit third-level would be a whois query...

 

[WHMCS Josh]

Hello Remitur,

I can confirm that this hook does not block the use of TLDs such as .co.uk because the hook only affects the SLD field on the shopping cart.

The TLD field will remain unaffected and allow the user to proceed through the checkout process.

I have attached a couple screenshots to show how this looked on my test installation.