Jump to content

Hook to block subdomains from being used as existing domains

Recommended Posts

When it comes time to order a hosting plan, sometimes you don't want your users to be able to enter in a subdomain when using an existing domain for their order.

In this post I am going to walk you through a basic hook that prevents entering a subdomain by using some client-side JavaScript.

Our first order of business will be to check out the WHMCS hooks index to see if there is a hook point that will fit our needs: https://developers.whmcs.com/hooks/hook-index/

It turns out, the ClientAreaFooterOutput hook will do nicely: https://developers.whmcs.com/hooks-reference/output/#clientareafooteroutput

The reason for this is because that hook point will allow you to inject HTML code, which also can contain JavaScript, into the client-side template so you can make the magic happen.

Before getting into more detail, let's go ahead and dive right into the code. You can also download it from this link block_subdomains.txt (then rename the extension to .php). Here is the entire snippet:

add_hook('ClientAreaFooterOutput', 1, function($vars) {
    $jqueryCode = '<script>
    $("#owndomainsld").on("keyup", function(e) {
        var str = $("#owndomainsld").val();
        if ( str.indexOf(".") != -1 ) {
            alert("Subdomains are not allowed!");
    if (strpos($_SERVER['REQUEST_URI'], 'cart.php') !== false ) {
        return $jqueryCode;

The first thing to notice is the add_hook function is being called with the ClientAreaFooterOutput hook point as the first argument and an anonymous function as the second argument. The anonymous function also has a $vars variable being passed into it. For this example the $vars variable is not actually being used in the body of the function, but it does contain some useful parameters should you need to access them. Those parameters can be found in the documentation for the hook point linked above.

The next thing to notice is the $jqueryCode variable. which is actually a PHP string that contains the JavaScript code we will be injecting into our client-side page. Since WHMCS uses the jQuery JavaScript library and loads it on the page, we can use it in our code.

First, we need to bind an event listener to the keyup event on the domain text box and provide it a callback function to execute when that event occurs. This can be easily done by targeting the element's HTML ID attribute. That is what is happening here:

$("#owndomainsld").on("keyup", function(e) {...

After that, the value of the domain text field is stored in a JavaScript variable called str. Since this code is inside our callback function, it will be executed every time the user presses a key on the keyboard and then releases it:

var str = $("#owndomainsld").val();

Once we have that text stored in our str variable, we need to check it for a dot or period '.' character to see if it is a subdomain.

This can be done with indexOf string function in JavaScript. If the text appears to be a subdomain, we'll go ahead and empty out the text field and then show an alert to the user to let them know that subdomains are not allowed:

if ( str.indexOf(".") != -1 ) {
    alert("Subdomains are not allowed!");

Finally, the last part of the hook does a case-insensitive string search on the $_SERVER['REQUEST_URI'] (the URL of the page you're visiting), to check and see if a cart page is being rendered. If a cart page is detected, the JavaScript code is injected into that page so it can run.

if (strpos($_SERVER['REQUEST_URI'], 'cart.php') !== false ) {
    return $jqueryCode;

Putting it all together, we get the final results in WHMCS which look like the picture here:

subdomain not allowed.png

I hope this post proved helpful and gives some insight on some of the ways that WHMCS can be extended to do many different things outside the box! 

At the time of writing this post, this hook was tested on the latest stable release of WHMCS 7.4.2 and should work with any that fall under Active Support as per the LTS schedule here: https://docs.whmcs.com/Long_Term_Support#WHMCS_Version_.26_LTS_Schedule

If you have any feedback, questions, or concerns that I did not cover in this post, please feel free to reach out!

  • Party/Celebrate 1

Share this post

Link to post
Share on other sites

I didn't tried your script, but it seems to block also full legit third-level domains: i.e., .co.uk ...

I guess the only way to be sure if it's a sub-domain or if it's a legit third-level would be a whois query...


Share this post

Link to post
Share on other sites

Hello Remitur,

I can confirm that this hook does not block the use of TLDs such as .co.uk because the hook only affects the SLD field on the shopping cart.

The TLD field will remain unaffected and allow the user to proceed through the checkout process.

I have attached a couple screenshots to show how this looked on my test installation.

co uk domain test.png


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By ihostct
      I was under the impression that by NOT entering anything into the disallowed subdomain prefixes (under products setup / other) that this would automatically mean that the ability to order a product using a subdomain would be disabled... But this is not the case.  I do not want to allow anyone to order a product using a subdomain name, so what do I need to do to remove/disable this ability??
      Thank you in advance!
    • By wellconnit
      Hi All,
      Has anyone had any experience with a hook updating an invoice?
      I want to use InvoicePaidPreEmail to append a credit card fee to the invoice.
      I understand WHMCS is not willing to budge on per Gateway charges, but I can disclose to my customers that there is a credit card fee of x% and then send the right payment value to the bank, once it returns as approved I can then append it to the invoice and prior to the email being sent it will now include the charge on the invoice.
      Any help with this is appreciated.
    • By CrunchyToast
      Hey everyone,
      Working on a few different modules and had a couple questions. 
      Is there an action hook that allows you to run a cron job every time the WHMCS is called? For example, my WHMCS cron file runs every 5 minutes. Is there a hook or a way I could have a custom hook or script run every time the actual cron runs? All the hooks I see currently only run once a day. Is there a way to add another tab to the client detail page in the admin panel via hook or another method without having to customize the template? Thank you ahead of time.
    • By robetus
      I've created a provisioning module for v7.3.0 and I'm using the following to remove the Change Password button from the Module Command area in admin but it isn't working:
      add_hook('ClientAreaPrimarySidebar', 1, function(MenuItem $primarySidebar) {     if(null !== $primarySidebar->getChild('Service Details Actions'))     {             $primarySidebar->getChild('Service Details Actions')             ->removeChild('Change Password');     } }); Why isn't this working? It looks right to me.
    • By bagfuloz
      Hello everyone, Hope you guys doing good. 
      I came up with something new  or maybe old  .  I want to implement whmcs lang from English to Hindi. for my indian customers.  So i will convert each and every English Words to hindi words.  Already 50% done.  but please anyone tell me how to Add a extension ex- Hindi in header dropdown menu and target it to my Hindi lang File. 
      Check the screenshot for more info,
      So i have added a Hindi.php file in Lang directory but in dropdown its showing English 2 times.
      Sorry for my Bad English.  Here is all. 
      Bagful International

  • Recently Browsing   0 members

    No registered users viewing this page.


Important Information

By using this site, you agree to our Terms of Use & Guidelines