Redirect non-logged in users to custom login page

[samuelyip74]

Hi,

I created a custom login page and added a hook to redirect non-logged in user to the custom login page.

Here the hook:

<?php
use WHMCS\View\Menu\Item as MenuItem;

add_hook('ClientAreaPage', 1, function($vars) {
    // Perform hook code here...
    $client = Menu::context('client');

       if (is_null($client)) {
            header("Location: https://www.mysite.com/clientarea/login.html");
       }

});

I tested and is working fine.

How can I exclude certain templatefile from redirecting to the custom login page? I need to exclude logout.php, pwreset.php from redirecting to the custom login page.

It seem the hook I created forces all non-logged in user that touch the clientareapage to redirect to the custom login page, including logout.php, pwreset.php etc.

Any advise?

[brian!]

On 31/12/2018 at 14:09, samuelyip74 said:

Any advise?

the hook you want already existed. 🙂

[samuelyip74]

On 1/2/2019 at 8:11 PM, brian! said:

the hook you want already existed. 🙂

Thanks

[javacodemonkey]

After making the update to WHMCS 8.04, I found that this hook causes excessive redirects and must be disabled.  Is there a modification that needs to be made to it for it to function properly?

Here is the code specified in the aforementioned posts
 

if (!defined("WHMCS"))
   die("This file cannot be accessed directly");

function hook_ForceEveryoneToLogin($vars) {

   $clientID = intval($_SESSION['uid']);
   $adminID = intval($_SESSION['adminid']);

   if ($adminID===0){
       if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset", "register")) && $clientID===0){
           header("Location: login.php");
           exit;
       }
   }

}
add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin");

 

[brian!]

21 hours ago, javacodemonkey said:

After making the update to WHMCS 8.04, I found that this hook causes excessive redirects and must be disabled.  Is there a modification that needs to be made to it for it to function properly?

the issue is possibly caused by index.php being used far more than it was years ago and with index not being included in the whitelist of filenames - including it in the list could be a quick fix, but might then allow access to pages that you don't want non-clients to see.

ultimately, you might need to use a combination of filenames and template names to be more specific about what you want non-clients to be able to view.

[javacodemonkey]

@Brain!, You were right.  The inclusion of that filename allowed the page to stop redirecting but now it won't redirect to the login page.  It will go there naturally when selected, but not when the I select other pages (like store, announcements, etc.).  I'm a developer but these hooks confuse me beyond belief.

 

[steven99]

What about checking URL?  if $_SERVER['REQUEST_URI'] != '/login' then redirect to login.   if not register.php, redirect.  If not /password/reset, reset.  Etc, etc . 

[javacodemonkey]

I ended up doing something similar by checking the URL and sending to the login page with an if/else statement.  I'll share it here so that others may use it as needed.
 

<?php
if (!defined("WHMCS"))
   die("This file cannot be accessed directly");

function hook_ForceEveryoneToLogin($vars) {

   $clientID = intval($_SESSION['uid']);
   $adminID = intval($_SESSION['adminid']);
   
   // Create the link for the incoming URL.
    $link = "https";
    $link .= "://"; 
    $link .= $_SERVER['HTTP_HOST']; 
    $link .= $_SERVER['REQUEST_URI'];

   if ($adminID===0){
       if (!in_array($vars['filename'], array("index")) && $clientID===0){
            // Check if the link is accurate.
            if($link != "https://billing.dang-designs.com/index.php?rp=/login"){
                header("Location: login.php");
                exit;
            }
       }
       else if($clientID===0){
           // Check if the link is accurate.
           if($link != "https://billing.dang-designs.com/index.php?rp=/login"){
                header("Location: login.php");
                exit;
            }
       }
   }

}
add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin");

 

[JerettP]

Is there away to have this but allow the direct store links to work or at least the direct to product link to work? 

 

Path I am looking for - Order page on my site (not whmcs) / click purchase / direct product link to purchase / once complete then access to the client area

[Starfiniti]

I'm on 8.3.1 and none of this hooks works for me. I get an error to many redirects. Did anyone find a solution for new version?

 

 

[Saulo Magno]

On 12/4/2021 at 12:45 PM, Starfiniti said:

I'm on 8.3.1 and none of this hooks works for me. I get an error to many redirects. Did anyone find a solution for new version?

 

 

Same problem here... Is there a fresh code to use for it? Many thanks in advance...

[brianoz]

18 hours ago, Saulo Magno said:

Same problem here... Is there a fresh code to use for it? Many thanks in advance...

There are a bunch of possible reasons; first thing I'd check is whether the login page URL has changed, or whether the hook has changed.
 

[Saulo Magno]

I try to reply many times and have 403 error here..

is about "How to restrict ALL pages to logged in users only" and no one code works. When works, a redirection error happens