Jump to content
Executable

How to validate user session on custom page ?

Recommended Posts

I would to know if it's possible to check user session into a custom page with php ? The custom page is situated on the same server and is in the whmcs folder. I need it to secure the page. Thank you for any reply

Share this post


Link to post
Share on other sites

Refer to Creating Pages. You don't need all the variables listed in the example but just the main class and...

$ca->requireLogin(); // Forces visitors to login

Or...

if ($ca->isLoggedIn())
{
    // You are logged
}
else
{
    // Not logged, exit
}

 

 

 

Share this post


Link to post
Share on other sites

Thank you for the answer. I found a workaround with the following code :

 

if(isset($_POST['email']) and isset($_POST['password'])){
    $conn = new mysqli("HOST", "USER", "PASS", "DATABASE");
    if($stmt = $conn->prepare("SELECT `id` FROM `tblclients` WHERE `email` = ? AND `password` = ?")) {
        $stmt->bind_param("ss", $_POST['email'], $_POST['password']); 
        $stmt->execute(); 
        $result = $stmt->get_result();
        while($row = $result->fetch_assoc()) {
            $id_user = $row['id'];
        }
        $stmt->close();
    }
    $conn->close();
}


if(isset($id_user) and !empty($id_user)){
    //LOGGED IN
}else{
    //WRONG CREDENTIALS
}

 

Share this post


Link to post
Share on other sites

Why are you doing it that way on a custom page?  You should have access to capsule and other WHMCS items if you do the page as described on their creating custom pages page. 

Share this post


Link to post
Share on other sites

Thanks for the answer, I managed to use it. I would like to know what does the line 

$ca->initPage();

And my final page looks like :

 

use WHMCS\ClientArea;
use WHMCS\Database\Capsule;
require 'init.php';
$ca = new ClientArea();
//$ca->initPage(); // What does this line do ?

if(isset($_POST['email']) and isset($_POST['password']) and $ca->isLoggedIn()){
    $conn = new mysqli("HOST", "USER", "PASSWORD", "DATABASE");
    if($stmt = $conn->prepare("SELECT `id` FROM `tblclients` WHERE `email` = ? AND `password` = ?")) {
        $stmt->bind_param("ss", $_POST['email'], $_POST['password']); 
        $stmt->execute(); 
        $result = $stmt->get_result();
        while($row = $result->fetch_assoc()) {
            $id_user = $row['id'];
        }
        $stmt->close();
    }
    $conn->close();
}else{
    header("Location: ../../../index.php");
}
if(isset($id_user) and !empty($id_user) and isset($_POST['service_id']) and $ca->isLoggedIn()){
	//Logged in
}else{
	//Not logged
}

 

Share this post


Link to post
Share on other sites

It runs any autoloaders, sets other items, gives access to WHMCS objects for example, and sets up smarty at least a quick guess from the name of the function. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated