Jump to content

Login to WhmCs with phone number instead of Email


Nasouh

Recommended Posts

Sure, I have pasted below...

 

--------------------------------------------------

<?php
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER

use WHMCS\Database\Capsule;

add_hook('ClientLoginShare', 1, function ($vars) {

    // Define username and password. Username is whatever the user enters in the 'email address' field.
    $username = $vars['username'];
    $password = $vars['password'];
    
    // Let's see if the user is logging in using an email address. If not, let's see if we can find the user's phone number in the database and allow them to login this way.
    if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
        $users = Capsule::table('tblclients')
            ->select('email')
            ->where('postcode', $username)
            ->get();

        // If there's multiple users with the same phone number, allow _none_ of them to login by using their phone numbers. 
        // They will only be able to login using email address in that case
        if (sizeof($users) > 1) {
            return false;
        }

        // Set the user's email address
        foreach($users as $user){
            $email = $user->email;
        }

        // Documentation: https://developers.whmcs.com/api-reference/validatelogin/
        $command = 'ValidateLogin';
        $postData = array(
            'email' => $email,
            'password2' => $password,
        );
        
        // Check if login is valid - if it is, log them in using email address
        $isValid = localAPI($command, $postData);
        if($isValid['result'] == "true") {
            return array(
                'email' => $email,
            );
        }
    }
});


add_hook('ClientAreaFooterOutput', 1, function($vars) {
    // Change login input field to allow any text
    $changeLoginInput = '<script>$( document ).ready(function() {
        $("#inputEmail").prop({type:"text"});
    });</script>';
    return $changeLoginInput;
});

--------------------------------------------------

Link to comment
Share on other sites

FWIW - it's not working for me either... telephone or postcode (adjusted hook accordingly)... tried same password with all 3, only works with email.

and it's probably worth adding @VirtualWorldGlobal that the hook assumes the person logging in is a client and not a sub-account - it would fail if a sub-account tried to login as it's not checking the relevant database table.

Link to comment
Share on other sites

Uh, something has definately changed. With v7.10, I can't get it to work either. If I log the output of $isValid (checking if the login is actually valid), it says this:

Array ( [result] => success [userid] => 330 [passwordhash] => xxxxxxxxxxxxxxxxxxxxxx [twoFactorEnabled] => )

When I tested on v8, $isValid['result'] was true, but here it's only seen as 'success'.

Try with this:

<?php
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER

use WHMCS\Database\Capsule;
use App;

add_hook('ClientLoginShare', 1, function ($vars) {

    // Define username and password. Username is whatever the user enters in the 'email address' field.
    $username = $vars['username'];
    $password = $vars['password'];

    // Let's see if the user is logging in using an email address. If not, let's see if we can find the user's phone number in the database and allow them to login this way.
    if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
        $users = Capsule::table('tblclients')
            ->select('email')
            ->where('postcode', $username)
            ->get();
		
        // If there's multiple users with the same phone number, allow _none_ of them to login by using their phone numbers. 
        // They will only be able to login using email address in that case
        if (sizeof($users) > 1) {
            return false;
        }

        // Set the user's email address
        foreach ($users as $user) {
            $email = $user->email;
        }

        // Documentation: https://developers.whmcs.com/api-reference/validatelogin/
        $command = 'ValidateLogin';
        $postData = array(
            'email' => $email,
            'password2' => $password,
        );

        // Check if login is valid - if it is, log them in using email address
        $isValid = localAPI($command, $postData);
        if ($isValid['result'] == "success") {
            return array(
                'email' => $email,
            );
        }
    }
});


add_hook('ClientAreaFooterOutput', 1, function ($vars) {
    // Change login input field to allow any text


    $changeLoginInput = '<script>$( document ).ready(function() {
        $("#inputEmail").prop({type:"text"});
    });</script>';
    return $changeLoginInput;
});

 

Link to comment
Share on other sites

36 minutes ago, DennisHermannsen said:

It might be worth mentioning that I've only tested on V8 beta - maybe something was changed between v7 and V8.

i'm testing on v7.10 - with virtual mentioning contacts, it never occurred to me to test on v8 (as contacts/sub-accounts are no more)...

36 minutes ago, DennisHermannsen said:

I'll test when I get home.

if it helps, if I change...

if($isValid['result'] == "true") {

to...

if($isValid['result'] == "success") {

then it works fine - I can adjust the hook and login using phone, postcode or whatever other field...

it's worth adding that it fails to work if I try to login as a sub-account (after changing the capsule query to check tblcontacts).

Edited by brian!
Link to comment
Share on other sites

Oh. I think the hook point is broken in v8.
No matter if the login is successful or not, it always outputs this:

Array ( [result] => error [message] => Email or Password Invalid )

Even if I don't want to log the user in by returning the email-address, it still logs the user in 😅 It seems like the ValidateLogin API actually will login the user. That doesn't seem to be documented anywhere.

Edited by DennisHermannsen
Link to comment
Share on other sites

4 minutes ago, DennisHermannsen said:

@brian! could you test the updated hook?

works fine for me on 7.10 - can login (as a client) using a postcode/telephone without issue.

9 minutes ago, VirtualWorldGlobal said:

I just checked I am using V7.9.1

it's working for me on both v7.9.1 and v7.8.3 too with no changes. thanks.png

Link to comment
Share on other sites

10 minutes ago, brian! said:

i'm not sure that's the reason - it's enabled in the above three devs and it's not causing an issue with the hook.

Yes that is not the reason. I deactivated Sign-In Integrations and tried to login and I was able to, so I thought that it might be the reason.

But when I tried to login using a SUB Contact I am still not able to login...

 

 

Link to comment
Share on other sites

1 hour ago, brian! said:

works fine for me on 7.10 - can login (as a client) using a postcode/telephone without issue.

Okay a small misunderstanding - As a client I am able to login, It's fine!

How to resolve this ? Unable to login as a Sub Contact, yes that is the issue I faced @brian! 

For me it's required if the sub contacts can login, You know why :)

Thanks 

Edited by VirtualWorldGlobal
Link to comment
Share on other sites

In theory, this should have worked:

<?php
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER
// THIS IS BAD PRACTICE - MULTIPLE USERS CAN HAVE THE SAME PHONE NUMBER

use WHMCS\Database\Capsule;
use App;

add_hook('ClientLoginShare', 1, function ($vars) {

    // Define username and password. Username is whatever the user enters in the 'email address' field.
    $username = $vars['username'];
    $password = $vars['password'];

    // Let's see if the user is logging in using an email address. If not, let's see if we can find the user's phone number in the database and allow them to login this way.
    if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
        $users = Capsule::table('tblclients')
            ->select('email')
            ->where('postcode', $username)
            ->get();

        // If there's multiple users with the same phone number, allow _none_ of them to login by using their phone numbers. 
        // They will only be able to login using email address in that case
        if (sizeof($users) > 1) {
            return false;
        } elseif (sizeof($users) < 1){
			$users = Capsule::table('tblcontacts')
            ->select('email')
            ->where('postcode', $username)
            ->get();
			if(sizeof($users) > 1) {
				return false;
			}
		}

        // Set the user's email address
        foreach ($users as $user) {
            $email = $user->email;
        }

        // Documentation: https://developers.whmcs.com/api-reference/validatelogin/
        $command = 'ValidateLogin';
        $postData = array(
            'email' => $email,
            'password2' => $password,
        );

        // Check if login is valid - if it is, log them in using email address
        $isValid = localAPI($command, $postData);

        if ($isValid['result'] == "success") {
            return array(
                'email' => $email,
            );
        }
    }
});


add_hook('ClientAreaFooterOutput', 1, function ($vars) {
    // Change login input field to allow any text


    $changeLoginInput = '<script>$( document ).ready(function() {
        $("#inputEmail").prop({type:"text"});
    });</script>';
    return $changeLoginInput;
});

Only problem is that it doesn't seem to work for contacts. You can't return the email-address of a contact... well, you can - it just won't log you in.
Maybe @brian! can see if I did anything wrong - although I did try without doing anything but return the email of a contact and it wouldn't log me in. As soon as I changed it to a client, it worked just fine.

Or perhaps @WHMCS John could confirm if that's expected behavior?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated