Th0m4s Posted June 2, 2020 Share Posted June 2, 2020 Hello, I'm creating my first hook for WHMCS and I really need your help. The goal of this hook is to be able to restrict access to support department to customers with at least one active service. In WHMCS admin I checked "Only allow registered clients to open tickets in this department". In my hook I already secured three points : in https://example.com/whmcs/submitticket.php ==> The support department is hidden if customer has not domain or product active. in https://example.com/whmcs/submitticket.php?step=2&deptid=2 (where 2 is my department ID) ==> customer is redirected to submitticket.php if no domain or product active if customer click on another department, the dropdown "Select Department" is "disabled" and the private department is not displayed. BUT : if the customer has a bit of knowledge in dev, he could easylie inspect the code and change department id in the dropdown. It can also send a POST request to https://example.com/whmcs/submitticket.php?step=3 I tried to secure the third step but without success. I use the "ClientAreaPageSubmitTicket" but when I try to do a "die();" every page (submitticket.php / submitticket.php?step=2&deptid=2) return a blank page but submitticket.php?step=3 is redirecting to clientarea.php. So, the "die()" in my hook is not applied to this page. Do you know a way to perform action in my hook in this third step ? Thank you for your help. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.