Jump to content

Changes in SESSION data for logged in users?


Recommended Posts

I was wondering if there has been a change in the way SESSION data is recorded for WHMCS users. I know that we now have "clients" vs "users" and I wanted to make sure my application supports both instances. I am trying to pull in the latest menu items for guest vs logged-in users (client or not). Before, it was as simple as passing the UID into the SESSION data, but now that's not working.

Is there a different way to do this in WHMCS 8?

Link to comment
Share on other sites

There's currently no way to tell users from clients. I brought this to WHMCS' attention, and while they could see that it would be great to be able to see if you're dealing with a user or client, it didn't sound like it was something they planned to add in. I was just told to create a feature request.

... and we all know what happens to feature requests.

 

I did manage to find my own way to detect if a visitor was a user or client - but it's not very pretty, and I'm not sure it will work 100% as I want it to.

$userid = $_SESSION['uid'];
$userInfo = json_decode($_SESSION['login_auth_tk']);

// Check if logged in user is it's own client
if($userid != $userInfo->id){
	$user = true;
}

We're basically checking if the ID in login_auth_tk is equal to the uid. If it is, it's a client - if not, it's a user.

Link to comment
Share on other sites

Hi Dennis,

I actually ended up trying something similar initially, but it didn't work all of the time. Mostly, when logging out. If I unset the uid and login_auth_tk session variables, it didn't actually work the way I wanted to. In my case, I was trying to read the current menu items available to a logged in or guest user.

Instead, I simply leveraged the "Login As Client" and logout options. My workaround is not pretty either, but it was a more consistent check of a logged in user vs guest.

Ah and yes, if it ends up in "please put in a feature request" territory, it'll never see the light of day.

Edited by SwiftModders LLC
Link to comment
Share on other sites

17 hours ago, DennisHermannsen said:

There's currently no way to tell users from clients. I brought this to WHMCS' attention, and while they could see that it would be great to be able to see if you're dealing with a user or client, it didn't sound like it was something they planned to add in. I was just told to create a feature request.

how frustrating to hear that. 😱

I can see that UserLogin hook uses \User\User, but that's not much help until WHMCS publish the v8 class docs.

Link to comment
Share on other sites

3 hours ago, DennisHermannsen said:

v8 basically broke the two modules that I was working on 😅

if the tech docs get updated/published when RC2 is released, and there's a decent gap before it goes GA then that won't be too bad.... if it goes GA without any published tech docs, then that's another unnecessary disaster of a beta release.

I know it's broken a couple of things i've written too...

Link to comment
Share on other sites

  • WHMCS Support Manager

Hi all,

Thanks for providing this valuable feedback. Assessing the actively authenticated person/client has never been canonized before, requiring customizations to rely on often non-public data of the session (as demonstrated in this thread). With 8.0, that will change.

Based on this feedback, in v8.0-RC2 we will be making available a public-friendly method to facilitate this in an officially documented manner.

A class will be documented shortly after the RC2 release to provide information on the class, and we'll also look into creating some further documentation to provide commentary and usage examples.

 

Thank you for raising this point, please do keep testing v8.0, and sharing your feedback with us here.

Link to comment
Share on other sites

  • WHMCS Staff
On 9/5/2020 at 9:31 AM, DennisHermannsen said:

Hi, @WHMCS John,

I see that RC2 has been released, but I'm having trouble finding the documentation for the User class. Is this still awaiting publication?

Hey Dennis!

 

I can confirm that this documentation is due to be available shortly and has been written. Our Documentation has to go through a few stages before it reaches the public domain, but it’s on its way!

Link to comment
Share on other sites

  • 2 weeks later...
  • WHMCS Staff
1 hour ago, DennisHermannsen said:

Nice!

https://classdocs.whmcs.com/8.0/WHMCS/User/User.html

It seems like we should use isOwner() to check if it's a user or a client.

Hey!

isOwner will return true if this user is the owner of the client account. 
 

You should use user() to verify a user is logged in, such as:

if (CurrentUser::user()) {
    // I am logged in
}

See: https://classdocs.whmcs.com/8.0/WHMCS/Authentication/CurrentUser.html

Link to comment
Share on other sites

  • WHMCS Staff
On 9/19/2020 at 9:56 AM, DennisHermannsen said:

@WHMCS Peter that just seem to show if anyone is logged in. In my case, I need a way to differentiate users and clients 🙂
How would that be done best?

So “Clients” are not “Login-able” entities anymore. Only users have a password for example. 
 

What I think you are looking to do is identify the owner, over other authorised parties. Would that be right?

If so, you may wish to use CurrentUser::user() to grab the user, and then check the owner like so:

<?php

use WHMCS\Authentication\CurrentUser;

$user = CurrentUser::user();

if ($user && $user->isOwner(CurrentUser::client()) {
    // logged in as the “owner” of this client account.
}

 

Edited by WHMCS Peter
Remove unnecessary use statement.
Link to comment
Share on other sites

Thanks for that, @WHMCS Peter - it almost works perfectly.

I've found one issue, though.

use WHMCS\Authentication\CurrentUser; use WHMCS\User\Relations\UserClient; 

add_hook('ClientAreaSecondaryNavbar', 1, function (MenuItem $primaryNavbar) {
	
	$user = CurrentUser::user();
	if ($user && $user->isOwner(CurrentUser::client())) {
		//do stuff
	}
});

I've created a hook for my module. This module adds a link to the secondary navbar.
If you log in as a user and have access to multiple accounts, the following error will be thrown right after you log in:

TypeError: Argument 1 passed to WHMCS\User\User::isOwner() must be an instance of WHMCS\User\Client, null given, called in /home/user/dev.example.com/client/modules/addons/gdpr/hooks.php on line 12 and defined in /home/user/dev.example.com/client/vendor/whmcs/whmcs-foundation/lib/User/User.php:0

Any idea what that could be caused by?

Link to comment
Share on other sites

  • WHMCS Staff

Hi @DennisHermannsen,

This did not work because CurrentUser::client() returned null. This means that no Client was currently logged into by the user.

You should ensure that a Client exists first. Give this a try:

use WHMCS\Authentication\CurrentUser;

add_hook('ClientAreaSecondaryNavbar', 1, function (MenuItem $primaryNavbar) {
    $user = CurrentUser::user();
    $client = CurrentUser::client();

    if ($user && $client && $user->isOwner($client)) {
        // User is logged in, and a Client is present. Run your code.
    }
});

I've added && $client to the conditional. Meaning that if either a User or Client is not present, the code will not run and the isOwner call will not be reached.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated