Jump to content
Sign in to follow this  

Changes to SESSION data for user authorization in WHMCS v8

Recommended Posts

Hello, community.

in whmcs v8 this logic for user / client authorization doesn't work

$ _SESSION ['uid'] = $ entry-> id;
$ _SESSION ['upw'] = \ WHMCS \ Authentication \ Client :: generateClientLoginHash ($ entry-> id, '', $ entry-> password, $ entry-> email);

and I check the SESSION array after login as owner from admin section and find new parameter "login_auth_tk", in older whmcs versions this parameter does not exist

[login_auth_tk] => {
"id": uid,
"email": user_email,
"password":?, (should be the database password (tblusers-> password) or something else?)
"userip": userip,
"timestamp": time (),
"hash": \ WHMCS \ Authentication \ Client :: generateClientLoginHash ($ entry-> id, '', $ entry-> password, $ entry-> email)

I was unable to authorize my clients after a successful reply from a social network.
Maybe someone knows what needs to be done, what to transfer / put into the session to authorize the user in the system and redirect the user to the clientarea page?

thanks for the help

Share this post

Link to post
Share on other sites

Hi there,

The best option depends upon exactly what you want to achieve:

If you need to check the logged in state, then these Methods are available: https://developers.whmcs.com/advanced/authentication/

If you have an app or service that needs to interact with WHMCS on behalf of your users, you should use OAuth: https://developers.whmcs.com/oauth/introduction/

Finally if you want a trusted application or third party to authenticate users into a WHMCS installation automatically, use Single Sign-On:  https://docs.whmcs.com/WHMCS_Single_Sign-On_Developer_Guide


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By error 404
      Domain Search is not working for some domain
      I am using WHMCS 8. When i am trying to search for .org domain it's showing unavailable. 
      i have tried to fix this. not working... 
      how can I resolve this issue? 
      here is a Screenshot of my problem.....

    • By ashkan.khalili
      hello everyone ... 
      Today i have just update WHMCS to 8.3.1 and after update, when i try to login to admin or even as a client, on clientarea.php shows an error like this : 
      Whoops\Exception\ErrorException: Module 'apcu' already loaded in Unknown:0 Stack trace: #0 /home/..../public_html/hub/vendor/whmcs/whmcs-foundation/lib/Utility/Error/Run.php(0): WHMCS\Utility\Error\Run->handleError(32, 'Module 'apcu' a...', 'Unknown', 0) #1 [internal function]: WHMCS\Utility\Error\Run->handleShutdown() #2 {main} when i reload the page for several times, it redirects to "mysite.com/login" and gets user/password and then when i enter the user/pass again shows the same error ...!!!!
      i have tried a lot to find something but nothing is out there ! ! ! 
      would you guys please help me solve this problem !? 
      Thanks in advance 
    • By JesusSuarz
      I hope someone has knowledge about this ..
      I find very little information about it. I hope someone helps me.
      I am trying to prevent users from being able to change some fields in their profile.
      I found the following function:
      <?php add_hook('CustomFieldSave', 1, function($vars) { return array('value' => 'overridden value',); }); this prevents any field from being editable,
      however, how can I select a specific field?

      someone posted an idea in 2019.
      however it doesn't work, because fieldid and relid return NULL from $vars
      any idea?
      I just need to select the fields that I want to prevent from being edited.
    • By error 404
      The information you’re about to submit is not secure
      Because this form is being submitted using a connection that’s not secure, your information will be visible to others.
      when user trying to login to their account from client area login panel. but the problem is showing that error.
      i checked at https://www.whynopadlock.com/ and here is the result.....
      A form with the action of "http://example..com/dologin.php" exists in the source code of the tested page.
      This form needs to be updated to use "https://example.com/dologin.php" or another secure URL for your padlock to return.
      How can i solve this error? i am using updated WHMCS!

    • By trewhost
      Hi Team,
      Suddenly not showing Browse our Products/Services not showing. how to enable it ? 

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated