PixelPaul Posted September 8, 2021 Share Posted September 8, 2021 (edited) Hello all, I will have users logged directly into WHMCS. Does anyone know how i can verify a users session via the cookie and API? I will be doing it via a nodejs app. I have another application, and it has access to the WHMCS cookie as on same domain, and it can use the API. So i would like it to get the cookie and then check via the WHMCS API if the user is logged in and who the user is. I can also access the database if needed. The CreateSsoToken method does not really work for me, as they will be logged into WHMCS via the order form or other. And i cant control how they will access this other application ( they may click a link or access it directly or other ) Edited September 8, 2021 by PixelPaul 0 Quote Link to comment Share on other sites More sharing options...
string Posted September 9, 2021 Share Posted September 9, 2021 (edited) I don't think WHMCS has an API endpoint for this. The way I would do it is to create a PHP script on the WHMCS server that returns the client's data when called. For example, you can use the PHP session (DOLLAR-SIGN_SESSION) to determine if the client is logged in and which client it is. You then return this information as (e.g.) JSON. Like that: Create a simple PHP script, e.g. under: http://domain.com/whmcs/getClient.php When someone opens your website, the visitor makes an AJAX call to getClient.php. Then the output of getClient.php is processed client-side and your javascript should adjust the output of your website accordingly. If you don't want to just display data, but do things with the account, you'll obviously need to do the check server-side, for security reasons. You would query the session ID of the client and then read the session from the server. For this you either read the content from the session file (use phpinfo() to find out where your sessions are) or from the database. Depending on how WHMCS is configured: https://docs.whmcs.com/Sessions Whereby a client-side processing would be possible by creating your own API in WHMCS (like getClient.php), in which you make sure that the user is logged in. PS: The WHMCS server blocks my post if i write DOLLAR-SIGN_SESSION - this is why i have wrote DOLLAR-SIGN_SESSION. Surely you know that you need to replace "DOLLAR-SIGN" with the actual char. Edited September 9, 2021 by string 0 Quote Link to comment Share on other sites More sharing options...
PixelPaul Posted September 9, 2021 Author Share Posted September 9, 2021 (edited) this is close to what i was thinking of doing. the only problem is, the session data seems to be encrypted in the database. So i can get the session for the logged in person, but i cant get their userID from the session data without decrypting the payload somehow. Edited September 9, 2021 by PixelPaul 0 Quote Link to comment Share on other sites More sharing options...
string Posted September 9, 2021 Share Posted September 9, 2021 Maybe you can decrypt the content using DecryptPassword. DecryptPassword also has an API endpoint so you can use that directly in your node.js app. Unfortunately I have not checked yet how WHMCS stores the sessions in the database. If that not works, let me know and i will check if i see a way. 0 Quote Link to comment Share on other sites More sharing options...
PixelPaul Posted September 9, 2021 Author Share Posted September 9, 2021 it is base64 encoded. so i got it all sorted 🙂 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.