How to restrict ALL pages to logged in users only

[championc]

Hi all,

I found a post from 2016 with the following code, which no longer works.  What changes would be made to allow it to work with the current code ?

Original thread - 

<?php
if (!defined("WHMCS"))
   die("This file cannot be accessed directly");

function hook_ForceEveryoneToLogin($vars) {

   $clientID = intval($_SESSION['uid']);
   $adminID = intval($_SESSION['adminid']);

   if ($adminID===0){
       if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset", "register")) && $clientID===0){
           header("Location: login.php");
           exit;
       }
   }

}
add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin");

Edited June 19, 2023 by championc

[DennisHermannsen]

You can use this:

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser and !in_array($templateFile, ['login', 'dologin', 'pwreset', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

[MBayDesign]

I'm so happy to have run across this post as I've been looking without success for exactly this kind of hook. 

While the redirect to the login page works great, it is having difficulty redirecting properly when a client actually logs in.  Too many redirects or improper redirect.

Does anyone know where that might be occurring in the above code?

Thank you to the OP and to Dennis!

[DennisHermannsen]

It seems I was too quick when writing that script.

Try this instead. It also allows admins to browse the client area.

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'pwreset', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

[MBayDesign]

It works!  You're a hero! 🙂

Thank you!

[MBayDesign]

Just as an FYI, the pwreset exclusion was not working.  It needs to be changed to password-reset-container. 🙂

 

[championc]

Can you provide the necessary complete code ?

[MBayDesign]

Sure - the code provided originally by  DennisHermannsen is just altered slightly in the templateFile array. 

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'password-reset-container', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

[MBayDesign]

I'm going to add another item to the array and repost this - fyi, it's the invitation for new users.  It is possible that there will be more things that come up that need to be excluded in the array, but I'm not sure what those might be.  Anyway, here' s the updated code:

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'password-reset-container', 'register', 'clientarea', 'user-invite-accept']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

[DennisHermannsen]

The hook (along with the latest addition) has been added to this repository: https://github.com/DennisSkov/WHMCS-Hooks-and-Modules

[MBayDesign]

Thanks for that Dennis!

[MBayDesign]

I realize it's been a while for this thread, but there was something I was never sure how to accomplish and I recall at the time that I just dropped it.  

I wanted to add announcements and knowledgebase to the exclusion array,  but could not find a way to add a wildcard to the hook to allow all articles and announcements through without logging in. I added the main template files, but of course you can't get into the individual articles.

Is it possible at all? 

[DennisHermannsen]

@MBayDesign use the "knowledgebasearticle" template for knowledgebase articles and "viewannouncement" for the annoucement article.
 

[MBayDesign]

Doh!  I was literally looking through the template files this morning for options just like those.  I can't believe I didn't see them!

Thank you!