Jump to content

How to restrict ALL pages to logged in users only


championc

Recommended Posts

Hi all,

I found a post from 2016 with the following code, which no longer works.  What changes would be made to allow it to work with the current code ?

Original thread - 

<?php
if (!defined("WHMCS"))
   die("This file cannot be accessed directly");

function hook_ForceEveryoneToLogin($vars) {

   $clientID = intval($_SESSION['uid']);
   $adminID = intval($_SESSION['adminid']);

   if ($adminID===0){
       if (!in_array($vars['filename'], array("login","dologin","clientarea","pwreset", "register")) && $clientID===0){
           header("Location: login.php");
           exit;
       }
   }

}
add_hook("ClientAreaPage", 1, "hook_ForceEveryoneToLogin");
Edited by championc
Link to comment
Share on other sites

You can use this:

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser and !in_array($templateFile, ['login', 'dologin', 'pwreset', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

Link to comment
Share on other sites

I'm so happy to have run across this post as I've been looking without success for exactly this kind of hook. 

While the redirect to the login page works great, it is having difficulty redirecting properly when a client actually logs in.  Too many redirects or improper redirect.

Does anyone know where that might be occurring in the above code?

Thank you to the OP and to Dennis!

Link to comment
Share on other sites

It seems I was too quick when writing that script.

Try this instead. It also allows admins to browse the client area.

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'pwreset', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

Link to comment
Share on other sites

  • 2 weeks later...

Sure - the code provided originally by  DennisHermannsen is just altered slightly in the templateFile array. 

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'password-reset-container', 'register', 'clientarea']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

Link to comment
Share on other sites

  • 3 weeks later...

I'm going to add another item to the array and repost this - fyi, it's the invitation for new users.  It is possible that there will be more things that come up that need to be excluded in the array, but I'm not sure what those might be.  Anyway, here' s the updated code:

<?php

use WHMCS\Authentication\CurrentUser;
use WHMCS\Config\Setting;

add_hook('ClientAreaPage', 1, function ($vars) {
    $user = new CurrentUser;
    $templateFile = $vars['templatefile'];
    if(!$user->isAuthenticatedUser() and !$user->isAuthenticatedAdmin() and !in_array($templateFile, ['login', 'dologin', 'password-reset-container', 'register', 'clientarea', 'user-invite-accept']))
    {
        $systemURL = Setting::where('setting', 'SystemURL')->first();
        $systemURL = $systemURL->value;
        if(!str_ends_with($systemURL, '/')){
            $systemURL = $systemURL.'/';
        }
        header("Location: {$systemURL}login.php");
        exit();
    }
});

 

Link to comment
Share on other sites

  • 11 months later...

I realize it's been a while for this thread, but there was something I was never sure how to accomplish and I recall at the time that I just dropped it.  

I wanted to add announcements and knowledgebase to the exclusion array,  but could not find a way to add a wildcard to the hook to allow all articles and announcements through without logging in. I added the main template files, but of course you can't get into the individual articles.

Is it possible at all? 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated