Jump to content

Prevent Orders & Full Client Area Access Until Email Verification (Secure WHMCS Anti-Spam System)

Abisek

By Abisek
in Showcase Your Site

 Share

Recommended Posts

Abisek Junior Member

Abisek

Posted
Posted

Hello everyone,

I wanted to share a simple but effective security approach I implemented in WHMCS to reduce spam registrations and fake account abuse.

The idea is straightforward: users must verify their email before they can access any part of the client area or place orders.

Overview

If a user has not verified their email address, they are completely restricted from using the client area.

This includes blocking access to: 

 
$blockedPages = [
"clientarea",
"services",
"invoices",
"domains",
"tickets",
"productdetails",
"upgrade",
"addons",
"downloads",
"supporttickets",
"serverstatus"
];
 

Access control behavior

When a user is not verified:

  • They cannot access the dashboard
  • They cannot view services
  • They cannot access billing or invoices
  • They cannot open or view support tickets
  • They cannot use upgrades or addons

The only allowed access is the email verification flow.

Allowed page for unverified users

Unverified users are only allowed to access: 

 
 
/user/profile
 

From this page they can:

  • Resend the verification email
  • Update their email address if needed
  • Complete the verification process

User flow

  1. User registers an account
  2. Verification email is sent automatically
  3. User logs in
  4. System checks verification status
  5. If not verified, all client area access is blocked
  6. User is redirected to the profile page
  7. After verification, full access is restored automatically

Purpose

The main goal of this system is to reduce spam accounts, fake registrations, and abuse of hosting resources.

It ensures that only verified users can interact with services, which significantly improves account quality and reduces unwanted usage.

Result

This approach helps:

  • Reduce bot registrations
  • Prevent disposable email abuse
  • Improve security of client accounts
  • Keep hosting resources clean
  • Ensure only real users access services

 

EXAMPLE BELOW THIS IS HOW IT LOOKS,    

If anyone is interested, I can share the hook code for this implementation.

 
 
 

verifyblock.jpg.6c2adacd6b7824e1a86b528120d1144e.jpg

1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept