SQL Query Helper does not work

Can someone please explain me how exactly do I use the SQL helper as specified in:

http://docs.whmcs.com/SQL_Helper_Functions

I could use PHP but since WHMCS says it allows to query tables directly with the helper I decided to test this out but for the hell of me I cannot get it work. Not even using the same WHMCS examples:

Inside a whmcs template:

{

$table = "tblclients";

$fields = "id,firstname,lastname";

$where = array("id"=>$userid);

$result = select_query($table,$fields,$where);

$data = mysql_fetch_array($result);

$id = $data['id'];

$firstname = $data['firstname'];

$lastname = $data['lastname'];

}

What exactly is this supposed to do? Because if this is supposed to query the table tblclients table, isn't this supposed to give me some result to use in the templates?

I tried everything:

{$firstname} and allot of other viarables and it does not work. I cannot print any result in a template. Maybe the query is working but I cannot print the results or variables at all, they don't show in my templates. Or maybe the query is not working, don't know either since there are no errors in WHMCS when I enabled the option to debug sql queries.

How exactly would I print firstname in a template using the above query? I tried using my own query first, but after allot of testing and without results I decided to use the simple example provided by WHMCS and for my surprise it does not work either.

Is this function broken in WHMCS? If so then please confirm and I will use a php tag inside smarty to query the database via PHP. Or if someone that used this before would be nice enough to explain me what exactly is wrong, I read the documentation 100 times and there is nothing more to it, it should work inside a template, query and have the results available to use as variables in a template.

try mysql_fetch_row

in order for you to call the var value in the tpl file you just first assign it to smarty

to do that use either (it depends where your using it)

$this->assign($value,value);

or

$smarty->assign($value, value);

so what you are doing is you are assigning a smarty var called {value} with the value of php $value

now to make sure your query is working then after the query do

echo "<pre>";

print_r($data);

exit;

that will show you the array, if you are on a live site, then do this really really fast and get it off there, sometimes if im under the gun i will do this copy it real fast and then comment out the code and save, that way its only avail for maybe 4-5 sec is all

Well it would be easier if if I could disable the stupid smarty cache for testing. Its amazing how terrible it works. Sometimes it loads 5 versions back of the file I changed. Its terrible and there seems no way to disable it.

well from what i understand they dont make it easy because its not advisable. But since you are pulling well known vars have you thought about using a hook, that way you could just pull $vars['userid'] and the rest and you would not need a query

Well I ended up using PHP inside smarty with a mysql_query instead. It just works !

I don't know why WHMCS bothers to put those examples at all if they don't bother to test them or at least put a proper example on how to query something and then how to use it. I wanted to use the WHMCS SQL queries because I imagined, its more simple and it says they also sanitize escapes, but after hours it just does not work. I cannot get a simple query to any table. All of them work with PHP SQL queries the first time, so I can only conclude that this is broken in the latest WHMCS.

What is the point if you have to convert the results to smarty variables to be able to use them. I thought that by using the sql query helper this is already as a smarty variable for use in a template. If not, I'm not exactly sure what is the benefit of using that option vs the standard php queries. I give up at least.

Well i understand your frustration, and sorry to hear you gave up.

If you were trying to do an independent php file the issue may have been that you needed to include the dbconnect.php file in your file. But then again i think you said that normal mysql_query works when those dont. But you have not done anything that others have not with regards to just using {php} stuff {/php} in the tpl file is not a new thing. I suppose others get frustrated as well.

From my understanding and experience so far with my dev on whmcs addons, it seems those sql helpers are designed for hooks and for actual mod addons, because the way you do an addon is that the framework config is there for you to use in the background before you start. But when you do a individual php file whmcs sees that as an "outside the framework" file and so you have to use certain includes to get it to work.

Anyway glad you got it to work, i try my best to stay away from template mods (because people forget to put them back) but sometimes there is just no other way.

Well, I was not trying to do anything fancy at all, not even a mod. Just be able to read a table. I imagined the SQL helper was designed to make that as easy, fast and simple as possible. It seems not....

It also says in the dev documents this works everywhere, in modules, custom pages and templates. I was trying to use this on a custom page.

Actually I noticed tons of things don't actually work. Not even a PHP session like this:

{php}

session_start();

$_SESSION['anything'] = test;

{/php}

PHP sessions don't work in WHMCS !!!

You cannot pass a php variable to another PHP page from a template or custom page. I'm drowning in a glass of water now since I cannot even pass safely anything to another file.

Now I'm really pulling my hair off. All I need is read a number from a table, pass it to another page. Really, how hard can that be? Well, I'm really frustrated now. Why on earth do such simple things don't work....

welcome to being a developer for whmcs. there were times when i first started that i had to just finally do a get_defined_vars and sift thru that object array by array until i was able to find what i wanted and determine the element address, because much of what i was looking for was already defined. But having to back up from the end of the array and sift backwards to the beginning took awhile but i finally go the element address.

you might try the session without the session start, i only say that because in the orderforms/boxes/products tpl file they check a session value without that.

{php}
if (isset($_SESSION["cart"])) {
   unset($_SESSION["cart"]);
}
{/php}

so the session seems to be active in the tpl files, but its the only place i can find in all of whmcs where they address session in the tpl file.

one trick that i have used before to pass it to another file is to first pass it to js and then on the other page grab it from js and put it back to php (i know silly but it works). I use sessionStorage in js for this

https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage

there are a couple of good examples look for the sessionStorage header text on the page.

worth a try for ya. Just remember to wrap your js in literal tags

To be honest I hate it. I'm about to shoot myself. My whole weekend went wasted and I still achieved absolutely nothing. I don't even blame WHMCS for this but smarty. It seems there is no way to use a session in smarty and pass it on to a php file.

What you posted seems to be using this:

http://www.smarty.net/docsv2/en/language.variables.smarty.tpl

I don't want to check a session from Smarty, I want to create a session using a varible in that template and pass it on.

Example:

$_SESSION['myvariable'] = 1234567890;

I'm not sure about what you suggested, that seems to be using the browser storage on the user side. If i'm correct this is just slightly more secure than cookies and should not be used for sensitive data. I would love not to use the user side at all, but stay on the server. Usually this would not be a problem but since we are talking about WHMCS which is a billing system almost everything is actually sensitive data from user id, password, servers, etc.

To be honest I'M AMAZED that there is absolutely no way to connect a php file to smarty. I mean unless you use a database, I don't think its possible to connect a smarty file to a php file, even in the same server.

What I try to do is just make sure the user logged in WHMCS is also the same user that access the php file. Since I need to display data there based on the user, this means I need a way to check from that php file the user logged in or product id. If I use a database I would need to save the user ID with a timestamp then check this on the php file and hope it matches, now you have 2 queries to MYSQL just because a user needs to access another file, this seems overkill and slow. Sessions where created for this type of scenarios but surprise surprise people. You can't use them in whmcs. I'm shocked to be honest. So I need to use the API or something else in the PHP file to check if a user is logged in and then which user, and match that on the other side and we are talking here about the same server, both pages are in localhost but you have to do this as they where external servers.

I would be willing to pay someone for a solution. Maybe I will have to create how PHP makes sessions in the server, and create a session file manually..... oh boy how complicated. All I wanted was to display a graphic on the user side in WHMCS. My code does not work in WHMCS templates at all, so it needs to be in an external php file. All I wanted is the user to be able to click here and see the graphic and its impossible because I cannot check for the user which is logged when he access that file.

Well the good news is that sometime in the future whmcs has already talked about dumping smarty.

to just check if a user is logged in you can use {if $loggedin}

but until then lets give you an example of how i did something and maybe it might help you. Hooks allow you to hook into things such as user login details. http://docs.whmcs.com/Hooks

So basically a hook allows you to tap into a whmcs process before, during, or after an event and allows you to grab vars and or use your own, and allows you to do a php process before the related process ends. So for instance if you wanted to check the user loggin details, you would do a hook and place it in the includes/hooks dir and you want to name it hook_something, it is preferred that you use the hook_something structure for the hook file name. Inside this hook you would call the

http://docs.whmcs.com/Hooks:ClientLogin hook. Which lets you use userid which in the hook function would be $vars['userid'];

Every hook gives back some var and they are all called $vars so whatever you see as the hook available var is going to be $vars['whatever'] because the hook function in the hook file is function whatever($vars)

let me guide you thru a real world deal that i did to add some display data to the affiliates page. I still use this today.

First thing was that i wrote a hook and here it is

/*
****************************************************************************
*                                                                     
* icodemods.com 06/1/2014 
* Title:  Affiliate Hook 
* Description: Data Hook for affiliates
* This hook just grabs the config settings for the affiliate setup
* so they can be displayed for the user on the affiliates.tpl page
*
* Type: Addon               
* Copyright icodemods.com All Rights Reserved                    
* Version 1.0                                                           
* 
****************************************************************************
*                                                                       
* Email: webservices@icodemods.com                                      
* Website: http://www.icodemods.com                                     
*                                                                       
****************************************************************************
*/

if (!defined("WHMCS"))
{
die("This file cannot be accessed directly");
} 

function hook_AffiliateSettings($vars)
{

   // config value name array
   $affRecords = array('AffiliateEnabled', 'AffiliateEarningPercent', 'AffiliateBonusDeposit', 'AffiliatePayout', 'AffiliatesDelayCommission');

   //loop thru value names to get actual values
   foreach($affRecords as $record) 
   {
       //Select Values
       $getValue = mysql_query("SELECT `value` FROM `tblconfiguration` WHERE `setting`='{$record}'");
       $results = mysql_fetch_row($getValue);
       $affValues[$record] = $results[0]; //store result in array each loop       
   }//close foreach

 // convert enabled to yes no 
 $convertEnabled = $affValues['AffiliateEnabled'] = "on" ? "Yes" : "No";
 $affValues['AffiliateEnabled'] = $convertEnabled;

 return $affValues;
}//close function

add_hook("ClientAreaPage", 1, "hook_AffiliateSettings");

in this example i am using the hook called ClientAreaPage here http://docs.whmcs.com/Hooks:ClientAreaPage

and im telling the system that i want to execute this hook first incase i have several hooks in one file,so i put 1

which you should put as default, and then the name of my function on this page.

Remember pay attention when the hook executes from the doc page because if you put a hook that executes before a process and you have it set to 2 it does not matter its going to execute first before the process.

So this is WRONG - because since 2 is part of the before process the system will do it first.

add_hook executes after the process 1

add_hook executes before the process 2

So this is correct

add_hook executes before the process 1

add_hook executes after the process 2

that file i named hook_affiliate_settings.php and i put it in the includes/hooks dir and this will execute every time and i dont have to assign values because they are already assigned via the hook access from whmcs. But you could assign smarty values here if you wanted to.

now lets go take a look at the tpl file for the affiliate, here is the affiliate.tpl file for portal

{if $inactive}
<p>{$LANG.affiliatesdisabled}</p>
{else}
<p align="center">{$LANG.affiliatesrealtime}</p>
<p align="center"><strong>{$LANG.affiliatesreferallink}:</strong>
 <input type="text" size="60" value="{$referrallink}">
</p>
<table width="100%" cellpadding="0" cellspacing="0" class="frame" border="0">
 <tr>
   <td>

<!-- added for details view -->

      <table width="100%" border="0" align="center" cellpadding="10" cellspacing="0">
        <tr>
         <td width="230" class="fieldarea">Program Enabled:</td>
         <td>{$AffiliateEnabled}</td>
       </tr>

        <tr>
         <td width="230" class="fieldarea">Commission Value (Percent):</td>
         <td>{$AffiliateEarningPercent}%</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">Sign Up Bonus:</td>
         <td>${$AffiliateBonusDeposit}</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">Payment Threshold:</td>
         <td>${$AffiliatePayout}</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">Cookie Duration (days):</td>
         <td>90</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">Payment Delay (days):</td>
         <td>{$AffiliatesDelayCommission}</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">Payday (each month):</td>
         <td>25th</td>
       </tr>

       <tr>
         <td width="230" class="fieldarea">More Information:</td>
         <td>{$LANG.affhelptext} <a href="/affiliatehelp.html" onclick="window.open('/affiliatehelp.html', 'affwindow', 'location=0,status=0,scrollbars=1,menubar=0,resizable=0,width=600,height=700');return false"><strong>Affiliates Help</strong></a> And to create your own <strong>Affiliate Coupon Codes</strong> so you can hand out a coupon with a simple code on it rather than worry about a long url link,  visit our <a href="https://durangodaveshosting.com/billing/index.php?m=affcoupons">Affiliate Coupons Page</a> 

       </td>
       </tr>
     </table>
<br />

<!-- end add -->

               <!-- also added style border to table -->

      <table width="100%" border="0" align="center" cellpadding="10" cellspacing="0" style="border-top:1px solid #EBEBEB;">
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliatesvisitorsreferred}:</td>
         <td>{$visitors}</td>
       </tr>
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliatessignups}:</td>
         <td>{$signups}</td>
       </tr>
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliatesconversionrate}:</td>
         <td>{$conversionrate}%</td>
       </tr>
   </table>
 </td>
 </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0" class="frame" border="0">
 <tr>
   <td>
      <table width="100%" border="0" align="center" cellpadding="10" cellspacing="0">
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliatescommissionspending}:</td>
         <td>{$pendingcommissions}</td>
       </tr>
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliatescommissionsavailable}:</td>
         <td>{$balance}</td>
       </tr>
       <tr>
         <td width="230" class="fieldarea">{$LANG.affiliateswithdrawn}:</td>
         <td>{$withdrawn}</td>
       </tr>
   </table></td>
 </tr>
</table>
{if $withdrawrequestsent}
<p align="center">{$LANG.affiliateswithdrawalrequestsuccessful}</p>
{else}
{if $withdrawlevel}
<p align="center">
 <input type="button" value="{$LANG.affiliatesrequestwithdrawal}" onclick="window.location='{$smarty.server.PHP_SELF}?action=withdrawrequest'" class="button">
</p>
{/if}
{/if}
<h2>{$LANG.affiliatesreferals}</h2>
<table width="100%" border="0" align="center" cellpadding="10" cellspacing="0" class="data">
 <tr>
   <th>{$LANG.affiliatessignupdate}</th>
   <th>{$LANG.orderproduct}</th>
   <th>{$LANG.affiliatesamount}</th>
   <th>{$LANG.affiliatescommission}</th>
   <th>{$LANG.affiliatesstatus}</th>
 </tr>
 {foreach key=num item=referral from=$referrals}
 <tr>
   <td>{$referral.date}</td>
   <td>{$referral.service}</td>
   <td>{$referral.amountdesc}</td>
   <td>{$referral.commission}</td>
   <td>{$referral.status}</td>
 </tr>
 {foreachelse}
 <tr>
   <td colspan="5">{$LANG.affiliatesnosignups}</td>
 </tr>
 {/foreach}
</table>
{if $affiliatelinkscode}
<p><strong>{$LANG.affiliateslinktous}</strong></p>
<p align="center">{$affiliatelinkscode}</p>
{/if}

{/if}

and so here is the output of the page.

and thats it... now regarding your session, if you can establish a hook that is executed at the same time as your link process page then you could set the session in a hook there and have it available for you to check.

In other words, if i have a link that shows on page X and to get to page X they have to lets say log in. Then use the login hook to set your session value and then it will be available on page X.. so when they click your link it will check what you need to check.

Hope that helps.

Smarty is not that bad, allot of apps use them and to be honest I assume this problem would be there even in other software that use Smarty.

About the {if $loggedin}, you do realize this only works in WHCMS templates and so inside smarty right?

If I could use {if $loggedin} in the php file I would, then problem solved. I could even output the logged in user. Actually, what I want to do is actually get a variable out of smarty into the php file.

Hooks would work, but don't you think that is even more overcomplicated than a database? You would need to execute the hook action allot, and this is just a user browsing inside this account from page to page, imagine executing hooks for that, if I said SQL would be slow, imagine a hook, which also needs to execute code and SQL as well. If that was the case I would just send a variable to a table and check it on the other side. Just imagine if your install has allot of traffic how that would work. Terrible, all of them browsing in whmcs to that page would be executing hooks. I think hooks are rather to execute code and actions based on certain events in whmcs, like if this happens, execute this code.

Believe it or not, I think the easiest is cookies. Its fast, you set the cookie in the smarty template, check it from the other file. Is this safe? Well, even WHMCS uses cookies for sessions. Its not perfect but it works. Now, it would be better if you could encrypt the cookie before sending it to the user browser, then if the user checks his cookies manually, its a random character with no meaning, he cannot relate this to a user id or product, then when the PHP file reads it again, you could decrypt it and get the result results. Since the key to do this encryption would be in the server, I think this would safe.

I just want to avoid someone figuring out he can trick that page and give it another product ID for example and get data which is not related to his account. This is why I wanted to stay away from cookies, you can fake cookies with anything you want. Not sessions which are on the server. If someone knows if this even possible it would great. Encrypting or hashing the cookie before saving it in the users browsers, then decode it again for use. I think this could potentially work.

About the {if $loggedin}, you do realize this only works in WHCMS templates and so inside smarty right?

sorry my misunderstanding yes i know that, i thought you were looking for a way to show your link or not show your link for your php process unless they were logged in.. my bad sorry. I thought maybe you could use an include inside and if something like this in the template file.

{if $loggedin}

{php}
include('myphpfile.php');
{/php}

{/if}

Are you really sending that sensitive of info like pw and address phone number and cc and such that you cant just use base 64. At least that would obfiscate it and not have it raw.

 

I just want to avoid someone figuring out he can trick that page and give it another product ID for example and get data which is not related to his account. This is why I wanted to stay away from cookies, you can fake cookies with anything you want. Not sessions which are on the server.

 

Then youll have to keep the data out of cookies and out of the url all together or as i said just obfiscate the product id with base 64. And my understanding from watching some security videos last month is that you can fake a session using pearl, you can be anyone or anything you want. But i didnt want to dig too deep into that because i think it would litterly make me cry if i knew the truth about what people could actually do if they wanted to.

With regards to the hook running all the time, almost every single module for WHMCS uses a hook, and many of these modules process alot of data in a split sec so i dont think your using a hook would bog down the process at all. If you measured the time with and without a hook, visually there is no difference unless you use a sleep() in there somewhere. And most of the time with process time, unless your talking about a site that does 10's of thousands of queries in a short time you really have nothing to worry about.

If you dont want them to trick the id value then you could use a hidden value in a form and check the post value to be sure its accurate. Even just add a simple table with an encrypted value when they log in, and compare that value when they do request for the data.

Im sure you know the best way to take care of that problem with the trick id is to take that option away from them and dont give them access to request it any different than you want them to.

So let me know if i understand this correctly now, lets keep this very basic here.

1. You have and added process access via link or icon or whathaveyou to a process that you only want them to access if they are verified (logged in) as who they say they are.

2. If they are verifed then you will either show a link to get the content or show the content on the page.

3. You also want them not to be able to change the request data format or content.

thats basically what your looking for right.

Dont mean to abandoned you mid stream here but i think maybe it would be better if someone else took over here. I wish you the best with your project and outcome...

Thanks. I will see which approach I take, if someone else knows how or a simple way to maintain state between pages from a smarty template to another php file, suggestions are appreciated. So far we have it seems:

Using a database

Using a hook

Using cookies

Using a post command (curl?)

PHP sessions - Does not work.

I don't know why WHMCS bothers to put those examples at all if they don't bother to test them or at least put a proper example on how to query something and then how to use it. I wanted to use the WHMCS SQL queries because I imagined, its more simple and it says they also sanitize escapes, but after hours it just does not work. I cannot get a simple query to any table. All of them work with PHP SQL queries the first time, so I can only conclude that this is broken in the latest WHMCS.

I stopped using SQL Helper functions years ago after not more than 5 minutes. It's not tollerable for me to use that syntax when I have to JOIN multiple tables ON/HAVING multiple conditions and also when I have to connect to multiple databases. As far as I know at least SQL Helper functions are more secure than MySQL API so it's good for "noobs" that only have to run simple queries.

Said that, I personally use PDO (the best API for MySQL). I just need to include 3 lines of code in my confguration.php file to use PDO. I use it for everything (hooks, modules, pages...).

To be honest I'M AMAZED that there is absolutely no way to connect a php file to smarty. I mean unless you use a database, I don't think its possible to connect a smarty file to a php file, even in the same server.

Sure you can. If you are trying to add your scripts inside an encoded .php file of WHMCS, you can simply include your custom .php file in Smarty. Job done. There's no need to use {php} tag. Both files (the encoded one and your custom one) will share all variables since the scope of the object is the same. You can also overwrite or re-define all Smarty variables, arrays and their structures.

I'm a noob and my query was extremely simple. Just to read 1 word from one table. It worked using PHP, I could not get the SQL helper to work. Not sure what I was doing wrong.

What do you mean by including the php file inside smarty, like with in a include file.php something?

I want to transfer/connect (not sure the name for this) a smarty variable to a php file, not the other way around. From what you said I think if I include the PHP file into the smarty file, I would achieve the opposite result.

Example, in my smarty template I have {$domain}

This obviously outputs the domain of user in the template, now how would I get this domain info into my .php file? Sessions don't work. Now if I include the php file inside the smarty template, will I be able to use the variable or pass it to the PHP file? Is this what you mean?

I think in developing its called state, so I want to maintain the state between pages. This PHP file is not running in WHMCS, so its not using smarty either. Its an external PHP, by external I mean its not running inside WHMCS.

What do you mean by including the php file inside smarty, like with in a include file.php something?

Yes, exactly. It's more convinient also because the latest release of Smarty no longer supports {php} tags.

I want to transfer/connect (not sure the name for this) a smarty variable to a php file, not the other way around. From what you said I think if I include the PHP file into the smarty file, I would achieve the opposite result.

 

Example, in my smarty template I have {$domain}

 

This obviously outputs the domain of user in the template, now how would I get this domain info into my .php file? Sessions don't work. Now if I include the php file inside the smarty template, will I be able to use the variable or pass it to the PHP file? Is this what you mean?

 

I think in developing its called state, so I want to maintain the state between pages. This PHP file is not running in WHMCS, so its not using smarty either. Its an external PHP, by external I mean its not running inside WHMCS.

Ok let's call this thing transfer.

You can't transfer a Smarty variable to PHP. There's no way for a very simple reason that I'm going to explain now. Every Template Engine like Smary basically work with 2 components: there's a php file with all code inside and a tpl file just with HTML and markup. In the template you can play with all variables that have been already defined by the scripts.

Once you visit index.php, the first thing you webserver does is to execute all code you have inside this file. At the very end the webserver "sends" all the output (variables, arrays, objects) to index.tpl. Now Smarty is able to provide the HTML output with all the defined variables.

So why can't you transfer {$domain} to PHP? Because once {$domain} exists, the webserver has already finished to execute all PHP codes. I understand that when you visit index.php it seems that all this process happens in the same time but it's not. There are two separate steps.

Execute scripts -> generate the output

Said that, you can't transfer a variable from the output back to the script because the script has already "died". It would be like pretending to change the color of your car when you have already bought it. The only possible "transfer" is between Smarty and any client-side language (more in general javascript) using the tag {literal} but this is part of another question.

In conclusion if you want to pass a Smarty variable to PHP you're probably thinking it in the wrong way. It's not possible unless you want to try with some very horrible and time consuming hack. Let's suppose that you want to make {$domain} equals to "barbie-online.com". Since all PHP files of WHMCS are encoded, you can't directly edit the script but you can create your own one that overwrites the standard one. Include the script in Smarty and job done. You can now enjoy your barbie-online.com.

For variables it's easy but be advised that if you have to modify arrays or objects you have to be familiar with PHP loops, key/value pair, multi-dimensional arrays, objects and a bit of advanced Smarty syntax.

I see, but how else would I access data from a user sessions in WHMCS from another file?

I could talk to the WHMCS database directly but in order to so I would need to know for which user in question. So how exactly would the other page (.php) know which user is executing the page at any giving moment?

You see the dilemma? If I cannot tell the other .php file, hey this is JOE executing the page right now, and now you should read data only for JOES account I need to tell the .php this is JOE. Then I can talk to the database or what ever I want.

Now, the reason why cookies and any other client side is not safe, is because if its on the user browsers, JOE can modify this and change it to JENNY and now execute that page pulling JENNY's data. This is why it has to be on the server side. Now of course that .php is under authentication and has all the proper security checks, but I need to tell the page which user is the one accessing it.

Even if I talk directly to the database, how in the world would I know which user is executing the php page if I cannot connect it directly from a WHMCS template to the my file. And WHMCS uses smarty, so I'm screwed.

Also, I read that Smarty3 does not uses PHP directly anymore, if WHMCS updates to that smarty version then I'm triple screwed because without able to execute PHP in smarty, its mostly completely useless for me.

Naaaah why stressing with cookies and sessions? As soon as you require init.php you have a variable with User ID.

define("CLIENTAREA",true);
define("FORCESSL",true);

require("init.php");

$ca = new WHMCS_ClientArea();
$userid = $ca->getUserID(); // This variable contains the ID of the loggedin client

Naaaah why stressing with cookies and sessions? As soon as you require init.php you have a variable with User ID.

 

define("CLIENTAREA",true);
define("FORCESSL",true);

require("init.php");

$ca = new WHMCS_ClientArea();
$userid = $ca->getUserID(); // This variable contains the ID of the loggedin client

That would work in the PHP file outside WHMCS? If yes, then this would indeed be a way to maintain state from the template to a php file which is not in smarty.

Yes if you can include the init.php file and initialize clientarea. Can you?

Yes if you can include the init.php file and initialize clientarea. Can you?

I will test it out, and see how it works. Thanks.