Block clients from ordering with a proxy/VPN (WHMCS Hook)

[KuJoe]

I created this hook today after talking to @damian on IRC. What it does is it checks the user's IP address against Maxmind for the likelihood of the IP being a proxy or VPN, if it is then it redirects the client to a page explaining that a proxy/VPN was detected.

The hook requires your Maxmind account have Proxy Detection queries available (minFraud queries will NOT work).

You can download the hook here: Link

 

[ryanarp]

Very nice, So just curious if you run out of credits or don't have any at the moment and it fails to get results. Will it show the error or allow the user to pass trough. 

 

[Nikki]

You made a small mistake here (you're doubling the amount of queries to the page)


$score = substr(file_get_contents($query), strpos(file_get_contents($query), "=") + 1);

Also, I'd check for cURL first as it's much faster than  file_get_contents and is likely installed on anything running whmcs.

 

[KuJoe]

@ryanarp I believe it just fails. Hopefully Maxmind will let you know because there's no way to check remotely to my knowledge.


@Nikki thanks for catching that. I was using Maxmind's script and just adapted it to WHMCS but I will fix it shortly.

 

[KuJoe]

Fixed and re-uploaded the files.

 

[Artie]

Did you test it out? I tried it on a test install and it let me proceed to checkout from a 1.80 marked IP. Same with your site in your signature.

Assuming the hook the fires when you get click Checkout at the Cart view screen (that's what the docs say).

 

[KuJoe]

I've tested this extensively with a few providers without any issues. The hook kicks in when you click "Complete Order" now since the previous method broke the "Modern" template.

 

[Artie]

I've tested this extensively with a few providers without any issues. The hook kicks in when you click "Complete Order" now since the previous method broke the "Modern" template.

Okay that makes more sense (and it works!) 

Just curious, what does the commented out error message set do vs the current redirect code?

 

[KuJoe]

Unfortunately nothing. I was trying to get the hook to work before clicking the "Complete Order" button but since @damian an I are using the Modern cart template in WHMCS it wasn't worth adding.

Maybe if WHMCS fixes the hook so it's called at the proper time I will change it but for now it's stuck with the redirect.

 

[Artie]

Is there anyway to have it error out on the cart like it does you don't enter a first name for example?

This method is nice and all but it still creates the client account, which is undesirable since most fraudsters who are detected will simply leave, thus filling up your database with useless junk.

 

[KuJoe]

That was what I wanted to do but it's not possible, my goal was to give the error before the person wasted their time typing in all of the information but the hook I wanted to use breaks the order form. Are you sure it creates the account?

 

[Artie]

That was what I wanted to do but it's not possible, my goal was to give the error before the person wasted their time typing in all of the information but the hook I wanted to use breaks the order form. Are you sure it creates the account?

Yep, just tested it. The account is created, client is redirected, order is aborted.

What I am trying to do is add message to this with the no VPNs, it fires after the Complete Order button is pressed:

 

[KuJoe]

Looks like you can use the ShoppingCartValidateProductUpdate or ShoppingCartValidateCheckout to display the error. Let me know if you need help editing the hook, as long as you're just displaying the error it shouldn't break the cart.

 

[Artie]

Got it. This will simply error out instead of the redirect, fixing the account creation issue:

Here's the code for anyone interested. This goes in the hook file:

		if ($score >= $max_score) {
			global $errormessage;
			$errormessage .= '<li>You must order from a non-proxy/VPN IP address. If you are not on a proxy/VPN, please contact us.</li>';
		}
	}

add_hook("ShoppingCartValidateCheckout",1,"chkProxy");
?>

 

[KuJoe]

Yup, that's exactly what I did also. I've uploaded the latest version of the hook and removed the template files since the error message looks a lot better and doesn't make the client re-type all of the info.

Thanks Artie for pushing me to find a better solution.

 

[Artie]

I hate to be picky but you forgot to update the version number!

Also, you might want to mention in readme that the error message may need styling (like I need<li> for my theme).

 

[KuJoe]

Fixed.

I made the code easier to edit for people not very code savvy and expanded on the readme file like you suggested.