/
Auto Login

Auto Login

Jul 30, 2025

How it works?

AutoLogin is a free HostBill plugin (included in all versions since 2016-05-06) that allows you to log-in your customers from external application/website with customer email address.

The power of AutoLogin feature is that you are not forced to redirect user anywhere after log-in into your application, all actions are taken in the background, between your application's server and HostBill's.
Additionally you can auto-logout customers once they log-out of your application.

Connecting your application and auto-login should work with this flow:

  1. Client logs-in into your application

  2. Your application generates access hash from user email + secret from module configuration

  3. Your application HTTP POST this hash to Auto-Login module

  4. Module authenticates customer, and returns url that you should link your application from. I.e.: via "Access billing portal" link 

  5. Once customer visits this link he/she will be automatically logged in.

  6. [Optional] When customer logs out of your application, it POST request to log-out customer from HostBill too

  7. [Optional] You can use 'redirect' parameter to generate URL that redirects clients to a specific resource. 

Configuring module

This module is by default included in all new HostBill downloadable packages. 

Visit Settings → Modules → Plugins, find and activate "Client Auto Login" module. If module is not on your list, make sure to update to latest HostBill version first.

You need to enter:

  • your secret code that will be used to create access hash in your application code,

  • set rate limit attempts

  •  hash verification method (this will impact your code)

 

Important info about code samples

Atlassian tends to replace & char with & in code below, after copy please replace & with & in your code and set $hashMethod

Code sample: Login customer

Code sample below is in PHP using cURL.

Sample log-in code
<?php //Set hash method: 'md5' or 'hmac_sha256' $hashMethod = 'md5'; // Get cURL resource $ch = curl_init(); // Set AutoLogin url curl_setopt($ch, CURLOPT_URL, 'http://yourhostbillurl.com/index.php?cmd=autologin&action=login'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Data to post: $email= "user@email.com"; //Client's email address $duration = "160"; //Time in seconds for how long user login link will work $secret = "SECRET_CODE"; //Secret code set in module configuration (in previous step) $hashData = $email.$secret.$duration; if($hashMethod && $hashMethod === 'hmac_sha256') { $hash = hash_hmac('sha256', $hashData, $secret); //Verification string } else { $hash = md5($hashData); //Verification string } $body = http_build_query([ 'email'=>$email, 'duration'=>$duration, 'hash'=>$hash, 'redirect' => 'http://yourhostbillurl.com/index.php?cmd=clientarea&action=invoices', //optional ]); //data to post // Set POST data curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $body); // Send the request & save response to $resp $resp = curl_exec($ch); if(!$resp) { die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch)); } else {   $array = json_decode($resp,true); if($array['success']) { $login_url = $array['login_url']; //url to link customer to HostBill $token = $array['token']; //token we can use to log user out } else { die('Error: "' . $array['error'] .'"'); } } curl_close($ch);

 

Code sample: Logout customer

Code sample below is in PHP using cURL.

Sample log-out code
<?php // Get cURL resource $ch = curl_init(); // Set AutoLogin url curl_setopt($ch, CURLOPT_URL, 'http://yourhostbillurl.com/index.php?cmd=autologin&action=autologout'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Data to post: $token = ""; //Login token returned upon user auto-login (previous step) $body = http_build_query([ 'token'=>$token ]); //data to post // Set POST data curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $body); // Send the request $resp = curl_exec($ch); curl_close($ch);