Using mod_inherit_authentication_from_session

Hi, I am attempting to use the inherit authentication from session module with a member website. As I have no php knowledge I enlisted the help of the developer of the authentication/cms system I am using (WebAssist/SecurityAssist), who inserted the code he thought should work (see below). Unfortunately it doesn't - phorum login is now disabled and the session authentication doesn't follow through. (I can of course reinstate phorum login by disabling the mod).

<?php

/* phorum module info
hook: user_session_restore|inherit_authentication_from_session
title: Inherit authentication from session
desc: This module will use session data of a main application to create and authenticate a Phorum user. Note that this module was written as an example and will need work if you want to apply it for your own purposes.
*/

function inherit_authentication_from_session($session_data)
{
// Initialize the session data as "not logged in".
$session_data[PHORUM_SESSION_LONG_TERM] = FALSE;
$session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;

// Start the PHP session management when it's not already started.
if (!session_id()) session_start();

// In the main application, the user data is stored in the session.
// If no user is set, then we are done here.
if (empty($_SESSION['userID'])) return $session_data;

// Build a Phorum compatible user data array.
$active_user_data = array(
'user_id' => $_SESSION['SecurityAssist_id_members'],
'username' => $_SESSION['firstName'] . " " .$_SESSION['lastName'],
'password' => '*NO PASSWORD SET*', // not needed for regular users
'email' => $_SESSION['email'], // needed for e-mail notifications
'admin' => 0,
'active' => PHORUM_USER_ACTIVE
);

// Hardcoded: user "Terradon" is admin in phorum
if ($active_user_data['username'] == 'Terradon') {
$active_user_data['admin'] = 1;
$active_user_data['password'] = md5($_SESSION['password']);
}

// Load the Phorum api code for various user-related functions.
include_once "./include/api/user.php";

// Check if a Phorum user exists for the active username.
$user_id = phorum_api_user_search("username", $active_user_data['username']);

// The user exists in Phorum. Load the existing data.
if ($user_id) {
$phorum_user_data = phorum_api_user_get($user_id);
}
// The user does not exist. Create a new user.
else
{
// prevent conflicts with Phorum user_ids by letting Phorum generate
// its own user_id value.
$active_user_data['user_id'] = NULL;

$user_id = phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD);
$active_user_data['user_id'] = $user_id;
$phorum_user_data = $active_user_data;
}

// If the user is not active, then do not log them in.
if ($phorum_user_data['active'] != PHORUM_USER_ACTIVE) {
return $session_data;
}

// Since we have a simple admin setup (a fixed user), we take care of
// syncing the admin user by simply always saving data for this user.
if ($active_user_data['admin']) {
phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD);
}

// We have a legit user, so set the session info.
$session_data[PHORUM_SESSION_LONG_TERM] = $user_id;
$session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

return $session_data;
}



In the cookie/session Settings I have:
Use Cookies: Require cookies
Session path: /
Session domain: empty field

I don't know if it makes any difference but at this point passwords for the main site login are not encrypted.

Can anyone give me some pointers please before I re-engage the WebAssist expert?

Many thanks,
Sylvia

Sorry but that simply needs debugging on your server.
If the WebAssist expert just gave you a module which doesn't work now he's in charge to give you something working.

---

Thomas Seifert

Thanks Thomas, I will get back to him.