Firefox PHP

Quick Authentication

Posted by Brian Moon 
Forum List Message List New Topic
munich
Re: Quick Authentication
March 15, 2009 02:56PM
Great script! Ahm, but I have one question, how do I access the variables?
I include the file with: 
Language: PHP
include "./quick_auth-5.2.php";

I guess the user data is stored in an array, but what's the name of the array and what are the names of the elements?

Thanks,
munich
Reply Quote
Maurice Makaay
Re: Quick Authentication
March 15, 2009 03:13PM
As you can read in the script itself, the user data is stored in the global variable $USER. The fields that are in that variable can easily be dumped on the screen by using a bit of code like: 

Language: PHP
print "<xmp>";
print_r($GLOBALS[';USER';]);
print "</xmp>";
 
// or what will most probably work too:
 
print "<xmp>";
print_r($USER);
print "</xmp>";

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Reply Quote
munich
Re: Quick Authentication
March 15, 2009 03:25PM
Yeah, I tried that, but it doesn't work...
The file has been included successfully, I tried that by having an echo "a"; in the quick_auth-5.2.php.
But the arry is not defined.
I get 
Language: HTML
<br /> <b>Notice</b>: Undefined index: USER in <b>/....php</b> on line <b>90</b><br />
when I used the first code you posted.
Do you have any idea what the mistake could be?
Thanks!



Edited 1 time(s). Last edit at 03/15/2009 03:26PM by munich.
Reply Quote
Maurice Makaay
Re: Quick Authentication
March 15, 2009 06:52PM
Well, that result would be a sign that the script did not find a logged in Phorum user. So you are either nog logged in or the script does not have access to the Phorum authentication cookie. No access to the cookie could have various reasons:

  • You are accessing the forum on a different domain / hostname than the main site;
  • Phorum is inside a subdirectory and the cookie path in the general settings was changed to reflect that;
  • Other reasons that I didn't think of.

It's hard to tell what the exact problem is for you. You'll have to do some more debugging on the code. Focus on the cookie retrieval for starters. When a Phorum cookie is available, the rest should be a breeze.

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Reply Quote
strangebeer
Re: Quick Authentication
June 14, 2009 04:25PM
I think I'm missing something really obvious, here -- I didn't see any 1,2,3 steps to implementing this script so I figured it was pretty easy.

My complete process:
I downloaded the most recent version (quick_auth.php, ver 5.2), plopped it in my /lib directory, put the following in my front page: 

require_once("/home/dcshows/www/lib/quick_auth.php");

if($USER["user_id"]){
    echo "logged in";
} else {
    echo "logged out";
}

and I get the "logged out" printout. I've checked my phorum_session_v5 cookie and I am on the same domain with the path set as /. I'm also currently logged in to my phorum. I feel like I'm missing something.



Edited 1 time(s). Last edit at 06/14/2009 04:32PM by strangebeer.
Reply Quote
Maurice Makaay
Re: Quick Authentication
June 14, 2009 04:30PM
One step that is not in your complete process description, is the actual inclusion of the quick auth script in your front page code. Based on your description, that would be the first available culprit.

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Reply Quote
strangebeer
Re: Quick Authentication
June 14, 2009 04:32PM
Ah.. you are correct, however it was in there. I just neglected to reflect it above. I've edited that post accordingly.
Reply Quote
Maurice Makaay
Re: Quick Authentication
June 14, 2009 05:36PM
Well, in that case it should work.
Try to do some debugging to see if the quick auth script is loaded and what route it is following.

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Reply Quote
strangebeer
Re: Quick Authentication
June 14, 2009 06:04PM
I've interspersed print statements throughout quick_auth.php. Below is what follows. The bold HEREs indicate where the script went: 

<?php

HERE print "<p>quick_auth.php loaded<br />"; #DEBUG LINE
if(isset($_COOKIE["phorum_session_v5"])){
HERE print "_COOKIE[\"phorum_session_v5\"] set<br />"; #DEBUG LINE
    if(isset($PHORUM["user"])){
print "_PHORUM[\"user\"] set<br />"; #DEBUG LINE

        $GLOBALS["USER"] = $PHORUM["user"];

    } else {

HERE print "_PHORUM[\"user\"] not set<br />"; #DEBUG LINE
        define("PHORUM", "quick_auth");

        // wrap all this in a function to protect it and other code
        function check_session()
        {
            // one of these needs to be commented out.
            $require = "sessid_lt";  // long term cookie that will exist over time
            //$require = "sessid_st"; // short term cookie that may not be required at all, but is more secure
HERE print "Require: $require<br />";
            include_once($_SERVER["DOCUMENT_ROOT"]."/board/include/db/config.php");
            list( $user_id, $sess_id ) = explode( ":", $_COOKIE["phorum_session_v5"], 2 );

            $conn=mysql_connect($PHORUM["DBCONFIG"]["server"], $PHORUM["DBCONFIG"]["user"], $PHORUM["DBCONFIG"]["password"], true);
            mysql_select_db($PHORUM["DBCONFIG"]["name"], $conn);

            $sql="select * from ".$PHORUM["DBCONFIG"]["table_prefix"]."_users where user_id='".mysql_escape_string($user_id)."' and $require='".mysql_escape_string($sess_id)."'";

            $res=mysql_query($sql, $conn);

            if(mysql_num_rows($res)){
HERE print "Results found for ".$PHORUM["DBCONFIG"]["table_prefix"]."_users where user_id='".mysql_escape_string($user_id)."<br />"; #DEBUG LINE
                $USER=mysql_fetch_assoc($res);

                $sql="select data from ".$PHORUM["DBCONFIG"]["table_prefix"]."_settings where name='PROFILE_FIELDS'";

                $res=mysql_query($sql, $conn);
                if(mysql_num_rows($res)){
HERE print "Data found for ".$PHORUM["DBCONFIG"]["table_prefix"]."_settings where name='PROFILE_FIELDS' <br />"; #DEBUG LINE
                    $fields=unserialize(mysql_result($res, 0, "data"));

                    $sql="select * from ".$PHORUM["DBCONFIG"]["table_prefix"]."_user_custom_fields where user_id='".mysql_escape_string($user_id)."'";

                    $res=mysql_query($sql, $conn);
                    if(mysql_num_rows($res)){
                        while($row=mysql_fetch_assoc($res)){
HERE print "Row data: ".$row["data"]."<br />";
                            $USER[$fields[$row["type"]]["name"]]=$row["data"];
                        }
                    }
                }

            } else {
print "No user found<br />"; #DEBUG LINE
                $USER=array();
            }
Everything goes great until I get to this point. The following print statement elicits the value "Array" as what is inside $GLOBALS["USER"]. That doesn't seem right to me. 
            $GLOBALS["USER"]=$USER;
HERE print "GLOBALS['USER']: ".$GLOBALS["USER"]."<br />";
        }


        check_session();
    }
}


?>
Reply Quote
Maurice Makaay
Re: Quick Authentication
June 14, 2009 07:36PM
That is exactly what I'd expect to be in there: an array (containing no data or a bunch of user data). To see what's in the user data array, use print_r($GLOBALS['USER']) instead. You cannot display an array's contents using a simple print statement.

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Reply Quote
Page 8 of 10    Pages: Previous12345678910Next
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login