Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Pulling Session Info

SpencerMcSpencerMc New
edited June 2012 in Vanilla 2.0 - 2.8

Ok, so I've been working on adapting an old authentication class written to integrate Vanilla 1 and an open source wiki called Dokuwiki to function with Vanilla 2. It's definitely been a learning experience, as up to now I've only known the basics of php and web development in general, but with the help of google and w3 schools, I think I'm on the right track. I'm running into a problem at the end in the function that establishes an external trust. It used to pull a bunch of information on the current user session by performing a function called _getUserInfo on an element of the $Context array.

if ($Context->Session->UserID > 0)
        {
        $this->_openDB();
        if($userInfoArr = $this->_getUserInfo($Context->Session->User->Name))
        {
        $USERINFO['pass'] = $userInfoArr['pass'];
            $USERINFO['name'] = $userInfoArr['name'];
        $USERINFO['mail'] = $userInfoArr['mail'];
        $USERINFO['grps'][] = $userInfoArr['group'];

        $_SERVER['REMOTE_USER'] = $userInfoArr['name'];

        $_SESSION[DOKU_COOKIE]['auth']['user'] = $userInfoArr['name'];
        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
        }

Most of this info I've been able to find in Gdn::Session(), but there does not seem to be an element for password or group (which I suspect would be called roles now). (also, the variable name on the Dokuwiki end has changed). So, this is what I've adapted it to so far:

if (Gdn::Session()['UserID'] > 0)
        {
        $this->_openDB();

        $INFO['userinfo']['pass'] = $userInfoArr['pass'];
            $INFO['userinfo']['name'] = Gdn::Session()['Name'];
        $INFO['userinfo']['mail'] = Gdn::Session()['Email'];
        $INFO['userinfo']['grps'][] = $userInfoArr['group'];

        $_SERVER['REMOTE_USER'] = Gdn::Session()['Name'];

        $_SESSION[DOKU_COOKIE]['auth']['user'] = Gdn::Session()['Name'];
        $_SESSION[DOKU_COOKIE]['auth']['info'] = $INFO['userinfo'];

But, as you can see, I'm not sure what to change the last two assign statements to. I've looked through the documentation pretty extensively, but I can't seem to find anything. Can anyone tell me where this info can be pulled from?

Answers

  • $sessionuser = ($Session->User);

       echo " ======= $sessionuser->Name  ======================";
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • SpencerMcSpencerMc New
    edited June 2012

    Woops, I actually cut and paste from a previous version of the file; I had added the ->$User behind each Gdn::Session. But I see the practicality in assigning a variable so it only has to be called once. So...now I have:

    $Sessionuser = (Gdn::Session()->$User);
        if ($Sessionuser['UserID'] > 0)
            {
            $this->_openDB();
            $INFO['userinfo']['pass'] = $userInfoArr['pass'];
                $INFO['userinfo']['name'] = $Sessionuser['Name'];
            $INFO['userinfo']['mail'] = $Sessionuser['Email'];
            $INFO['userinfo']['grps'][] = $userInfoArr['group'];
    
            $_SERVER['REMOTE_USER'] = $Sessionuser['Name'];
    
            $_SESSION[DOKU_COOKIE]['auth']['user'] = $Sessionuser['Name'];
            $_SESSION[DOKU_COOKIE]['auth']['info'] = $INFO['userinfo'];
    
                return true;
           }
    

    However, I still have the issue with the old $userinfoArr['pass'] and $userinfoArr['group'].

    If I do a print_r (Gdn::Session()->User); I get:

    [UserID],[Name],[Photo],[About],[Email],[ShowEmail],[Gender],[CountVisits],[CountInvitations],[CountNotifications],[InviteUserID],[DiscoveryText],[Preferences],[Permissions],[Attributes] => Array ( [TransientKey]), [DateSetInvitations],[DateOfBirth],[DateFirstVisit],[DateLastActive],[LastIPAddress],[DateInserted],[InsertIPAddress],[DateUpdated],[UpdateIPAddress],[HourOffset],[Score],[Admin],[Banned],[Deleted],[CountUnreadConversations],[CountDiscussions],[CountUnreadDiscussions],[CountComments],[CountDrafts], and [CountBookmarks]

    I'm thinking group may have been replaced by [Permissions].
    I guess what I'm asking is whether there is a asset anywhere that contains the currently logged in user's password and/or what roles the user is currently assigned. Am I completely barking up the wrong tree, and is this a lost cause?

  • SpencerMcSpencerMc New
    edited June 2012

    Alright, I definitely was going about this wrong. _getUserInfo is actually a method defined in the mysql authentication class that is extended by the class I'm trying to write. I'd delete this thread if I could at this point, because I've a bit more grinding to do before I have something worth asking about.

Sign In or Register to comment.