Fork me on GitHub
Current release is 2.1.6 (21 Nov 2014).

Users who have not yet upgraded to 2.1 should get security release 2.0.18.14 (1 Nov 2014). We will stop providing these security releases to 2.0 at the end of this year.

How would I detect someone was logged in on a non-Vanill page?

edited January 2009 in Vanilla 1.0 Help
I'm integrating Vanilla into a website and would like to show if someone is/isn't logged in on a non-Vanilla page. So on my home page I would show something like "Sign Up" if someone wasn't logged in, but if they were I'd show a link to their account or something of the sort.

Basically wondering what needs to be included on those non-Vanilla pages to do that.

Comments

  • MarkMark Vanilla Staff
    edited July 2006
    It's up to you. You can include the whole framework and do it like vanilla does, or you can write your own function to take a look at session and cookie variables to see what values (if any) are there.
  • Ideally I'd like to not include the whole framework (seems a bit overkill to do that just to check if somebody is logged in or not).

    That being the case, what session/cookie variables should I be looking for?
  • Yeah, this seems to be something a whole lot of people would like to do, including me.
  • MarkMark Vanilla Staff
    Well, you'd need to make your application aware of a couple of things.

    First of all, all of the session and cookie variable names are defined in the appg/settings.php and can be customized in your conf/settings.php file. You can either include both of those files in your pages (they just contain an array of configuration settings) or you'll have to dig into them and get what the current values are and paste them into your custom code. I recommend the former simply because it will keep all of the settings in one place. The settings you are looking for in particular are:

    // Session and cookie keys
    $Configuration['COOKIE_USER_KEY'] = 'lussumocookieone';
    $Configuration['COOKIE_VERIFICATION_KEY'] = 'lussumocookietwo';
    $Configuration['SESSION_USER_IDENTIFIER'] = 'LussumoUserID';
    // Cookie configuration settings
    $Configuration['COOKIE_PATH'] = '';
    $Configuration['COOKIE_DOMAIN'] = '';


    You can then use those settings to retrieve values from cookies or sessions. For example, If you wanted to see if there was a vanilla-defined userid in the php session, you could do it with code like this (I haven't tested it - I'm writing as i go...):

    // Make sure there is an active php session
    if (!session_id()) session_start();

    // Look in the session for a Vanilla User ID
    $UserID = @$_SESSION[$Configuration['SESSION_USER_IDENTIFIER']];

    // I'd then perform some sort of check on it to see that it is an integer and it is greater than zero.
    // If so, you've got an active session


    Validating a user by cookies is a little trickier, but still very do-able. Basically, if you want your custom code to authenticate user's based on "remember me" cookies, you can do it with a db check like so:

    // Retrieve the cookie values
    $CookieUserID = @$_COOKIE[$Configuration['COOKIE_USER_KEY'];
    $VerificationKey = @$_COOKIE[$Configuration['COOKIE_VERIFICATION_KEY'];

    // Next I'd perform some sort of string checking - ensuring that the values of CookieUserID and VerificationKey are strings and they are not empty. Then I'd continue with...

    if ($CookieUserID != '' && $VerificationKey != '') {

    // Open a connection to the database here...

    // Compare against db values
    $sql = "select UserID from LUM_User where UserID = '".SomeFunctionToFormatForDatabaseQueries($CookieUserID)."' and VerificatonKey = '".SoemFunctionToFormatForDatabaseQueries($VerificationKey)."'";

    //Now retrieve the user id from the result set
    $UserID = 0;
    $Result = @mysql_query($sql, $Connection);
    if (!$Result) {
    die("Something bad happened");
    } else {
    while ($rows = mysql_fetch_array($Result)) {
    $UserID = $rows['UserID'];
    }
    }

    // If the $UserID is still 0, there was a problem with the cookies, so wipe them out
    if ($UserID == 0) {
    setcookie($Configuration['COOKIE_USER_KEY'],
    ' ',
    time()-3600,
    $Configuration['COOKIE_PATH'],
    $Configuration['COOKIE_DOMAIN']);
    unset($_COOKIE[$Configuration['COOKIE_USER_KEY']]);
    setcookie($Configuration['COOKIE_VERIFICATION_KEY'],
    ' ',
    time()-3600,
    $Configuration['COOKIE_PATH'],
    $Configuration['COOKIE_DOMAIN']);
    unset($_COOKIE[$Configuration['COOKIE_VERIFICATION_KEY']]);
    } else {
    // Otherwise assign the UserID to the session...
    @$_SESSION[$Configuration['SESSION_USER_IDENTIFIER']] = $UserID;
    }
    }
  • Is this for version 1? It looks helpful if so, at least a nice start.
  • MarkMark Vanilla Staff
    Yes, that is applicable to Vanilla 1 :)
  • thanks, i was dreading trying to figure this out from scratch
  • I still can't figure out what exactly the login does to generate the session and cookies. I've found threads discussion this a little (asking how it works), but none that explain it well enough to figure out how to be able to login to a page outside Vanilla but using it's session/cookies.
  • regarding the 2nd option: couldn't you just grab lussumocookieone and call it a day?
  • wow this is old...

    lussumocookie(one|two) are only set if the user checks the "remember me" button. The only other cookie set is the PHPSESSID whose name is dictated by the $Configuration['SESSION_NAME'].

    Basically, as long as the 'SESSION_NAME' and 'COOKIE_(DOMAIN|PATH)' match you can use session_start(); and access the current logged in user's ID at $Configuration['SESSION_USER_IDENTIFIER'].
  • DizCowDizCow New
    edited July 2011
    Also see:

    http://www.php-opensource.co.cc/classes/vanilla-authentication-class

    Very easy to use PHP class to authenticate users outside vanilla.
Sign In or Register to comment.