Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

PHP AUTH login

edited October 2011 in Vanilla 2.0 - 2.8
Hey guys,

Im brand new to the Vanilla universe. Im having a version of Vanilla2 installed on a .htaccess protected website. What i would like to do is to use the $_SERVER['PHP_AUTH_USER'] to automatically authenticate the users with, when they enter the forum.

How would you suggest to do this?


  • ToddTodd Chief Product Officer Vanilla Staff
    edited October 2011
    I recommend writing a plugin.

    1. Create a Gdn_Dispatcher_BeforeDispatch_Handler($Sender) function.
    2. Check make sure a user isn't already signed in:
    if (Gdn::Session()->UserID > 0) return; 
    2. Check $_SERVER['PHP_AUTH_USER']
    3. Look up that user in the user table:
    4. If the user doesn't exist then insert the user:
    $UserID = Gdn::UserModel()->InsertForBasic(
    array('ValidateEmail' => FALSE, 'NoConfirmEmail' => TRUE));
    5. Start the session as the user:
    Gdn::Session()->Start($UserID, TRUE)
  • edited May 2013

    I did that, but the Gdn::Session()->Start($UserID, TRUE); returns null and don't do nothing :s
    Thanks for helping

    // Define the plugin:
    $PluginInfo['HTTPAuth'] = array(
       'Description' => 'HTTP / HTACCESS auto login',
       'Version' => '1.0',
       'Author' => "Maxime",
       'AuthorEmail' => '***',
       'AuthorUrl' => ''
    class AuthentificationHttpPlugin extends Gdn_Plugin
            public function Gdn_Dispatcher_BeforeDispatch_Handler($Sender)
                    //We check that the user isn't already logged
                    if (Gdn::Session()->UserID > 0) return; 
                    //We check the htaccess login
                    $httpusername = (string) $_SERVER['PHP_AUTH_USER'];
                    echo('http username = ' . $httpusername);
                    //We check if the user exists
                            echo "<p> User doesnt exists </p>";
                            //If not, we create it
                            $UserID = Gdn::UserModel()->InsertForBasic(
                                    array('ValidateEmail' => FALSE, 'NoConfirmEmail' => TRUE));
                            echo "<p> User exists </p>";
                            $UserID = $httpusername;
                    var_dump(Gdn::Session()->Start($UserID, TRUE)); //Returns NULL
  • Sorry for code format, I try but I don't find how to format it fine...

  • edited May 2013

    Nobody have an idea of why the Gdn::Session()->Start() doesn't works ? I did search in existing plugins about a redirection to do after the Session->Start(), but I didn't find anything working :/

  • ToddTodd Chief Product Officer Vanilla Staff

    Gdn::Session()->Start() doesn't return anything, but sets the cookie. Try dumping Gdn::Session()->User after that.

  • Thanks so much for reply !

    Gdn::Session()->Start($UserID, true);

    returns a bool(false) :/

Sign In or Register to comment.