HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Good way to echo a user's ForeignUserKey?

ConkConk New
edited May 2014 in Vanilla 2.0 - 2.8

How can I echo the ForeignUserKey (located in the GDN_UserAuthentication table) in PHP?

Thanks in advance!

Comments

  • Bump

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @Conk‌

    Maybe if you clarified what you are trying to achieve, you might get a response from one of the code gurus.

  • I literally want to echo the ForeignUserKey for the current user in my PHP template.

    I can echo the current user's name, email and other things but not their ForeignUserKey.

  • hgtonighthgtonight ∞ · New Moderator
    edited May 2014

    Welcome to the community!

    You can execute arbitrary SQL using the included database driver. Just grab the prefix, write your SQL, create a named parameter list, and query away:

    $Px = Gdn::Database()->DatabasePrefix;
    $Sql = "select UserID from {$Px}User where Name = :Name";
    $Params = array(':Name' => 'hgtonight');
    $Data = Gdn::Database()->Query($Sql, $Params);
    

    You will have to supply your own SQL statement as this is a) trivial, and b) probably a bad idea.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • show your code. Are you using the user model?

    grep is your friend.

  • @hgtonight the sql statement is not relevant to this.

    grep is your friend.

  • hgtonighthgtonight ∞ · New Moderator
    edited May 2014

    @x00 said:
    hgtonight the sql statement is not relevant to this.

    Agreed. That is just a succinct example about how to use named parameters with arbitrary SQL in Garden.

    EDIT - Updated the query to be less obtuse.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • x00x00 MVP
    edited May 2014

    ForeignUserKeyis abstracted precisely becuase you don't typically reveal that relationship. If it is already something public knowledge then you can do it.

    grep is your friend.

  • ConkConk New
    edited May 2014

    My code is currently this (it's a page using the CustomPages plugin)

    <?php if (!defined('APPLICATION')) exit();
    $Session = Gdn::Session();
    if($Session->IsValid()):
        $User = $Session->User;
        echo $User->Name;
        echo $User->Email;
    endif; 
     ?>
    

    Pretty basic as you can see. I'm not sure how to use code tags on here properly so sorry for the bad formatting!

  • @hgtonight said:

    Yes but it is not good to encourage people to make arbitrary statements in lue of the model, especially as user data is efficiently cached.

    grep is your friend.

  • x00x00 MVP
    edited May 2014

    Edit ForeignUserKey is not in the User table. it is in the User authentication table.

    You could do Gdn::SQL()->GetWhere('UserAuthentication',array('UserID'=>$Session->User->UserID))->FirstRow();

    Btw you should sanitize output using Gdn_Format::Text()

    grep is your friend.

  • @x00 - Thanks for this.

    I tried the code but I get the following error with debug turned on:
    Parse error: syntax error, unexpected T_OBJECT_OPERATOR

    I also tried Gdn:: instead of Gnd:: but got the same error. Any ideas?

  • it is a syntax error try

    Gdn::SQL()->GetWhere('UserAuthentication',array('UserID'=>$Session->User->UserID))->FirstRow();

    grep is your friend.

    peregrineConk
  • @x00 - Thanks a lot! Using your code, I was able to get it working like this:

    $Test = Gdn::SQL()->GetWhere('UserAuthentication',array('UserID'=>$Session->User->UserID))->FirstRow();
    echo $Test->ForeignUserKey;

  • x00x00 MVP
    edited May 2014

    Remember to sanitize name and email.

    grep is your friend.

  • @x00 - Like this?
    echo Gdn_Format::Text($User->Name);

    What's the reason for using this? What potential issues could arise if I wasn't to use it?

    Thanks for all your help so far. I really appreciate it!

  • x00x00 MVP
    edited May 2014

    Why to sanitize outputs? You sanitize anything that could be potentially exploited.

    Although by default, name can only have alpha-numermic characters and underscores, this is dependent on having a vanilla authenticator and not some SSO with it own userbase, if you use an authenticator that is more liberal or that requirement changed, you have an open door for XSS.

    it is good practice in general to sanitize outputs, where there is a user input. ok user name is not the easiest option to exploit, but is important to understand that coding is not child's play, and you need to understand things like this properly rather than just getting by.

    grep is your friend.

    Conk
  • ConkConk New
    edited May 2014

    @x00 - Thank you. I do need to understand it properly and that's why I asked :)

    Thanks for the insight. You've been very helpful.

    peregrinehgtonight
  • LincLinc Former Staff Detroit Admin
    edited May 2014

    @x00 said:
    but is important to understand that coding is not child's play, and you need to understand things like this properly rather than just getting by.

    It's generally bad practice to chide someone for asking a good question, especially when it degrades your own otherwise very helpful answer. :)

  • x00x00 MVP
    edited May 2014

    @Linc said:
    It's generally bad practice to chide someone for asking a good question, especially when it degrades your own otherwise very helpful answer. :)

    that was taken out of context, it was a more of a warning than a chide, however I can see it might be taken that way.

    grep is your friend.

    peregrine
Sign In or Register to comment.