Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Authenticating a Vanilla user from outside the Vanilla framework?

edited September 2006 in Vanilla 1.0 Help
Ok, here's my dilema. I'm creating a website with a log in box on the main page (outside Vanilla). My idea is to let visitors log in to Vanilla from this main page, but without actually going to the Vanilla forums. Whether they correctly or incorrectly logged in, I want them to go right back to the main page again after filling out the log in box.

Once a visitor is logged in and on the main page (still outside Vanilla), I would also like to verify that they are indeed logged in. Logged in visitors will see a special menu and information.

How can I accomplish this? I tried using ob_start() in PHP and logging in that way behind the scenes, but it didn't work. There's still nothing in the $_SESSION['LussumoUserID'] variable. Here's the code I tried:

$fname = "" . $_REQUEST["Username"] . "&Password=" . $_REQUEST["Password"] . "&RememberMe=" . $_REQUEST["RememberMe"];
$fhandle = fopen($fname, "r");
if( !$fhandle ) { Error("The $fname page could not be found."); }
$document = "";
while( $line = fgets($fhandle) )
$document .= $line;
echo $document;
$buffer = ob_get_contents();

Or do I need to manually set session variables from my own PHP script and verify the username and password myself with the MySQL database?

Your help would really be appreciated. I'm on a tight deadline with this.

- Matt.


  • Options
    NickENickE New
    edited August 2006
    I would think the Authenticator class in library/People/People.Class.Authenticator.php is all you need.
  • Options
    I had taken a look at that, but didn't quite understand how I'd hook into it from my outside PHP script. Any ideas?
  • Options
    NickENickE New
    edited August 2006
    It's really quite simple:
    //set (and check) these values somehow
    $Username = ;
    $Password = ;
    $Persistant = ;
    $Errors = array(
    	-2 => 'Fatal database error', 
    	-1 => 'Insufficient permissions', 
    	0 => 'Username/password combination not found', 
    $Ret = $Context->Authenticator->Authenticate($Username, $Password, $Persistant);
    if($Ret <= 0) echo($Errors[$Ret]);
  • Options
    Ok, so include a few Vanilla framework files. Then authenticate myself via MySQL query. Then return my results to Vanilla so that login can occur.

    I'll try that right away.
  • Options
    Your code was a good start, but I found I didn't need the Ajax include. I also now have a problem with the fact that passwords in the database are encrypted. Hopefully it won't be hard finding the relevant code in Vanilla that decrypts so that it can be used in my own login script.
  • Options
    they're never decrypted... the user input is encrypted and tested against the database entry. if we could decrypt them that easily we'd be in trouble :)
  • Options
    edited August 2006
    You don't need to emulate people. You can use people as it is for your login system. You just need to add following line on all your pages
    (instead of init_ajax.php, you can use init_people.php or init_vanilla.php, but init_ajax.php is the slimer one)

    And for login, you send them to people.php?ReturnUrl=http://where.everyouw.ant

    When logged-in, you have access to $Context->Session->UserID or $Context->Session->User->Name for exemple
  • Options

    Yes, I did figure that out. I simply added md5() around the password and that was that. Although I couldn't get it to accept both uppercase and lowercase like the Vanilla login can.


    And you are right, I do need the init_ajax.php include for login to work properly. But I'm having a heck of a time with the sessions. They seem to conflict with my script's session handling...or something. When I uncomment both includes after I'm logging in, it wants to redirect me to people.php which can't be found. Then I need to clear my browser's cookies to clear the problem.

    How can I create a log out button via my script? I don't think the logout routine accepts the handy ReturnUrl variable. Or if it does, it isn't working for me. It always shows the Vanilla logout box instead.

    Thanks for your help so far. This is so frustrating.
  • Options
    It looks like the settings.php file uses "ob_start();". But so does my own script and template system. I'm afraid that might be causing part of my problem. Thus, my login.php script is already being called within an ob_start() and then ob_start() is being called AGAIN from the login.php script:

    index.php -> ob_start() -> login.php -> ob_start (settings.php)
  • Options
    I ended up using the $Context->Authenticator->Authenticate example above and things now work great. I had to use a separate PHP login script that resides outside my template system I use. My last remaining question is this: How can I also log out behind the scenes?

    Thanks so much!
  • Options
    Anyone for how to log out of Vanilla from a remote PHP script?
  • Options
  • Options
    Check People.Control.Leave.php:$Context->Session->End($Context->Authenticator);
  • Options
    Thanks, that worked great! Really appreciate the help everyone. I'm sure this will get easier the more I work with the Vanilla code and structure.
  • Options
    This is an old topic, but what do you do when there's already a class called User in your application? Is that question outside the scope of this topic?
This discussion has been closed.