Please upgrade here. These earlier versions are no longer being updated and have security issues.

Using Vanilla logged in cookie to enable access for mini app inside the same domain/server

cvlloscvllos New
edited January 26 in Vanilla 2.0 - 2.8

Hi guys,

I have a topic where we manage a follow up list with specific user's data. I would like to create a small app with PHP in a different web folder to let each user add, update and delete his own data. It will be an easy app and I would like the app (CRUD) to use Vanilla's logged in cookie and autentication to enable user maintenance and limit user modification to his own data only. I intend also to, later, create a CRON script to publish data to the topic once per day.

Is there a way to use Vanillas authentication cookie(s) and session status to check login status and also retrieve user login Id ?
The part related to publishing data into a topic I guess I should use the API V2 to do that + CRON jobs. right ?

thanks in advance

Comments

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    Here is a small "Hello User" (you have to change the PATH_ROOT definition to your needs):

    <?php
    // Init Vanilla framework
    define('PATH_ROOT', '/var/www/vanilla/release');
    require_once(PATH_ROOT.'/environment.php');
    require_once(PATH_ROOT.'/bootstrap.php');
    
    // Get the name of the current User
    if (Gdn::session()->UserID == 0) {
        $userName = 'Guest';
    } else {
        $userName = Gdn::session()->User->Name;
    }
    ?>
    <!DOCTYPE html>
    <html>
    <head>
        <title>Proof of Concept</title>
    </head>
    <body>
        <h1>Hello <?= $userName ?></h1>
    </body>
    </html>
    


  • Better Impossible.

    Worked like a charm !

    @R_J ,Thank you very much !


    Abusing from you help, how to detect if logged in user is already confirmed (not still an "unconfirmed" user) or if the user is an Admin or Moderator ?


    thanks in advance (*again*)


    best regards,

  • Sorry... I think I didn't mention one important info. My current Vanilla version is 2.6.4

    Best,

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator
    edited January 27

    This is how the GDN_User table is defined:


    $Construct
       ->primaryKey('UserID')
       ->column('Name', 'varchar(50)', false, 'key')
       ->column('Password', 'varbinary(100)')// keep this longer because of some imports.
       ->column('HashMethod', 'varchar(10)', true)
       ->column('Photo', 'varchar(255)', null)
       ->column('Title', 'varchar(100)', null)
       ->column('Location', 'varchar(100)', null)
       ->column('About', 'text', true)
       ->column('Email', 'varchar(100)', false, 'index')
       ->column('ShowEmail', 'tinyint(1)', '0')
       ->column('Gender', ['u', 'm', 'f'], 'u')
       ->column('CountVisits', 'int', '0')
       ->column('CountInvitations', 'int', '0')
       ->column('CountNotifications', 'int', null)
       ->column('InviteUserID', 'int', true)
       ->column('DiscoveryText', 'text', true)
       ->column('Preferences', 'text', true)
       ->column('Permissions', 'text', true)
       ->column('Attributes', 'text', true)
       ->column('DateSetInvitations', 'datetime', true)
       ->column('DateOfBirth', 'datetime', true)
       ->column('DateFirstVisit', 'datetime', true)
       ->column('DateLastActive', 'datetime', true, 'index')
       ->column('LastIPAddress', 'ipaddress', true)
       ->column('DateInserted', 'datetime', false, 'index')
       ->column('InsertIPAddress', 'ipaddress', true)
       ->column('DateUpdated', 'datetime', true)
       ->column('UpdateIPAddress', 'ipaddress', true)
       ->column('HourOffset', 'int', '0')
       ->column('Score', 'float', null)
       ->column('Admin', 'tinyint(1)', '0')
       ->column('Confirmed', 'tinyint(1)', '1')// 1 means email confirmed, otherwise not confirmed
       ->column('Verified', 'tinyint(1)', '0')// 1 means verified (non spammer), otherwise not verified
       ->column('Banned', 'tinyint(1)', '0')// 1 means banned, otherwise not banned
       ->column('Deleted', 'tinyint(1)', '0')
       ->column('Points', 'int', 0)
       ->set($Explicit, $Drop);
    


    Gdn::session()->User is an object which has all those table columns as properties. Therefore you can simply check for the value of Gdn::session()->User->Confirmed


    To get the roles a user has, you need to make use of the UserModel: `$userModel = new UserModel();`. But the class.gdn.php also lets you access the UserModel. In order to find out more about the roles, you should look at the RoleModel


    $userRoles = Gdn::userModel()->getRoles(Gdn::session()->UserID);
    $memberRoleIDs = RoleModel::getDefaultRoles(RoleModel::TYPE_MODERATOR);
    


    Then you can extract the roles with array_column($userRoles, 'RoleID') and see if there is an intersection between those two RoleID arrays


  • @R_J , I think it's enough to go deeper by myself

    Thanks a lot for the explanation !

    Best,

Sign In or Register to comment.