Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Custom loginform -what is the minimum amount of vanilla-code that needs to be included?

edited October 2006 in Vanilla 1.0 Help
I wish to log-in users both on my main site and in to vanilla as well. They are sharing usertables at the moment; added the nessesary fields for vanilla as outlined in Marcs Wordpress integration tutorial and mapped the fields in conf/database.php I had hoped to go the easy way an not write a custom autentication module for vanilla, delete the people.php fiel and force users to login via the main site. I searched the people.php and the includes in that file but i can't find where the $_POST['username] & $_POST['password] gets piked up by an instantsiated People.Class.Authenticator object. Tryed "find in files": "Authenticate" without any luck. Only get referenses to the Authenticator classes but cant seeme to find any referense to the metod in outher parts of the app. What am I missing. The problem is surly due to my laking uderstanding of Vanillas "templating" system that i dont realy get as off know. Every thing seems to be driven from the Context object. I hope this issent stupid simple and that I have missed the obvious. Some pointers to spare my lengthy digging in source would be mutch appresiated.


  • Options
    edited October 2006
    You have to look for ForceIncomingString('PostOrGetKey', 'defaultValue')
    Vanilla use ForceIncomingString, ForceIncomingInt and ForceIncomingBool to get the POST and GET values. Check in Framework.Functions.php to know what they do.
  • Options
    edited October 2006
    I have looked in: People.Control.SignInForm.php Framework.Class.Context.php People.Class.UserManager.php People.Class.Session.php People.Class.Authenticator.php People.Control.SignInForm.php people_signin_form_nopostback.php All things seem to be built as a MVC-pattern, but I am kind a drowning in the logic. Does anyone know if it as simple as instantsiating (I dont think so) an new People.Class.Authenticator object and feeding it with correct (Username, Password) to create a valid Vanilla session or do i have to go trough all the hoops of instantsiating Framework.Class.Context People.Class.UserManager People.Class.Session People.Class.Authenticator like I think I do. Like..... <code><pre> // GLOBAL INCLUDES include($Configuration['APPLICATION_PATH'].'appg/headers.php'); include($Configuration['APPLICATION_PATH'].'appg/database.php'); include($Configuration['DATABASE_PATH']); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Functions.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.Database.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.'.$Configuration['DATABASE_SERVER'].'.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.SqlBuilder.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.MessageCollector.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.ErrorManager.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.ObjectFactory.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.StringManipulator.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.Context.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.Delegation.php'); include($Configuration['LIBRARY_PATH'].'Framework/Framework.Class.Control.php'); include($Configuration['LIBRARY_PATH'].$Configuration['AUTHENTICATION_MODULE']); include($Configuration['LIBRARY_PATH'].'People/People.Class.Session.php'); include($Configuration['LIBRARY_PATH'].'People/People.Class.User.php'); // INSTANTIATE THE CONTEXT OBJECT // The context object handles the following: // - Open a connection to the database // - Create a user session (autologging in any user with valid cookie credentials) // - Instantiate debug and warning collectors // - Instantiate an error manager // - Define global variables relative to the current context (SelfUrl $Context = new Context($Configuration); $Context->DatabaseTables = &$DatabaseTables; $Context->DatabaseColumns = &$DatabaseColumns; // Start the session management $Context->StartSession(); //custom login // Check for an already active session $UserManager = $Context->ObjectFactory->NewContextObject($this->Context, 'UserManager'); if ($Context->Session->UserID != 0) { //user is logged in => fine proceed..... } else { // Attempt to create a new session for the user if ($UserManager->ValidateUserCredentials($_POST['Username'], $_POST['Password'], $RememberMe=1)) { //user is logged in => fine proceed..... }else{ //wrong credentials redirect to "access denied/wrong username or password" because my one auth-system an vanilla shares tables things would newer get to this point //if there wasent someting wrong. The main site auth system wold have allready caught this and redirected so an Exception wold be in place here like. throw new Exception('Vanilla authentication error, not logged in to forum'); } </code></pre> If so.... does anyone have any ideas if the code above would work at all or if I got it wrong somewhere. I probably have :=) :=/
  • Options
    MarkMark Vanilla Staff
    The minimum amount of Vanilla code you need to include to set up and/or use Vanilla sessions is: none. Vanilla stores simple values in php sessions and cookies. If you understand what those are and how they are used to retrieve the user's ID, that's all you need to know. You can write your own code to retrieve or set that information. Take a look at library/People/People.Class.Authenticator.php to see how authentication is done.
  • Options
    NickENickE New
    edited October 2006
    If you just want to authenticate someone then you can do something as simple as:
    $Username = ;
    $Password = ;
    $Persistant = ;
    $Errors = array(
    	-2 => 'Fatal database error', 
    	-1 => 'Insufficient permissions', 
    	0 => 'Username/password combination not found', 
    $Ret = $Context->Authenticator->Authenticate($Username, $Password, $Persistant);
    if($Ret <= 0) echo($Errors[$Ret]);
    (obviously modifying directories and variable assignments as needed)

    However, if you've already verified the username and password and have retrieved the verification key, than it'd be simpler (read: more efficient) to call Authenticator::AssignSessionUserID and, if required, ::SetCookieCredentials. You'd probably also want to make a call to ::UpdateLastVisit, but it won't really hurt if you don't.
  • Options
    edited October 2006
    OK Thanks SirNot and Marc! That helps alot! Im trying to take the lazy approatch as a first opt, and try to use as mutch of Vanillas preexisting logic as possible to get IP-logging , UpdateLastVisit and so on for free. Atleast as long as the additional logic dosent slov down my start/signin page considerbly. I Will try out your suggestion later today SirNot! Tanks for helping out, mutch appreciated!
  • Options
    I Examined $_SESSION and $_COOKIE and realised that Marcs suggesstion where the easies way to go. Got a singel sign-on solution running fast and easy this way after intergrating the user table in my system with Vanillas. Tanks again for the assistanse. Vanilla is a Great App. It´s a relief with it's esay extendibilty and consistent OO-codebase compard to the old funktionbased bords currently dominating the webb.
This discussion has been closed.