Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Using Vanilla logged in cookie to enable access for mini app inside the same domain/server

cvlloscvllos New
edited January 2019 in Vanilla 2.0 - 2.8

Hi guys,

I have a topic where we manage a follow up list with specific user's data. I would like to create a small app with PHP in a different web folder to let each user add, update and delete his own data. It will be an easy app and I would like the app (CRUD) to use Vanilla's logged in cookie and autentication to enable user maintenance and limit user modification to his own data only. I intend also to, later, create a CRON script to publish data to the topic once per day.

Is there a way to use Vanillas authentication cookie(s) and session status to check login status and also retrieve user login Id ?
The part related to publishing data into a topic I guess I should use the API V2 to do that + CRON jobs. right ?

thanks in advance

Comments

  • R_JR_J Ex-Fanboy Munich Admin

    Here is a small "Hello User" (you have to change the PATH_ROOT definition to your needs):

    <?php
    // Init Vanilla framework
    define('PATH_ROOT', '/var/www/vanilla/release');
    require_once(PATH_ROOT.'/environment.php');
    require_once(PATH_ROOT.'/bootstrap.php');
    
    // Get the name of the current User
    if (Gdn::session()->UserID == 0) {
        $userName = 'Guest';
    } else {
        $userName = Gdn::session()->User->Name;
    }
    ?>
    <!DOCTYPE html>
    <html>
    <head>
        <title>Proof of Concept</title>
    </head>
    <body>
        <h1>Hello <?= $userName ?></h1>
    </body>
    </html>
    
  • Better Impossible.

    Worked like a charm !

    @R_J ,Thank you very much !


    Abusing from you help, how to detect if logged in user is already confirmed (not still an "unconfirmed" user) or if the user is an Admin or Moderator ?


    thanks in advance (*again*)


    best regards,

  • Sorry... I think I didn't mention one important info. My current Vanilla version is 2.6.4

    Best,

  • R_JR_J Ex-Fanboy Munich Admin
    edited January 2019

    This is how the GDN_User table is defined:


    $Construct
       ->primaryKey('UserID')
       ->column('Name', 'varchar(50)', false, 'key')
       ->column('Password', 'varbinary(100)')// keep this longer because of some imports.
       ->column('HashMethod', 'varchar(10)', true)
       ->column('Photo', 'varchar(255)', null)
       ->column('Title', 'varchar(100)', null)
       ->column('Location', 'varchar(100)', null)
       ->column('About', 'text', true)
       ->column('Email', 'varchar(100)', false, 'index')
       ->column('ShowEmail', 'tinyint(1)', '0')
       ->column('Gender', ['u', 'm', 'f'], 'u')
       ->column('CountVisits', 'int', '0')
       ->column('CountInvitations', 'int', '0')
       ->column('CountNotifications', 'int', null)
       ->column('InviteUserID', 'int', true)
       ->column('DiscoveryText', 'text', true)
       ->column('Preferences', 'text', true)
       ->column('Permissions', 'text', true)
       ->column('Attributes', 'text', true)
       ->column('DateSetInvitations', 'datetime', true)
       ->column('DateOfBirth', 'datetime', true)
       ->column('DateFirstVisit', 'datetime', true)
       ->column('DateLastActive', 'datetime', true, 'index')
       ->column('LastIPAddress', 'ipaddress', true)
       ->column('DateInserted', 'datetime', false, 'index')
       ->column('InsertIPAddress', 'ipaddress', true)
       ->column('DateUpdated', 'datetime', true)
       ->column('UpdateIPAddress', 'ipaddress', true)
       ->column('HourOffset', 'int', '0')
       ->column('Score', 'float', null)
       ->column('Admin', 'tinyint(1)', '0')
       ->column('Confirmed', 'tinyint(1)', '1')// 1 means email confirmed, otherwise not confirmed
       ->column('Verified', 'tinyint(1)', '0')// 1 means verified (non spammer), otherwise not verified
       ->column('Banned', 'tinyint(1)', '0')// 1 means banned, otherwise not banned
       ->column('Deleted', 'tinyint(1)', '0')
       ->column('Points', 'int', 0)
       ->set($Explicit, $Drop);
    


    Gdn::session()->User is an object which has all those table columns as properties. Therefore you can simply check for the value of Gdn::session()->User->Confirmed


    To get the roles a user has, you need to make use of the UserModel: `$userModel = new UserModel();`. But the class.gdn.php also lets you access the UserModel. In order to find out more about the roles, you should look at the RoleModel


    $userRoles = Gdn::userModel()->getRoles(Gdn::session()->UserID);
    $memberRoleIDs = RoleModel::getDefaultRoles(RoleModel::TYPE_MODERATOR);
    


    Then you can extract the roles with array_column($userRoles, 'RoleID') and see if there is an intersection between those two RoleID arrays

  • @R_J , I think it's enough to go deeper by myself

    Thanks a lot for the explanation !

    Best,

Sign In or Register to comment.