Forums / General / Get Current User information using EzPublish API

Get Current User information using EzPublish API

Author Message

Alex Seymour

Wednesday 01 September 2010 5:49:42 pm

Hi,

I hope someone can help with this issue I am having.

A site on the server has been developed using the EzPublish system, users are logging in and all works fine. Now we have a web application on the same server that does not use the EzPublish system. When a user visits this web app, I need to get the Users Login name to access this app.

I understand from reading the API that all I need to do is add the following code in the PHP of my web app:

$user =& eZUser::currentUser();
$login_name = $user->attribute( 'login' );

What packages do I need to include in this PHP to use this functionality?

I have tried:
require 'autoload.php';

But this gives me errors accessing the EzPublish database.

Could somebody please describe what exacatly has to be included in this web apps code to access the logged in users details.

cheers

Jérôme Vieilledent

Wednesday 01 September 2010 11:20:21 pm

Hi Alex

Which version is used ? Is it priori to 4.0 ?

Do you need to fetch current user in a module or in a script ?

André R.

Thursday 02 September 2010 12:26:32 am

I think your better of creating a rest interface (but as written bellow, this relies on session) to retrive this or something else.

Getting current user relies on session > cookie, db > siteaccess > ezsys > ezexecution > ezini and possible a whole lot of other sub systems in eZ Publish like extensions.

In 4.3 you can however lookup user session id in ezsession table and join use_id with user id in ezuser table, but in 4.4 we have changed to file based session handler by default, so unless you keep on using db handler it will not work.

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Philippe VINCENT-ROYOL

Thursday 02 September 2010 12:36:19 am

Hi Alex,

Why not using zeta components ? Because i think you ll lost lot of time to create an application which used ezpublish api.

Certified Developer (4.1): http://auth.ez.no/certification/verify/272607
Certified Developer (4.4): http://auth.ez.no/certification/verify/377321

G+ : http://plus.tl/dspe
Twitter : http://twitter.com/dspe

Bertrand Dunogier

Thursday 02 September 2010 2:47:42 am

How would the components help here ?

Bertrand Dunogier
eZ Systems Engineering, Lyon
http://twitter.com/bdunogier
http://gplus.to/BertrandDunogier

Jérôme Vieilledent

Thursday 02 September 2010 3:01:51 am

"

How would the components help here ?

"

Wondering the same...

Abdelkader RHOUATI

Thursday 02 September 2010 3:09:26 am

"
"

How would the components help here ?

"

Wondering the same...

"

Me too :)

Using SSO will be a solution for this features.

tks

Abdelkader RHOUATI

Blog (french) : http://arhouati.com
----
Extension arh_jdebug : EzDebug using jquery

Philippe VINCENT-ROYOL

Thursday 02 September 2010 4:23:21 am

Oops my fault.. thinking about something else. Forget it :) (shame on me ^^ )

Certified Developer (4.1): http://auth.ez.no/certification/verify/272607
Certified Developer (4.4): http://auth.ez.no/certification/verify/377321

G+ : http://plus.tl/dspe
Twitter : http://twitter.com/dspe

Alex Seymour

Thursday 02 September 2010 10:22:04 am

Thank you for your speedy replies!

I believe the version being used is 4.3, but I assume this will be updated as time goes on.

The $current_user will need to be fetched in a script.

I am not familiar with the EzPublish system, what is SSO?
Is it a class or function I need to add to the system?

Cheers

Alex

Abdelkader RHOUATI

Thursday 02 September 2010 5:59:18 pm

Hello,

The SSO (Single Sign-On) is a method allowing a user to perform only a single authentication to access multiple applications (or secure Web sites). This functionality is native to ezpubilsh, but you need to install a CAS SSO server, and also develop a module to add to your application web, which is used to communicate with the CAS server and retrieve the current user.

I'm not sure this is what should be done immediately, but it'll look perfect in the future to add this feature.

TKS

Abdelkader RHOUATI

Blog (french) : http://arhouati.com
----
Extension arh_jdebug : EzDebug using jquery

Gaetano Giunta

Friday 03 September 2010 2:04:21 am

Just to clarify Abdelkader's answer:

eZP supports SSO functionality by the way of allowing you to implement SSO handlers (as php classes with a given interface), that will be invoked at the right time by the system (i.e. whenever an anon user visits an eZP web page).

There are no such handlers delivered with the system, so you will need to either code your own or get one from the community. There are a couple of existing ones for CAS, but CAS is not the only supported sso server.

Back to the original question:

- 'partially' loading eZP code into your other app will not work. It is too much of a complex beast. So either you wrap your other app into eZP creating a custom module/view that acts as facade (sounds crazy but it's actually doable thanks to php's great output buffering support), or you allow your other app to get the info of the current user by sniffing its session. This is simpler, and I will describe it below

- to get username of currently logged in user from application B, you will need to have access to its session cookie - set up the eZP session cookie to be served with a domain/path so that it can be read by your other application

- when user gets to your other app, let the app read session cookie from eZP, and either 1) go read directly its session data in the eZP db, or 2) make an http call to a special eZP page that returns the username of the current user, making sure you add the session cookie in the call

To implement point 1, you will probably do some preg matching on the results of your db query, as unfortunately php has no function to hydrate session data in a specific variable - it's either in the main scope or nothing

To implement point 2, you can create in eZP a custom module/view, a soap function, a rest function (if using ezjscore) or an xmlrpc or jsonrpc fun ction (if using ggwebservices).

You can also implement it via custom templates that you set as override for a custom node:a pagelayout that displays username and not $module_result.content would do. But doing it this way a huge waste of resources.

Principal Consultant International Business
Member of the Community Project Board

Alex Seymour

Friday 03 September 2010 9:25:28 am

A big thank you to all of you so far. I wasn't aware this could be so complex to get a users login name!

That said, unless I am missing something, Gaetano's solution above is quite simple.

So if in my App I was to add the following code:

----------------------------------------------------------------------------------

$the_session_id =session_id();

// Query EzPublish DB to return 'data' given $the_session_id as 'session_key'

// pregmatch on returned 'data' string, looking to extract the login name

// example of data string ......."login";s:5:"xxxxxx";s:5:"email";s:16:.........

// use "xxxxxx" in my app as username

-----------------------------------------------------------------------------------

I'm good to go right?

If so, that seems pretty doable and easy to implement rather that developing modules etc...

Alex Seymour

Friday 03 September 2010 1:49:15 pm

Ok, this appears to work on my test system here. Can anybody see any issues with the following:

------------------------------------------------------------------------

// Get the EzPublish Session Key from the cookie
$session_key = $_COOKIE["eZSESSID"];

// Connect to the DB
$db = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if (!$db){
die('Could not connect: ' . mysql_error());
echo "DEBUG: Cannot connect to database - check parameters";
}

// Query DB to get Session Data
mysql_select_db(DB_NAME, $db);
$query = "SELECT data FROM ezsession WHERE session_key = '$session_key'";
$result = @mysql_query($query);
if ($result) {
$row = mysql_fetch_array($result);
$session_data = $row['data'];

// Somewhere in the session data is the current_username, which will look something like:
// ....s:5:"login";s:5:"xxxxx";s:5:"email";s:16:"[email protected]";s:.....
// Strip username from returned session data
$login_str = "s:5:\"login\";s:5:\"";
$email_str = "\";s:5:\"email\"";
$start_index = strpos($session_data, $login_str);
$end_index = strpos($session_data, $email_str);

if ($end_index > $start_index) {
$current_user = str_replace($login_str ,"" , substr($session_data,$start_index, ($end_index - $start_index)) );
}
}
else {
echo "DEBUG: Could not ge Session Data from DB for - session_key: ".$session_key;
}

// output the current_user
echo " current_user is: ".$current_user;

--------------------------------------------------------------------------------

Gaetano Giunta

Friday 03 September 2010 3:50:03 pm

Looks good to me.

One thing: you are not checking if there is actually any row returned corrsponding to your session id gotten from the cookie.

Just remember not to execute this query on every page view in your app, but to store the eZ user name in the current user session once you get it, to avoid useless db calls.

Oh, and lest I forgot:

YOU HAVE A SQL INJECTION IN YOUR CODE! You should be escaping $session_key

Principal Consultant International Business
Member of the Community Project Board

Alex Seymour

Sunday 05 September 2010 3:59:58 pm

Thanks for that Gaetano.

I have a quick question. All is working great on my system, but I have not had chance to upload my code to the live server.

I was wondering if I will be able to access the Ez Session Cookie.

On the live setup, the app is at: www.app.xxxxx.com and the EzPublish code is located at www.xxxxx.com (where xxxxx is the same domain name as each other).

Will the app be allowed access to the EZ Session cookie?

What exactly did you mean by: "set up the eZP session cookie to be served with a domain/path so that it can be read by your other application" ?