Auth System

Trustmaster	#23273 2010-02-28 20:54
Administrators Thanked: 265 kez	# scriptor : How to find the user id of an active session with an external script that don´t use the Cotonti Function? This method is not very secure and can be faked with a cookie, but I'll explain it. First you need to get $cfg['mainurl'] from Cotonti's datas/config.php. Then you can get the user ID like this: $site_id = 'ct' . substr(md5($cfg['mainurl']), 0, 10); if (!empty($_COOKIE[$site_id])) $u_data = $_COOKIE[$site_id]; elseif (!empty($_SESSION[$site_id])) $u_data = $_SESSION[$site_id]; else $u_data = false; if ($u_data) { // Get Cotonti user ID $u_data = explode(':_:', base64_decode($u_data)); $cot_user_id = $u_data[0]; } else { // Not logged in } In Cotonti Siena there will be a session variable to get that ID in a more easy and reliable way. May the Source be with you!

Trustmaster

#23273 2010-02-28 20:54

# scriptor : How to find the user id of an active session with an external script that don´t use the Cotonti Function?

This method is not very secure and can be faked with a cookie, but I'll explain it. First you need to get $cfg['mainurl'] from Cotonti's datas/config.php. Then you can get the user ID like this:

$site_id = 'ct' . substr(md5($cfg['mainurl']), 0, 10);
if (!empty($_COOKIE[$site_id])) $u_data = $_COOKIE[$site_id];
elseif (!empty($_SESSION[$site_id])) $u_data = $_SESSION[$site_id];
else $u_data = false;

if ($u_data)
{
  // Get Cotonti user ID
  $u_data = explode(':_:', base64_decode($u_data));
  $cot_user_id = $u_data[0];
}
else
{
  // Not logged in
}

In Cotonti Siena there will be a session variable to get that ID in a more easy and reliable way.

May the Source be with you!