I'm currently working on adding a login system to an old website. Unfortunately, I'm new to web developments and can not find answers for the following questions:
1. How can I check if a user is logged in or not before serving his http requests. I do understand that in pho we just add session_start() follow by some checking statements. But the website I'm working on is really big and can would be tedious to add session check statement in every page. so is there a way to check if a user is logged in before serving his/her request?
The server is using nginx and the website is using php.
Thanks
Related
I ran an application that to have access, the user needs to log in, this application has multi levels of authentication, this application is a PWA too.
The problem is that when the user downloads the APP to the home screen it always opens on the login screen, but as it can be offline it will not be able to log in.
How can I do to keep it logged in? that is, when the user is offline or online go directly to their dashboard.
I read some answers about sessions and cookies, is it really the best way?
No react or angular or vue was used.
It took me a while to post the answer here, but it came.
Actually it was quite simple, just put in manifest.json to open the URL already logged in and solved my problem, of course it will only load if the user has ever accessed this URL according to my cache rules in the service worker, I suggest you try the same, if it doesn't work you can contact me that i can help.
I have a sharepoint website that needs some credentials to login, and I am also developing another website that requires login credentials. How do I synchronize their login by taking credentials of one of them and using it on the other?
Like, when I login to the sharepoint, I will be logged in to my other website too when I navigate there.
I'll start off by noting that this is not a question for StackOverflow. Posts here should contain an issue, an attempt at solving it, and any errors or bugs with it that you simply cannot solve yourself. Keep that in mind for future reference.
One way of approaching what you want is to create an interface between the two websites. Have a separate account system that is included for both websites. Basically separate any account systems you currently have in place and set them externally instead - and then include that onto your target pages. That's how I'd approach it anywho.
I'm currently building a website using Drupal and I use an external php script to do the login. When the login is successful, the session variables are supposed to be updated with the user data.
While I was developing that script, I kept it only visible to administrator users, but now that I have it available to everyone, as an anonymous user, the session variables are updated on the php script, but the pages in drupal can't read them. But the problem only happens as an anonymous user. As an administrator the script works great
Any idea how to solve this?
I had the same issue.
When you know that the user is logged with your php script, log him with drupal. It's kind of synchronization.
For that, you can use: user_external_login_register
I use wamp to develop on a windows 7 machine. For this app I have an admin area which tracks the admin username and encrypted password with $_SESSION and a cookie which keeps track of the randomly generated encryption key for the password.
I set the cookie like:
setcookie('key', $key, time()+7200, 'admin/');
The admin user verification is run on every admin page after the admin user has entered username and password details to login.
The directory structure of the site and the admin is:
localhost/mysite/
locahost/mysite/admin/
A session runs in the admin section, and a session also runs in the user interface of the front-end to keep track of chosen criteria for searches.
When I run long database queries in the admin area ie. multiple updates and inserts where each iteration requires a connection to an external API, I am unable to load the front-end user interface in the same browser ie. firefox until after the admin operation has completed. If I use a different browser ie. chrome , I am able to load the front-end of the site while running admin mysql functions with no problems.
I'd like to view the site while these operations are running, and use the same browser. It's a small problem, but I'd like to know how to get around it because I want to learn. I mean I could just tell myself that it doesn't matter because the site works fine when I open another browser, and the final user isn't going to be running admin operations while viewing the site anyway, so from that perspective it doesn't matter, but I am curious.
What is going on with the sessions and cookies that stops me from viewing the site whilst the admin operations are running? Is my question even a good one? Part of me thinks that it's a silly question because ultimately the site works perfectly well in a separate browser. Anyway, thank you for looking!
I think your session is being locked. On the page that takes a long time to run add this at the top: session_write_close(); that should fix it.
I have the following code:
$homepage = file_get_contents("https://example.com/specific_page");
echo $homepage;
The browser already has a session of the site that I need access to, so if I open the url in new tab, the page will be properly loaded.
The issue is that the php script, redirects me to "You are not logged in" page. Note that the url is available even after I restart the browser.
Any ideas how to get content without writing a code that logs in to the site?
PHP runs serversided so it has its own session handling, there is no link to your browsers session. You can use cURL and options like CURLOPT_COOKIEJAR to do this. With cURL you can login via PHP and keep the PHP session of the website you are requesting. You will find a bunch of examples in the cURL documentation I linked.
It would be an enormous security issue if a website could gain access to your data on arbitrary external websites. Imagine this: file_get_contents('https://yourbank.com/all-your-details').
The only way you can do this is to ask the user for his/her login credentials on the external website and log in manually. This will be unreliable, though, since the authentication process could change (and it's terribly rude to ask someone for his/her password).
This is generally what web service APIs are used for, but if there's none available for the site you're interested in, you're kind of stuck.
If you already know the login credentials for the website, then you could hardcode them into the script using the approach outlined by Blauesocke, but this won't work if the details are unique to the current user.