[eluser]Vik[/eluser]
I was able to put together some code that tells a CI app that the user is logged in, without launching CI.
FAL and CI's db_sessions consider someone to be logged in, if there's a cookie which matches an entry in the ci_sessions database.
It took all day, but this seems to be working.
Code:
//SMF calls this routine and provides the $username as a parameter.
//If you're using this routine with an app other than SMF, just delete the parameters -
//this code ignores them.
//However, this code does need a way to get the user's email address, since it looks the user
//up in the fa_user database via the email address.
function login_to_CI_app($username, $hash_password, $cookieTime)
{
//SMF has validated the user. So, log the user in, by
//setting a cookie and putting a matching entry in the ci_sessions database.
//ACCESS GLOBALS FROM SIMPLE MACHINES FORUM TO GET
//USER'S EMAIL ADDRESS, AND THE NAME OF THE SMF DATABASE
global $user_settings, $db_name;
//LOAD CONFIG INFO
$system_folder = "system";
define('BASEPATH', $system_folder.'/');
require_once('system/application/config/config.php');
require_once('system/application/config/database.php');
//SET THE COOKIE
$theCookieName = $config['sess_cookie_name'];
$theSessionID = '';
while (strlen($theSessionID) < 32)
{
$theSessionID .= mt_rand(0, mt_getrandmax());
}
$theSessionID = md5(uniqid($sessid, TRUE));
if (strtolower($config['time_reference']) == 'gmt')
{
$now = time();
$now = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
if (strlen($now) < 10)
{
$this->now = time();
log_message('error', 'The session class could not set a proper GMT timestamp so the local time() value was used.');
}
}
else
{
$now = time();
}
$theExpireTime = $config['sess_expiration'] + $now;
$theCookiePath = $config['cookie_path'];
$theDomain = $config['cookie_domain'];
setcookie(
$theCookieName,
$theSessionID,
$theExpireTime,
$theCookiePath,
$theDomain,
0
);
//INSERT THE MATCHING ENTRY INTO THE CI_SESSIONS DATABASE
$hostname = $db['default']['hostname'];
$user = $db['default']['username'];
$password = $db['default']['password'];
$thedatabase = $db['default']['database'];
$db_link = mysql_connect($hostname, $user, $password);
mysql_select_db($thedatabase);
//Get the info that needs to go into the ci_sessions database.
//Some of it we can get from the browser.
$theIPAddress = get_ip_address();
$theUserAgent = ( ! isset($_SERVER['HTTP_USER_AGENT']) ? FALSE : $_SERVER['HTTP_USER_AGENT']);
$theUserAgent = substr($theUserAgent, 0, 50);
//Some of it we get from the fa_user database
$email = $user_settings['emailAddress'];
$theQuery = "SELECT id, user_name, country_id, email, role, last_visit, created, modified FROM fa_user WHERE email = '$email'";
$result = mysql_query($theQuery);
$theUserData = mysql_fetch_array($result, MYSQL_ASSOC);
$theSerializedUserData = serialize($theUserData);
//Insert the data into the ci_sessions table
$theQuery = "INSERT INTO ci_sessions (session_id, ip_address, user_agent, last_activity, session_data) VALUES ('$theSessionID', '$theIPAddress', '$theUserAgent', '$now', '$theSerializedUserData')";
$result = mysql_query($theQuery);
if (!$result)
die("Couldn't connect to database.");
//return database to SMF in a state it expects
mysql_select_db($db_name);
// mysql_close($db_link);
}
//This is the valid_ip function in system/libraries/input.php
function valid_ip($ip)
{
$ip_segments = explode('.', $ip);
// Always 4 segments needed
if (count($ip_segments) != 4)
{
return FALSE;
}
// IP can not start with 0
if (substr($ip_segments[0], 0, 1) == '0')
{
return FALSE;
}
// Check each segment
foreach ($ip_segments as $segment)
{
// IP segments must be digits and can not be
// longer than 3 digits or greater then 255
if (preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3)
{
return FALSE;
}
}
return TRUE;
}
//Adapted from the ip_address function in system/libraries/input.php
function get_ip_address()
{
$ip_address = FALSE;
if (isset($_SERVER['REMOTE_ADDR']) AND isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif (isset($_SERVER['REMOTE_ADDR']))
{
$ip_address = $_SERVER['REMOTE_ADDR'];
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if ($ip_address === FALSE)
{
$ip_address = '0.0.0.0';
return $ip_address;
}
if (strstr($ip_address, ','))
{
$x = explode(',', $ip_address);
$ip_address = end($x);
}
if ( !valid_ip($ip_address))
{
$ip_address = '0.0.0.0';
}
return $ip_address;
}
