External interface authenticate
119 views
Skip to first unread message
ivanhe...@gmail.com
Nov 22, 2013, 2:31:04 PM11/22/13
to moll...@googlegroups.com
Hi,
I'm having some issues getting authenticated via the external interface. It appears to be working properly, but I am still prompted with the login page. It looks like it might not be setting the cookie properly as I don't see one when checking cookies in Firefox. If I login at the prompt it works fine and a cookie is set. Also, I can add users, etc without a problem. Am I missing something?
Thanks!
My code:
set_include_path('mollify/backend'.PATH_SEPARATOR.get_include_path());
require_once('external/MollifyExternalInterface.class.php');
$mollify = MollifyExternalInterface();
$mollify->authenticate(1); //authenticate user with id 1
$mollify->isAuthenticated(); //returns 1
Samuli Järvelä
Nov 26, 2013, 5:07:41 AM11/26/13
to moll...@googlegroups.com, ivanhe...@gmail.com
Is this part of the index.html? If so, is it first thing in the page, before the page itself loads? If it is, maybe the cookie does not get to the browser yet and you should make a reload to the page when automatic authentication is done (and make sure it is not done if user is authenticated so it won't end up in infinite loop).
It's been a while since I've tried this, I'll see if I have time to set up this myself to see what happens there.
Samuli Järvelä
Nov 26, 2013, 7:02:29 AM11/26/13
to moll...@googlegroups.com, ivanhe...@gmail.com
Just tried it in my server, and worked just fine
I had a index.html like this:
<?php
set_include_path("backend/".PATH_SEPARATOR.get_include_path());
require_once("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) $mollify->authenticate(1);
?>
<!DOCTYPE html>
<html>
<head>
<title>Auto login test</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<link rel="stylesheet" href="css/mollify.css">
<script type="text/javascript" language="javascript" src="js/mollify.full.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
mollify.App.init({
...
});
});
</script>
</head>
<body>
<div id="mollify"></div>
</body>
</html>
So just regular index.html with external interface code in top of the page.
ivanhe...@gmail.com
Dec 1, 2013, 11:29:16 AM12/1/13
to moll...@googlegroups.com, ivanhe...@gmail.com
Hi, Thank you for the reply.
I should have mentioned before that I am trying to integrate into a CodeIgniter app. I tried the example you provided and it worked fine on its own. Here is the code from my controller:
<?php
class Files extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->model('permissions_model');
set_include_path('frame/application/3rdparty/mollify/backend'.PATH_SEPARATOR.get_include_path());
require_once('external/MollifyExternalInterface.class.php');
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) $mollify->authenticate(1);
}
function index() {
$this->load->view('header');
$this->load->view('admin/admin-header', $data);
$this->load->view('mollify'); //view containing the code from index.html
$this->load->view('footer');
}
}
I've tried several different variations. It looks like a cookie is set and then once I load the view it disappears. If I simply do a redirect from my controller to the sample you provided then it works. Any ideas? Thanks
ivanhe...@gmail.com
Dec 3, 2013, 4:10:44 PM12/3/13
to moll...@googlegroups.com, ivanhe...@gmail.com
I removed the check for last_access in the getSession method of the SessionDao class and it works. I haven't had a chance to dig into why that part is failing yet.
pierr...@gmail.com
Jul 17, 2014, 4:00:50 AM7/17/14
to moll...@googlegroups.com, ivanhe...@gmail.com
Hello,
I'm using Mollify version 1.8.9.3
My Mollify is running on external interface. I log with users on my website and if I click "intranet", mollify opens in an iframe.
I have just changed my provider and merged my website on a new server (using rsync command on Debian server). Everything was well sync and my website runs ok on the new server.
The only issue is that when I click on "intranet", Mollify ask for login. It seems "MollifyExternalInterface.class.php" is not working.
If I log with a user, everything is ok and Mollify runs good.But I don't want this "double-login".
The only difference between the 2 servers is PHP version. Before it was php 5.3 and now it is PHP 5.4.
Do you have any idea where the problem can come from?
Here is my code:
<?php
session_start();
$_SESSION['id'];
$id = $_SESSION['id'];
set_include_path("./backend/".PATH_SEPARATOR.get_include_path());
require("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) $mollify->authenticate($id);
?>
<!--
Copyright (c) 2008- Samuli Järvelä
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License v1.0
which accompanies this distribution, and is available at
http://www.eclipse.org/legal/epl-v10.html. If redistributing this code,
this entire header must remain intact.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Thanks
Pierre
I'm using Mollify version 1.8.9.3
My Mollify is running on external interface. I log with users on my website and if I click "intranet", mollify opens in an iframe.
I have just changed my provider and merged my website on a new server (using rsync command on Debian server). Everything was well sync and my website runs ok on the new server.
The only issue is that when I click on "intranet", Mollify ask for login. It seems "MollifyExternalInterface.class.php" is not working.
If I log with a user, everything is ok and Mollify runs good.But I don't want this "double-login".
The only difference between the 2 servers is PHP version. Before it was php 5.3 and now it is PHP 5.4.
Do you have any idea where the problem can come from?
Here is my code:
<?php
session_start();
$_SESSION['id'];
$id = $_SESSION['id'];
set_include_path("./backend/".PATH_SEPARATOR.get_include_path());
require("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) $mollify->authenticate($id);
?>
<!--
Copyright (c) 2008- Samuli Järvelä
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License v1.0
which accompanies this distribution, and is available at
http://www.eclipse.org/legal/epl-v10.html. If redistributing this code,
this entire header must remain intact.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Thanks
Pierre
Samuli Järvelä
Jul 18, 2014, 2:35:06 AM7/18/14
to moll...@googlegroups.com, ivanhe...@gmail.com, pierr...@gmail.com
The external interface authentication ($mollify->authenticate($id)) needs the actual mollify user id.
You are using id from "$id = $_SESSION['id'];" which does not make sense, unless this "id" variable is somehow the mollify user id.
pierr...@gmail.com
Jul 18, 2014, 3:02:06 AM7/18/14
to moll...@googlegroups.com, ivanhe...@gmail.com, pierr...@gmail.com
Sorry not to have mention that,
My user are logging-in on my website with users & password table from mollify.
So $_SESSION['id'] give my the id 274 (which is me in the table "user").
Even if I set the code like this:
<?php
session_start();
set_include_path("./backend/".
My user are logging-in on my website with users & password table from mollify.
So $_SESSION['id'] give my the id 274 (which is me in the table "user").
Even if I set the code like this:
<?php
session_start();
set_include_path("./backend/".
PATH_SEPARATOR.get_include_path());
require("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
require("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) $mollify->authenticate(274);
?>
it doesn't work... If I set index.html with $id=$_SESSION['id'] and I open it with direct link (without loging-in on my website) there is a white page and the loging box doesn't show.
Only if I'm logged on my website and open the iframe mollify, the loging box shows. It seems mollify try to authenticate but something wrong happens.
The most terrible thing is that it was working perfectly on my previous server and I changed nothing on my code. Maybe it is a server parameter issue?
Thanks a lot for your help!
Pierre
?>
it doesn't work... If I set index.html with $id=$_SESSION['id'] and I open it with direct link (without loging-in on my website) there is a white page and the loging box doesn't show.
Only if I'm logged on my website and open the iframe mollify, the loging box shows. It seems mollify try to authenticate but something wrong happens.
The most terrible thing is that it was working perfectly on my previous server and I changed nothing on my code. Maybe it is a server parameter issue?
Thanks a lot for your help!
Pierre
Samuli Järvelä
Aug 3, 2014, 7:36:07 AM8/3/14
to moll...@googlegroups.com, ivanhe...@gmail.com, pierr...@gmail.com
These are very hard to troubleshoot. Few times solution I've had working, have not worked on some other system, but I don't know why.
The idea behind this is that Mollify session would be initialized and authenticated before the browser loads the page and asks the server that there session. And since you get the login page, server says that there is no session/authentication.
Could you try this code so that you make test page that prints out what happens there, something like this
<?php
// whatever you do to get the user id
require("external/MollifyExternalInterface.class.php");
$mollify = MollifyExternalInterface();
if (!$mollify->isAuthenticated()) {
$mollify->authenticate($id);
echo "Not authenticated, authenticating as ".$id;
}
// TEST
if (!$mollify->isAuthenticated()) echo "Still not authenticated";
else echo "Authenticated: ".$mollify->getUserId()." ".$mollify->getUsername();
?>
And note that this might not be valid code, just wrote it here to give idea. When you open this page, first time it should say "Not authenticated, authenticating as 123" and "Authenticated: 123 username", and after that only "Authenticated...".
But if it says "Still not authenticated", it does not work.
However, if this test actually works (the first case), but the page itself does not, I suppose this is some server configuration/session configuration issue, that sessions are mixed (I was thinking about that "session_start" you have there, if it actually breaks this).
Samuli Järvelä
Aug 3, 2014, 8:18:49 AM8/3/14
to moll...@googlegroups.com, ivanhe...@gmail.com, pierr...@gmail.com
Actually, now that I think about this, it cannot be PHP session issue.
I totally forgot that I removed the use of PHP sessions some time ago, because it had it's limitations. Instead, Mollify has it's own internal session handling, all sessions are stored in database table "session". So if your code actually does make a login, it should be stored in this table.
In login, the session id is stored in a cookie for later page loads. So this is a possible reason for this not working: if cookies are not working (for some reason), the opened session is not found when the app checks for it.
syxths...@gmail.com
Jan 9, 2015, 4:13:58 AM1/9/15
to moll...@googlegroups.com, ivanhe...@gmail.com
I have used Samuli's example code from 03/08/2014 on separate script page... and it works..
Not authenticated, authenticating as 1Authenticated: 1 jukk....@..syxthsense.com
But when I add the code to the beginning of index.html page I get the following errors:- (using the latest mollify)
Warning: Missing argument 2 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 3 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 4 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 5 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 6 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 7 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Notice: Undefined variable: method in E:\webroot\support\fileforum\backend\include\Request.class.php on line 103
Notice: Undefined variable: uri in E:\webroot\support\fileforum\backend\include\Request.class.php on line 104
Notice: Undefined variable: ip in E:\webroot\support\fileforum\backend\include\Request.class.php on line 105
Notice: Undefined variable: parts in E:\webroot\support\fileforum\backend\include\Request.class.php on line 106
Notice: Undefined variable: params in E:\webroot\support\fileforum\backend\include\Request.class.php on line 107
Notice: Undefined variable: data in E:\webroot\support\fileforum\backend\include\Request.class.php on line 108
Looking at line 55 on the externalInterface code it says
$this->env->initialize(new Request(TRUE));
I have no idea what would be the reason. Any help?
Not authenticated, authenticating as 1Authenticated: 1 jukk....@..syxthsense.com
But when I add the code to the beginning of index.html page I get the following errors:- (using the latest mollify)
Warning: Missing argument 2 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 3 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 4 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 5 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 6 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Warning: Missing argument 7 for Request::__construct(), called in E:\webroot\support\fileforum\backend\external\MollifyExternalInterface.class.php on line 55 and defined in E:\webroot\support\fileforum\backend\include\Request.class.php on line 101
Notice: Undefined variable: method in E:\webroot\support\fileforum\backend\include\Request.class.php on line 103
Notice: Undefined variable: uri in E:\webroot\support\fileforum\backend\include\Request.class.php on line 104
Notice: Undefined variable: ip in E:\webroot\support\fileforum\backend\include\Request.class.php on line 105
Notice: Undefined variable: parts in E:\webroot\support\fileforum\backend\include\Request.class.php on line 106
Notice: Undefined variable: params in E:\webroot\support\fileforum\backend\include\Request.class.php on line 107
Notice: Undefined variable: data in E:\webroot\support\fileforum\backend\include\Request.class.php on line 108
Looking at line 55 on the externalInterface code it says
$this->env->initialize(new Request(TRUE));
I have no idea what would be the reason. Any help?
Samuli Järvelä
Jan 9, 2015, 4:21:05 AM1/9/15
to moll...@googlegroups.com, ivanhe...@gmail.com, syxths...@gmail.com
Not sure what's been with that, but I suppose it should say
Request::get(TRUE)
ie use static get function which constructs a request object.
Actually it wouldn't need a real request, since the original request is targeted to somewhere else (the page that only commands), so creating any request object would be ok.
syxths...@gmail.com
Jan 14, 2015, 6:28:56 AM1/14/15
to moll...@googlegroups.com, ivanhe...@gmail.com
It seems that modifying the code on line 55 to
$this->env->initialize(Request::Get(TRUE));
Resolves the errors.
Now following the Samuli's example it is possible to Authenticate user 1, but...
When you go to index.html page first time with
IE11 - it authenticates
Chrome 39 - it authenticates
Firefox - it does not authenticate
Now if we keep reloading the page..
IE11 -every now and then the log in page appears
Chrome 39 - every now and then the log in page appears
Firefox -approx. every third reload it autheticates
Any ideas, Just wanted to get the authentication reliable and not to show the log in box again. Thank you.
Samuli Järvelä
Jan 14, 2015, 7:14:16 AM1/14/15
to moll...@googlegroups.com, ivanhe...@gmail.com, syxths...@gmail.com
Not quite sure what's going on there, sounds very strange.
Why would refresh lose the authentication? I mean, if you remove the autologin stuff, so you use the "regular" page, and log in. Then if you reload the page, it should not bring back the login page. Does it? It shouldn't, and I can't figure out why would it, and why would it depend on the browser??
The point of this autologin part is this
1) whenever the page is served by the server, it first checks if there is active session. If not, then it makes the login, so there is session (THIS IS THE IMPORTANT PART, after this step there should _always_ be session before it even gets to the browser)
2) when the page comes to the browser, it makes ajax request to check if there is session, which there now always should (but if not, it will show login page, this is default stuff, so this entire autologin is based on step 1)
Of course the reason why I'm not seeing this, could be due to the error there was in anonymous sessions. This is fixed and committed into GitHub, you could update your Authentication.class.php from here (https://github.com/sjarvela/mollify/blob/master/backend/include/Authentication.class.php). Actually only line 207 was changed.
Reply all
Reply to author
Forward
0 new messages