Menu
▾
▴
Re: [Ilohamail-devel] Drupal integration: session key ack!
|
From: Ryo C. <ry...@il...> - 2005-01-20 03:23:21
|
Hey Eric, If you wait for a bit, I'll be working on session integration APIs (someone agreed to sponsor such feature). Basically, it'll be a set of PHP functions that you can call from an existing site that'll initiate sessions (with key and all) without user interaction. I think something like that will make your life much easier ;-) Ryo On 1/20/2005, "Eric Drechsel" <ed...@pi...> wrote: >I'm working to integrate IlohaMail into drupal for our isp ( >www.pioneer-net.com ). > >I've created a custom auth module for drupal that authenticates using >IM. It actually calls exec("php makeimsession.php user pass etc"). >makeimsession.php is basically a stripped down index.php that creates >an IM session. On success, the last line of stdout contains the new >session id. The drupal auth module then stores the sid in $_SESSION, and >generates links to IM using this sid (later I will look at actually >embedding pages). > >Theoretically, after the user logs in to drupal using their mail username >and pass, they can click a link in the navbar and go to IM proper with >the session they have created. Problem is, instead they get an "Invalid >session ID" error. > >So I stumbled around the code base a bit, and discovered that when you >log in, a session KEY gets created (encryption.inc). If cookies can be >set, it gens a random key and saves it to a cookie. Otherwise, it gens a >key from the remote ip address. > >The reason, I believe, that I'm getting invalid session errors is that >this key isn't being saved (I discard all IM output including headers). >On top of that, since I'm creating the session using a local call to >PHP, it can't set cookies and it has a null remote ip, resulting in a >null session key! > >I had hoped to make this work without patching IlohaMail, so that it >would be easy for others to deploy. This is what I came up with though: > >* Patch several functions in encryption.inc to use a client IP that is >passed in from drupal (if being called thru makeimsession.php) and to >trust drupal to detect cookie support. >* Pass the session key out through stdout. > >I know this is really ugly, and I suspect that it's just going to get >uglier as I go along. I would like to be able to release this as a >drupal module when it's done. If there is something I can do in CVS to >make it easier to integrate IM with other apps, I am willing. Thanks for >the great support Ryo. > >Regards >Eric Drechsel >Pioneer-net > > >------------------------------------------------------- >This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting >Tool for open source databases. Create drag-&-drop reports. Save time >by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. >Download a FREE copy at http://www.intelliview.com/go/osdn_nl >_______________________________________________ >Ilohamail-devel mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-devel |