#1790 Session

[Anonymous]

I have question. Can you explain a bit more regarding the session, because currenly, im integrating mrbs with my current web system. I wanted to use the same session when user log in the current system, to link to the mrbs so that the user doesnt have to log in again. Is it doable?

[Campbell Morrison]

How does authentication work in your web system? Are you using a standard system such as Joomla or Wordpress? If so, you can just set $auth['type'] and $auth['session'] appropriately.

If you've got your own custom scheme then you'll probably have to write your own auth and session modules.

[Anonymous]

Im just using a normal php website. Well, the authentication method is also just simple, the user key in username and password and directly check in the database. If the password and username matches then it will go to a hompage that user will select from few options ie: helpdesk, mrbs. Because I dont really get how you throw the session inside the mrbs. Mind to explain some more?

[Anonymous]

I use cpanel as my platform.

[Campbell Morrison]

You'll need to write your own session module implementing the following functions:

authGet()
getUserName()
print_logon_box()
logoff_user()

and it should also process the results of a login form. See session_php.inc for an example.

[Anonymous]

Means i cannot directly link? I have to do another page to get the session from the previous homepage?

[Campbell Morrison]

No, you won't have to have another page. You just need to write some code that will enable MRBS to know whether a user is already logged in to to your website.

On your website, how do you know whether a user is already logged in if they move from one page to another?

[Anonymous]

I created a session for the user using normal php. Here I attached the login page and where it redirect when user already logged in. Is this sufficient to explain?

[Campbell Morrison]

Then you can pick up the username from $_SESSION. For example, for getUserName()

function getUserName()
{
  if ($_SESSION['signed_in'] && isset($_SESSION["user_name"]) && ($_SESSION["user_name"] !== ''))
  {
    return $_SESSION["user_name"];
  }

  return NULL;
}

I suggest you model your MRBS session module on session/session_php.inc.

[Anonymous]

However, it still prompts session expired. Mind to explain more? Ive been trying to figure out, but still unable to figure it out. I already try so hard but still cannot find. I need to get it online by Friday. Mind to help me a bit more?

[Anonymous]

I can attached the sample of the first page when user select the helpdesk. How it redirect and maintain the session for your reference.

[Anonymous]

Or do we have to throw hidden value for the username and password to the login form and let it process and create its own session?

[Anonymous]

Because I found out that it cannot capture the session. Im sorry for the inconvience.

[Anonymous]

Any advise?

[Campbell Morrison]

You are going to have to write your own auth and session modules, let's call them auth_custom.inc and session_custom.inc. In your config file you will then define both $auth['type'] and $auth['session'] as 'custom'.

The auth module is probably best based on auth_db_ext.inc and should implement authValidateUser($user, $pass), authGetUserLevel($user), authGetUserLevel($user) and authGetUserEmail($user) by querying your database to get the results.

The session module should implement authGet(), getUserName(), print_logon_box() and logoff_user() and it should also process the results of an MRBS login form, by logging on a user in your system, ie by setting the session variables, on successful login.

[Anonymous]

At the config file, do i have to change this line from db_ext to custom too?

> $auth['db_ext']['db_system'] = 'mysql';
// Hostname of external database server. For pgsql, can use "" instead of localhost
// to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost"
// tells the system to use Unix Domain Sockets, and $db_port will be ignored;
// if you want to force TCP connection you can use "127.0.0.1".
$auth['db_ext']['db_host'] = 'localhost';
// If you need to use a non standard port for the database connection you
// can uncomment the following line and specify the port number
//$auth['db_ext']['db_port'] = 1234;
$auth['db_ext']['db_username'] = 'ituser_users';
$auth['db_ext']['db_password'] = 'sushiking123';
$auth['db_ext']['db_name'] = 'ituser_users';
$auth['db_ext']['db_table'] = 'site_users';
$auth['db_ext']['column_name_username'] = 'user_login';
$auth['db_ext']['column_name_password'] = 'user_password';
$auth['db_ext']['column_name_email'] = 'user_email';
// Below is an example if you want to put the MRBS user level in the DB
//s$auth['db_ext']['column_name_level'] = 'user_level';
// Either 'password_hash' (from PHP 5.5.0), 'md5', 'sha1', 'crypt' or 'plaintext'
$auth['db_ext']['password_format'] = 'plaintext';

[Campbell Morrison]

It depends whether you want to use these config variables in auth_custom.inc.

[Anonymous]

Or do you mind guiding me on writing the auth_custom module? Im really blur in this. Im sorry for asking you so much.

[Campbell Morrison]

Sorry, I'm afraid I haven't got time to do more than point you in the right direction.

[Anonymous]

I try first, then I let you see what I did later. Thank you and sorry for the inconvinience

[Anonymous]

I did it! Thank you. But however, if i use admin or the department login id and password can. But if i login using user login id, it cannot capture.
Example:
Uname: itdepartment
Pword:sk12345
Able to capture the session.
But when I login
Uname: SC1855
pword: sc1855
Unable to capture the session.
Mind to explain why?

[Campbell Morrison]

I don't know. Maybe it's to do with the case of the username. Is it being converted to lowercase before you check in the database?

[Anonymous]

How can i know if its converted to lowercase?

[Campbell Morrison]

You'll need to put some debugging code in your auth and session modules to find out why SC1855 isn't being recognised.