Forums / Developer / How to pass login information to an iframe?

How to pass login information to an iframe?

Next topic

Author	Message
Luca Mischiatti	Tuesday 25 November 2008 1:33:17 am Hi! I have insert an iframe into a template to include a custom php file. This file should by visible only to registered users. Is there a session variable or cookie or similar that can check within my custom file to be sure the user is registered or not?! Thanks in advanced Luca
Daniel Hoppe	Tuesday 25 November 2008 4:21:54 am Hi Luca, function logincheck($redirect = "", $die_message = "no access"){ if ((isset($redirect)) and ($redirect != "")) { if (strpos($redirect, "://")){ } else { if (strlen($redirect) > 0) if (substr($redirect, 0, 1) == "/") $redirect = "http://" . $_SERVER["HTTP_HOST"] . $redirect; else $redirect = "http://" . $_SERVER["HTTP_HOST"] . "/" . $redirect; } } if (isset($_SERVER["HTTP_COOKIE"])) { } else { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } $s = substr($_SERVER["HTTP_COOKIE"], strpos($_SERVER["HTTP_COOKIE"], "eZSESSID") + 9, 32); $session = $s; { // db connection $dbhostname = "???"; $dbuser = "??"; $dbpassword = "???"; $dbname = "???"; $link = @mysql_connect($dbhostname, $dbuser, $dbpassword); if (!$link){ die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db ($dbname, $link); if (!$db_selected){ die ('Can\'t use foo : ' . mysql_error()); } // ///////// } { // get session $myqstring_a = "SELECT * FROM `ezsession` WHERE `session_key` = '" . $session . "'"; $result_a = mysql_query($myqstring_a); $row_a = mysql_fetch_array($result_a); if ($row_a["user_id"] == "") { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } } { // get user $myqstring_b = "SELECT * FROM `ezuser` WHERE `contentobject_id` = " . $row_a["user_id"]; $result_b = mysql_query($myqstring_b); $row_b = mysql_fetch_array($result_b); if (($row_b["email"] == "") or ($row_b["email"] == "nospam@ez.no")) { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } } return ($row_b); } Daniel

Author

Message

Tuesday 25 November 2008 1:33:17 am

Hi!
I have insert an iframe into a template to include a custom php file. This file should by visible only to registered users.
Is there a session variable or cookie or similar that can check within my custom file to be sure the user is registered or not?!

Thanks in advanced
Luca

Daniel Hoppe

Tuesday 25 November 2008 4:21:54 am

Hi Luca,

function logincheck($redirect = "", $die_message = "no access"){
    if ((isset($redirect)) and ($redirect != ""))
        {
        if (strpos($redirect, "://")){
            }
        else
            {
            if (strlen($redirect) > 0)
                 if (substr($redirect, 0, 1) == "/")
                     $redirect = "http://" . $_SERVER["HTTP_HOST"] . $redirect;
                 else
                     $redirect = "http://" . $_SERVER["HTTP_HOST"] . "/" . $redirect;
                }
            }
        if (isset($_SERVER["HTTP_COOKIE"]))
            {
            }
        else
            {
            if ((isset($redirect)) and ($redirect != ""))
                header('Location: ' . $redirect);
            else
                die ($die_message);
            }
        $s = substr($_SERVER["HTTP_COOKIE"], strpos($_SERVER["HTTP_COOKIE"], "eZSESSID") + 9, 32);
        $session = $s;
        { // db connection
             $dbhostname = "???";
             $dbuser = "??";
             $dbpassword = "???";
             $dbname = "???";
            
             $link = @mysql_connect($dbhostname, $dbuser, $dbpassword);
            if (!$link){
                 die('Could not connect: ' . mysql_error());
                }
            $db_selected = mysql_select_db ($dbname, $link);
            if (!$db_selected){
                 die ('Can\'t use foo : ' . mysql_error());
                }
            // /////////
        }
        
        { // get session
             $myqstring_a = "SELECT * FROM `ezsession` WHERE `session_key` = '" . $session . "'";
             $result_a = mysql_query($myqstring_a);
             $row_a = mysql_fetch_array($result_a);
            if ($row_a["user_id"] == "")
            {
                if ((isset($redirect)) and ($redirect != ""))
                    header('Location: ' . $redirect);
                else
                    die ($die_message);
                }
             }
        
        { // get user
            $myqstring_b = "SELECT * FROM `ezuser` WHERE `contentobject_id` = " . $row_a["user_id"];
            $result_b = mysql_query($myqstring_b);
            $row_b = mysql_fetch_array($result_b);
            if (($row_b["email"] == "") or ($row_b["email"] == "nospam@ez.no"))
                {
                if ((isset($redirect)) and ($redirect != ""))
                    header('Location: ' . $redirect);
                else
                    die ($die_message);
                }
            }
        return ($row_b);
        }

Daniel