How to fetch current user password from session variables

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

Elena Ivanova

Saturday 23 August 2008 4:18:32 am

Hello,

I'm dealing with a small extension and I need to fetch the current user password in my php script. I tried with:

$currentUser =& eZUser::currentUser();
$currentUserPass = $currentUser->attribute( "password_hash" );

but it doesn't work for me, because of using LDAP for user authentication.

Can I fetch current user password from session variables in some way?

Thanks.

Xavier Gouley

Monday 25 August 2008 2:52:53 am

Hi,

Just used the LDAP for user authentication, I can say that the password is not stored in eZpublish :

When a user try to login, the login / password is sent to LDAP for authentication. If LDAP reply with a positive answer, the eZuser (in eZpublish) is logged in, and updated with such elements like First Name, Last Name, groups, but NO password is put in the eZuser.

In fact, the password is encrypted in LDAP (for my case it is, but check your LDAP), so there is no possibilities to retrive password form LDAP (it is not really secure I think). The password is natively not stored in the session vars also.

The only possibility you have is to implement you own login handler (copy the LDAP one, and modify it) to store password elsewhere (at this step, the password is not encrypted yet). But caution, for security reasons, you have to put it on the server side only ($_SESSION could be a good way, but keep an eye on other eZ extensions that can see it, in clear).

Good luck.

Xavier Gouley
http://www.gxapplications.com/eng_blog/GX-Admin-s-Blog/

Elena Ivanova

Monday 25 August 2008 10:57:20 am

Hello Xavier,

Many thanks for your answer.

>When a user try to login, the login / password is sent to LDAP for authentication. If LDAP reply with a positive answer, the eZuser (in eZpublish) is logged in...

If I understand you correctly - in terms of LDAP it means that this positive answer from LDAP comes if this user is binded with his/her username&password. Am I right?

Best regards,
Elena
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing: Jan 18 2025 16:07:54
Script start
Timing: Jan 18 2025 16:07:54
Module start 'layout'
Timing: Jan 18 2025 16:07:54
Module start 'content'
Timing: Jan 18 2025 16:07:55
Module end 'content'
Timing: Jan 18 2025 16:07:55
Script end

Main resources:

Total runtime0.5973 sec
Peak memory usage4,096.0000 KB
Database Queries57

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0045 588.1719152.6563
Module start 'layout' 0.00450.0026 740.828139.5078
Module start 'content' 0.00700.5887 780.3359542.7344
Module end 'content' 0.59570.0016 1,323.070312.0938
Script end 0.5973  1,335.1641 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00320.5416160.0002
Check MTime0.00140.2305160.0001
Mysql Total
Database connection0.00060.099610.0006
Mysqli_queries0.544291.1030570.0095
Looping result0.00050.0918550.0000
Template Total0.570195.420.2851
Template load0.00230.388620.0012
Template processing0.567895.053320.2839
Template load and register function0.00010.013710.0001
states
state_id_array0.00030.050110.0003
state_identifier_array0.00080.138420.0004
Override
Cache load0.00190.3260260.0001
Sytem overhead
Fetch class attribute can translate value0.00050.086920.0003
Fetch class attribute name0.00120.199050.0002
XML
Image XML parsing0.00170.290520.0009
class_abstraction
Instantiating content class attribute0.00000.002360.0000
General
dbfile0.00180.3017220.0001
String conversion0.00000.000840.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
3content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
3content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
5content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
1content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
1content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1print_pagelayout.tpl<No override>extension/community/design/community/templates/print_pagelayout.tplEdit templateOverride template
 Number of times templates used: 15
 Number of unique templates used: 7

Time used to render debug report: 0.0001 secs