Forums / Developer / How to pass login information to an iframe?

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

How to pass login information to an iframe?

Previous topic

Developer

Next topic

Author	Message
Luca Mischiatti	Tuesday 25 November 2008 1:33:17 am Hi! I have insert an iframe into a template to include a custom php file. This file should by visible only to registered users. Is there a session variable or cookie or similar that can check within my custom file to be sure the user is registered or not?! Thanks in advanced Luca
Daniel Hoppe	Tuesday 25 November 2008 4:21:54 am Hi Luca, function logincheck($redirect = "", $die_message = "no access"){ if ((isset($redirect)) and ($redirect != "")) { if (strpos($redirect, "://")){ } else { if (strlen($redirect) > 0) if (substr($redirect, 0, 1) == "/") $redirect = "http://" . $_SERVER["HTTP_HOST"] . $redirect; else $redirect = "http://" . $_SERVER["HTTP_HOST"] . "/" . $redirect; } } if (isset($_SERVER["HTTP_COOKIE"])) { } else { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } $s = substr($_SERVER["HTTP_COOKIE"], strpos($_SERVER["HTTP_COOKIE"], "eZSESSID") + 9, 32); $session = $s; { // db connection $dbhostname = "???"; $dbuser = "??"; $dbpassword = "???"; $dbname = "???"; $link = @mysql_connect($dbhostname, $dbuser, $dbpassword); if (!$link){ die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db ($dbname, $link); if (!$db_selected){ die ('Can\'t use foo : ' . mysql_error()); } // ///////// } { // get session $myqstring_a = "SELECT * FROM `ezsession` WHERE `session_key` = '" . $session . "'"; $result_a = mysql_query($myqstring_a); $row_a = mysql_fetch_array($result_a); if ($row_a["user_id"] == "") { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } } { // get user $myqstring_b = "SELECT * FROM `ezuser` WHERE `contentobject_id` = " . $row_a["user_id"]; $result_b = mysql_query($myqstring_b); $row_b = mysql_fetch_array($result_b); if (($row_b["email"] == "") or ($row_b["email"] == "nospam@ez.no")) { if ((isset($redirect)) and ($redirect != "")) header('Location: ' . $redirect); else die ($die_message); } } return ($row_b); } Daniel

Author

Message

Luca Mischiatti

Tuesday 25 November 2008 1:33:17 am

Hi!
I have insert an iframe into a template to include a custom php file. This file should by visible only to registered users.
Is there a session variable or cookie or similar that can check within my custom file to be sure the user is registered or not?!

Thanks in advanced
Luca

Daniel Hoppe

Tuesday 25 November 2008 4:21:54 am

Hi Luca,

function logincheck($redirect = "", $die_message = "no access"){
    if ((isset($redirect)) and ($redirect != ""))
        {
        if (strpos($redirect, "://")){
            }
        else
            {
            if (strlen($redirect) > 0)
                 if (substr($redirect, 0, 1) == "/")
                     $redirect = "http://" . $_SERVER["HTTP_HOST"] . $redirect;
                 else
                     $redirect = "http://" . $_SERVER["HTTP_HOST"] . "/" . $redirect;
                }
            }
        if (isset($_SERVER["HTTP_COOKIE"]))
            {
            }
        else
            {
            if ((isset($redirect)) and ($redirect != ""))
                header('Location: ' . $redirect);
            else
                die ($die_message);
            }
        $s = substr($_SERVER["HTTP_COOKIE"], strpos($_SERVER["HTTP_COOKIE"], "eZSESSID") + 9, 32);
        $session = $s;
        { // db connection
             $dbhostname = "???";
             $dbuser = "??";
             $dbpassword = "???";
             $dbname = "???";
            
             $link = @mysql_connect($dbhostname, $dbuser, $dbpassword);
            if (!$link){
                 die('Could not connect: ' . mysql_error());
                }
            $db_selected = mysql_select_db ($dbname, $link);
            if (!$db_selected){
                 die ('Can\'t use foo : ' . mysql_error());
                }
            // /////////
        }
        
        { // get session
             $myqstring_a = "SELECT * FROM `ezsession` WHERE `session_key` = '" . $session . "'";
             $result_a = mysql_query($myqstring_a);
             $row_a = mysql_fetch_array($result_a);
            if ($row_a["user_id"] == "")
            {
                if ((isset($redirect)) and ($redirect != ""))
                    header('Location: ' . $redirect);
                else
                    die ($die_message);
                }
             }
        
        { // get user
            $myqstring_b = "SELECT * FROM `ezuser` WHERE `contentobject_id` = " . $row_a["user_id"];
            $result_b = mysql_query($myqstring_b);
            $row_b = mysql_fetch_array($result_b);
            if (($row_b["email"] == "") or ($row_b["email"] == "nospam@ez.no"))
                {
                if ((isset($redirect)) and ($redirect != ""))
                    header('Location: ' . $redirect);
                else
                    die ($die_message);
                }
            }
        return ($row_b);
        }

Daniel