Thread

I have a commercially written program I have purchased that gives some flexibility in setting up session variables to indicate if a users is logged in without hacking the program. If the session variables are properly set, it will assume that the user logged in through its own user system.  I would like to use Expression Engine’s member system as a single system for my entire site.  The program would require quite extensive rewriting to make it into a module.

Without going into the gory details; I’d like to pose these questions:

Is it possible to use some of the function (specifically the session object) of Expression Engine without running the template engine?

If the answer is yes, what does the session object need to accurately determine if the user is in fact logged in?

Hi, Herb -

It is not possible to use only a single part of ExpressionEngine - all of the parts are very much intertwined.  Taking apart just one piece would likely be more work than simply building your own system.

Perhaps CodeIgniter would be a better approach for you?

It is not possible to use only a single part of ExpressionEngine

Why am I not surprised by your reply?

So you are suggesting that I what?  Write my own CMS using code igniter?

Apparently I didn’t make myself clear.  Is there a way to ascertain whether a user is logged into EE and whom that user is without reinventing the wheel?

I’ve tried to follow the code in the core; but, not being a programmer I get lost.

you could possibly use an extension with “login_authenticate_start” or some other hook.

Is not the function of an extension to intercept and either rewrite or override the result of the core code?  How is this triggered if you land on a non ee page first? 

I’m not trying to modify ee.  I’m just trying to ascertain the method ee uses to validate a user like checking a cookie or something and then trigger an action completely outside of ee.  If they aren’t logged in then they’re sent to ee log in.

Is it really that hard to do?

Herb,

Can you clarify the workflow here?

You have a website not run by EE but that does have membership.

You need a user to login to that website and, at the same time, be authenticated to an ExpressionEngine-run site?

For articles, forum, and most of the site ee will be used; however, I am using another program which is a genealogy program.

Members in the user table for the genealogy program are added manually by the administrator only.  They are given permissions in the genealogy programs user table that relate specifically to what they can and can not do within that program.

When a genealogy page is requested, a check needs to be made as to whether the requester is logged into ee.  If they are, then a check of the user table in the genealogy program checks to see if there is a matching member.  If a match is found, then session variables are written that detail the permissions the user will have.  If there is no match or they are not logged into ee, then the user is assigned as a guest user and any permissions associated with being a guest.

There is no need to create automatic duplication of members, in fact while visiting ee pages, ee would simply do what it always does.

The genealogy program is written as a collection of over 100 .php files and would be a nightmare to try to covert to an ee module and even more of a nightmare to upgrade.

I know that this process works because the program currently works just fine using simple machines forum for the site and utilizing their ssi.php to extract logged in status.

Can this be done by simply reading ee’s cookies?  What tests would have to be done to ensure that they are properly being identified as logged in?

I really want to be able to pull this off using ee.

Hi, Herb -

This is likely something that can be done, but it will need someone that is an experienced programmer and knows ExpressionEngine and your scripts fairly well.  I would recommend getting quotes from folks on the Pro Network on integrating the two systems.

Ok let me put it to you this way.  When a user logs in, ee sets 3 cookies: exp_uniquid, exp_userhash, exp_sessionid.  The sessionid is a no brainer; but, uniqueid and userhash are hashes or encrypted.  Since sessionid will only be valid for the duration of the session it will not serve sufficiently to check against the exp_session table.  How does the userhash and uniqueid play into validation?

I have done an extensive search of the forum and find similar questions repeated over and over and over with the same result…. no response.  Is this a secret or something?

I am afraid the only way, really, will be for a programmer to take a look at the code and see how it’s done. It’s not a secret, encrypted or obfuscated in any way, but there is no technical documentation down to this level apart from the source code itself and the comments in it.

Ok go ahead and close this topic, it’s obvious that the only response I’m gonna get is go hire someone.  Yea I’m frustrated.  Read back through the thread and you will see that the only information here was provided by me.  Everyone else just said it’s too hard for you to do by yourself and you need to go hire someone to do that.  I don’t have an unlimited budget.

Herb, I know that it is frustrating.  But this is one of the deeper areas in ExpressionEngine that is going to take programming knowledge to both understand and extend.  You’re welcome to read through the code, it is documented in-line.  There is also our Development Docs.  What you want to do is here really extending ExpressionEngine, not using already available functionality, so it is something that will require PHP/MySQL knowledge to attain that goal.

We really are trying to do our best to point you to the correct resource for this kind of solution.  You said, yourself, that you’re not a programmer so it’s likely this is the point where you at least talk to some programmers to get an idea of the cost to implement such a solution.

Hi Herb,
please look at this thread:
http://ellislab.com/forums/viewthread/66073/
I think that Moxie_code_auth Extension can help you.

This is a similar use case. It helps to secure tinymce.

It is a simple extension written by Greg Freeman:
It creates a php session when ee logs in and then destroy it when the user logs out. The integration is supported by tinymce out of the box.

I think you can read the thread and have a look how tinymce does it.

I hope this helps you.

This extension can be extended for the frontend login with the following hooks:

member_member_login_single to create session

and

member_member_logout to destroy that

Enough said.  But do me a favor and read back through this post and see what every reply said.  Was there one piece of information given out?  It was simply assumed that since I’m not a programmer an informative reply would be over my head and therefore a waste of time.

This is for a personal site.  It will not be generating revenue.  I don’t have any more money I can spend on this project.

So I will not waste anymore of your time.

Erdal:

Thanks for the pointer.

  I don’t see how this will be of use since my users could land directly on a non-ee page via a bookmark which would not invoke ee code and therefore would result in a user being evaluated as not logged in.  I’m not trying to run the program inside of ee; just wanting to determine if the user were to land on an ee page, would they be evaluated as being logged in then obtain the user id.  This assumes that a persistent cookie is being deployed by ee.

  I apologize to the rest of you for my unkind words.