PHP variables passed from Coldfusion

[jmcg]

I know nothing about php (as will become apparent) and a bit about cold fusion.

I have a CF app that stores usernames and passwords,etc and a forum based on a php script (SMF Forum).
The forum has a "hook" that allows me to pass the $ID_MEMBER value into the script to allow a user to log into the forum if they are logged into the CF app.

The problem is I have no idea how to do this, I have tried a simple query variable and a cookie setup but they did not work.

I am assuming this is something simple but have no idea, can anyone let me know if this is simple and where I might get help.

 

[ingresman]

How is SMF forum expecting the value ?? e.g.
in the URL fkfkf.com?id_member=
How does smsf forum know where to get user information that the CF app has created ?(is it a custom change ??)

 

[jmcg]

It is a custom change to the forum.

There is a function that handles the ID_MEMBER where present but I cannot inf dout where it needs to be present.

Sorry if I'm not really explaining myself, not really up to speed on all this php stuff

 

[ingresman]

no it's ok.
I presume that the cold fusion app has to call into the forum by some method for example

http://forum.co.uk/index.php

and this wil be done from the browser not within the CF app itself ?
That's the usual way of moving around web pages, either by some kind of redirect or as the result of a click on a hyper link. Somehow the CF app has to pass the id_member to the .php app, this is the area we are missing.
How do you know how to do this ?, is it in some documentation ?

 

[jmcg]

I had intially tried variations of index.php?ID_MEMBER=2 but from the SMF (the forum creators) website found this was not possible but that it had to be coded and the suggested paying someone to do it.
Wouldn't mind doing this but wanted to kmake sure it was not something I could do myself.

This is the hook code that apparently handles the integration:

function loadUserSettings()
{

	global $modSettings, $user_settings;
	global $ID_MEMBER, $db_prefix, $cookiename, $user_info, $language;

	// Check first the integration, then the cookie, and last the session.
	if (isset($modSettings['integrate_verify_user']) && function_exists($modSettings['integrate_verify_user']))
	{
		$ID_MEMBER = (int) call_user_func($modSettings['integrate_verify_user']);
		$already_verified = $ID_MEMBER > 0;
	}
	else
		$ID_MEMBER = 0;

	if (empty($ID_MEMBER) && isset($_COOKIE[$cookiename]))
	{
		$_COOKIE[$cookiename] = stripslashes($_COOKIE[$cookiename]);

		// Fix a security hole in PHP 4.3.9 and below...
		if (preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) == 1)
		{
			list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$cookiename]);
			$ID_MEMBER = !empty($ID_MEMBER) && strlen($password) > 0 ? (int) $ID_MEMBER : 0;
		}
		else
			$ID_MEMBER = 0;
	}
	elseif (empty($ID_MEMBER) && isset($_SESSION['login_' . $cookiename]) && ($_SESSION['USER_AGENT'] == $_SERVER['HTTP_USER_AGENT'] || !empty($modSettings['disableCheckUA'])))
	{
		// !!! Perhaps we can do some more checking on this, such as on the first octet of the IP?
		list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
		$ID_MEMBER = !empty($ID_MEMBER) && strlen($password) == 40 && $login_span > time() ? (int) $ID_MEMBER : 0;
	}

	// Only load this stuff if the user isn't a guest.
	if ($ID_MEMBER != 0)
	{
		// Is the member data cached?
		if (empty($modSettings['cache_enable']) || $modSettings['cache_enable'] < 2 || ($user_settings = cache_get_data('user_settings-' . $ID_MEMBER, 60)) == null)
		{
			$request = db_query("
				SELECT mem.*, IFNULL(a.ID_ATTACH, 0) AS ID_ATTACH, a.filename, a.attachmentType
				FROM {$db_prefix}members AS mem
					LEFT JOIN {$db_prefix}attachments AS a ON (a.ID_MEMBER = $ID_MEMBER)
				WHERE mem.ID_MEMBER = $ID_MEMBER
				LIMIT 1", __FILE__, __LINE__);
			$user_settings = mysql_fetch_assoc($request);
			mysql_free_result($request);

			if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
				cache_put_data('user_settings-' . $ID_MEMBER, $user_settings, 60);
		}

		// Did we find 'im?  If not, junk it.
		if (!empty($user_settings))
		{
			// As much as the password should be right, we can assume the integration set things up.
			if (!empty($already_verified) && $already_verified === true)
				$check = true;
			// SHA-1 passwords should be 40 characters long.
			elseif (strlen($password) == 40)
				$check = sha1($user_settings['passwd'] . $user_settings['passwordSalt']) == $password;
			else
				$check = false;

			// Wrong password or not activated - either way, you're going nowhere.
			$ID_MEMBER = $check && ($user_settings['is_activated'] == 1 || $user_settings['is_activated'] == 11) ? $user_settings['ID_MEMBER'] : 0;
		}
		else
			$ID_MEMBER = 0;
	}

Thanks again for sticking in with this one.

 

[ingresman]

So it looks like it's comming in via a cookie but I can't see where the $cookiename is set. It's declared as global so may be set somewhere else. Can you edit thecode to put a call to print_r($GLOBALS); just after the globals statments and we can see what is being passed.

 

[jmcg]

This gives a load of output, the last of which is

[settings] => [user_info] => [user_settings] => [ID_MEMBER] => )

Not sure if this helps or you need it all.

 

[ingresman]

see if it mentions something like [cookiename] => xyz
(where xyz will be something)
also see where else id_member is referecned.

 

[ingresman]

one other thing, is the CF and the PHP app both under the same domain ?

 

[jmcg]

That was the onlin ID_MEMBER ref.
There is a [cookiename] => SMFCookie956

And both are under the same domain, the forum being in a sub folder

 

[ingresman]

Good, it must have it externally, can we add one more line of code then:
$fred = $_COOKIE[$cookiename];
echo "fred is " . $fred;
again put this after the globals
Hopefully this will show us if the cookie is actually there.
have to go to a meeting will be backl soon !

 

[jmcg]

Returns:
fred is a:4:{i:0;s:1:\"1\";i:1;s:40:\"26629dfb95714e61645b58058ad0df827c4c6df8\";i:2;i:1395153849;i:3;i:0;}

It's terrible when work gets in the way! Enjoy your meeting :-(

 

[ingresman]

it was ok, had to get stuff done before easter.
Well we've established that the php is getting something passed in from cf, looks like a serialised string and that is what is expected.
I think the next the nedt thing is to find the source for the db_query function as that is the one that will go to the database to see if this person is a real user.
Can you find the source and see if the database it's trying to connect to is the one you think it is.
We'll crack it I tell you !

 

[jmcg]

I'm at my limit of knowledge I'm afraid, hopefully this is the bit you mean.
The bit about using integration to log in is, from the SMF forum, what needs to be done!

	// Are we using any sort of integration to validate the login?
	if (isset($modSettings['integrate_validate_login']) && function_exists($modSettings['integrate_validate_login']))
		if (call_user_func($modSettings['integrate_validate_login'], $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry')
		{
			$context['login_error'] = $txt['login_hash_error'];
			$context['disable_login_hashing'] = true;
			return;
		}

	// Load the data up!
	$request = db_query("
		SELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt
		FROM {$db_prefix}members
		WHERE memberName = '$_REQUEST[user]'
		LIMIT 1", __FILE__, __LINE__);
	// Probably mistyped or their email, try it as an email address. (memberName first, though!)
	if (mysql_num_rows($request) == 0)
	{
		mysql_free_result($request);

		$request = db_query("
			SELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt
			FROM {$db_prefix}members
			WHERE emailAddress = '$_REQUEST[user]'
			LIMIT 1", __FILE__, __LINE__);
		// Let them try again, it didn't match anything...
		if (mysql_num_rows($request) == 0)
		{
			$context['login_error'] = &$txt[40];
			return;
		}
	}

 

[ingresman]

Hi,
sorry to be away for so long, very busy here.
Tell me, what happends when you click on the link to go into the php app, what kind of error do you get ?

 

[jmcg]

No worries, easter weekend and everything.

The are no error messages, it simply fails to register that there is a login.