autologin_method and session information

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
semom
Registered User
Posts: 2
Joined: Sat Dec 21, 2013 4:29 pm

autologin_method and session information

Post by semom »

I have lately integrated a phpBB 3.0 into an existing symfony 2 application by using a custom authentication plugin.

It works all great, and the users gets authenticated at the forum automatically.

However, whenever a user first accessed the forum, it showed no timestamp based values, resulting in no last visit time shown, no current time shown and no recent posts shown at the viewforum page. At the second request (e.g. when reloading the page) all worked fine.

I traced this to begin no user['date_format'] set in session.php session / user class. After some further debugging it became more clear why this might happen:

In session.php / session_begin goes like this:
1)

Code: Select all

if (!empty($this->session_id))
		{
			$sql = 'SELECT u.*, s.*
				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
				WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
					AND u.user_id = s.session_user_id";
			$result = $db->sql_query($sql);
			$this->data = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);
			...
Please notice $this->data is set to a join record of USER_TABLE and SESSIONS_TABLE. Further a lot more code follows in the if block..

2)
If no session_id is set, it creates a new session

Code: Select all


		// If we reach here then no (valid) session exists. So we'll create a new one
		return $this->session_create();

In session_create the autologin_method is called, which returns only a USER_TABLE record, which gets set as $this->data.

Code: Select all

$method = basename(trim($config['auth_method']));
		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);

		$method = 'autologin_' . $method;
		if (function_exists($method))
		{
			$this->data = $method();

After creating the session I added a "refresh" of the internal $user->data array, and now everything works as expected. (Though I'm not sure what side effects it might have).

Code: Select all

// If we reach here then no (valid) session exists. So we'll create a new one
                $result = $this->session_create();

                $sql = 'SELECT u.*, s.*
                        FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
                        WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
                                AND u.user_id = s.session_user_id";
                $result = $db->sql_query($sql);
                $this->data = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);

                return $result;


User avatar
bonelifer
Community Team
Community Team
Posts: 112
Joined: Mon Jan 31, 2005 10:41 am

Re: autologin_method and session information

Post by bonelifer »

Since this has to do with the current stable line, your question needs to be asked at our main board in the "[3.0.x] MOD Writers Discussion" forum: https://www.phpbb.com/community/viewforum.php?f=71

semom
Registered User
Posts: 2
Joined: Sat Dec 21, 2013 4:29 pm

Re: autologin_method and session information

Post by semom »

Should i maybe just open an ticket for this?

It's is rather a bug report than a question.

Post Reply