Flourish PHP Unframework
This is an archived copy of the forum for reference purposes

Help with fSession::enablePersistence

posted by anonymous 9 years ago

Hi there i am having some real trouble with this function, at the moment it dosent seem to be working. Here is my code, below. I have a feeling it may have something to do with the settings php.ini file but am not to sure, i have a pretty standard macports php/apache install. Any help would be greatly appreciated. 

//init.php 

fSession::setPath(BASE_FOLDER.'storage/sessions');
fSession::setLength('30 minutes', '1 week');

//Users.php

public function log_in(){

			if(fRequest::isPost()){

				try{
					$user = User(array('email'=>fRequest::get('email')));

					if(!fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword())){
						throw new fValidationException('The login or password entered is invalid');
					}
					
					$user->setActiveAt(fTimestamp('now'))->store()->login();
					
					if(fRequest::get('remember_me', 'boolean')){
						fSession::enablePersistence();
					}
					
					$user->redirect();
					
				}catch (fValidationException $e) {
					fMessaging::create('error', fURL::get(), 'The login or password entered is invalid');
				}catch(fException $e){
						var_dump($e->getMessage());
				}
				
			
			}
			
			include BASE_FOLDER.'views/users/log_in.php';
		}

Thanks Ben.

Ben,

After looking over your code it doesn't appear that you are actually storing any authorization information into the session, now I maybe wrong as I'm not sure what happens in the $user->login() function, but this code looks ok so I will go out on a limb. Please see below and also have a look at the fAuthorization docs. 


public function log_in(){
 
            if(fRequest::isPost()){
 
                try{
                    $user = User(array('email'=>fRequest::get('email')));
 
                    if(!fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword())){
                        throw new fValidationException('The login or password entered is invalid');
                    }
                    
                    $user->setActiveAt(fTimestamp('now'))->store()->login();
                    
                    //Authorization Code Here
                    fAuthorization::setUserAuthLevel('user');
                    fAuthorization::setUserToken($user->getUserId()); 
                    //End new code

                    if(fRequest::get('remember_me', 'boolean')){
                        fSession::enablePersistence();
                    }
                    
                    $user->redirect();
                    
                }catch (fValidationException $e) {
                    fMessaging::create('error', fURL::get(), 'The login or password entered is invalid');
                }catch(fException $e){
                        var_dump($e->getMessage());
                }
                
            
            }
            
            include BASE_FOLDER.'views/users/log_in.php';
        }

Then in any secured pages you can use the following code 

//This will boot them to whatever path you pass to fAuthorization::setLoginPage() 
fAuthorization::requireLoggedIn();

//Alternately you can do some manual handling of the situation
if(fAuthorization::checkLoggedIn()) {
  //Happy days are here again
} else {
  //Display some error message, redirect, whatever
}

The thing to keep in mind is that fAuthorization::requireLoggedIn() and fAuthorization::checkLoggedIn() are both looking for the presence of either ACL or AuthLevel authorization.

Without knowing the content of $user->login() I could be way off base, but I hope it helps.

posted by ihumanable 9 years ago

Thanks for your insight, but login is indeed setting the the authorization data, there is something wrong with the cookie persisting, the session will last until i close the browser, i looked into the code and that pretty much extends the expiration time on the cookie, which does not seem to be happening, i will have play around a little longer, but i am a bit stumped. 

public function login(){
	fAuthorization::setUserAuthLevel($this->getRole());
	fAuthorization::setUserToken($this->getEmail());

	return $this;
}
posted by anonymous 9 years ago

Im not sure if this is a mistake but when I restructure my code to work like below. It works fine, in the documentation it is the other way around,

http://flourishlib.com/docs/fSession#KeepingUsersLoggedIn

am I arrogant to think the documentation is wrong, or am I doing something wrong? 


if(fRequest::get('remember_me', 'boolean')){
	fSession::enablePersistence();
}
					
$user->setActiveAt(fTimestamp('now'))->store()->login();
posted by anonymous 9 years ago

I think you are onto something here. Can you try changing the code to what you had originally, but add a call to session_regenerate_id(); on line 219 of fSession? If this works then I can change fSession so it doesn't matter when you call ::enablePersistence().

posted by wbond 9 years ago

Awesome will, it worked!

posted by anonymous 9 years ago

This is fixed in r892

posted by wbond 9 years ago