All geek questions in one place

Drupal Authentication with External PHP

It may be simple, but I'm new to Drupal. The organization I'm working on switched to Drupal some time ago, but there is still some legacy code in various external PHP files that would be cumbersome to convert to working with Drupal.

However, it would be a pleasure to be able to restrict access to some of these pages based on a person authenticated with Drupal. (Some pages are administrative and currently visible to anyone who knows the URL, for example. Yes, poor design, but what I inherited ...)

How can I check with Drupal from an external PHP file to check if the person visiting the specified page has passed?

+4
source share
5 answers

I would suggest that Rimians register the URLs inside Drupal itself (+1), but as an alternative, you can load Drupal β€œmanually” and check user rights after that directly from other scripts:

// initialize Drupal // TODO: adjust path according to placement of script (might need to change to Drupal directory first) require './includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // check user access rights // TODO: Adjust to the permission you want to restrict to, eg 'access content' or whatever if (!user_access('administer nodes')) { // Insufficient rights, say so drupal_access_denied(); exit(0); } // ... call legacy script

NOTE. Drupal does a little work at boot time, including some manipulations and setting global variables, so be sure to carefully check for interference / collisions with outdated code (will also apply for Rimians).

If you want to restrict access only to authenticated users, you can replace the user_access() user_is_logged_in() . If you want to check the role, you can add global $user; and check the contents of the $user->roles array

+6
source

You will need to include these URLs in the router menu so that Drupal can boot and check your permissions. Then you will need to find to run third-party PHP as an include file or, perhaps, through the interface.

It takes some smart user work, but maybe not too complicated. :)

+5
source

This file must be inside the Drupal installation. It's just hell.

 //set the working directory to your Drupal root define("DRUPAL_ROOT", "/var/www/drupal/"); //require the bootstrap include require_once 'includes/bootstrap.inc'; //Load Drupal drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); //(loads everything, but doesn't render anything) $name = 'admin'; $password = 'admin'; //use Drupal user_authenticate function if(!user_authenticate($name, $password)){ echo 'invalid'; }else{ echo 'valid'; }
+1
source

I am going to do the same. I made the UserlandSession component specifically for such cases; it is a pure implementation of a PHP session, completely independent of its own PHP sessions.

In Drupal, you will maintain user information in a session, and then have access to the session in any other PHP code.

Use a script to get an instance ...

 <?php // getSessionInstance.php use Shibalike\Util\UserlandSession\Storage\Files; use Shibalike\Util\UserlandSession; return new UserlandSession( new Files('MySession', array('path' => '/path/to/session/storage')) );

In Drupal:

 <?php $sess = (require 'path/to/getSessionInstance.php'); $sess->start(); $sess->set('user', $GLOBALS['user']);

In other applications:

 <?php $sess = (require 'path/to/getSessionInstance.php'); $sess->start(); $userInfo = $sess->get('user');
0
source

Drupal stores user authentication in a session. However, it uses its own custom session handling (see Include / bootstrap.inc, where it attaches custom handlers and includes /session.inc for callback functions). If you use the same session processing function, you can access the Drupal session data to authenticate the user.

-2
source

Source: https://habr.com/ru/post/1304818/

More articles:


All Articles