views:

29

answers:

1

I've trying to add a messageboard to my Codeigniter web site. Everything has gone well except for one little part: I'd like my log in from the main site to carry over to the messageboard. Since the messageboard is not able to run in Codeigniter, I made a subdomain to run the messageboard in. This means that the main site and the messageboard do not share cookies. The messageboard is Phorum-powered, so there's a hook that I can use to sign in if I have the user_id of my user. In other words my problem basically boils down to being able to run a function on one domain that can get the user_id variable stored in the session of another domain.

Here are things the I've tried:

  1. Setting up a controller in codeigniter that uses ci->session to echo the user_id. Then in the messageboard, I used CURL to fetch me the output of the codeigniter controller. This doesn't seem to work because CURL doesn't carry cookies or sessions or something, so codeigniter can't access it's session when called through CURL.

  2. Same thing but with file_get_contents. File_get_contents is disabled on my server.

I'm pretty much out of ideas. Does anyone know a function I could write that would get me a CI session stored user_id from a different domain?

A: 

Here are two things you can try:

1) host the forum in a subdirectory of your code igniter project. So your two websites will have the url http://mysite.com/ and http://mysite.com/forum. Now that they share the same domain, you can access the session.

2) In your forum login page, display the message "auto-signing in". On that same page add an iframe in the html with the src="http://mysite.com/autologin/tokenid", but hide it with css. The autologin page will have CI session information, which you can temporarily make available to the world via a hard to guess tokenid and by echoing $_SESSION['user_id']. Remember to expire this page when you are done with it. Then refresh the forum's login page and use CURL to grab the publicized session information at http://mysite.com/autologin/tokenid. This is full of security flaws, so do it only as a last resort.

John
Well, security flaws are a no-no. Normally mysite.com/forum would point to the forum controller. I need mysite.com/forum to go to this board without really using codeigniter at all (Or be able to use codeigniter functions without using controllers). Would you know how to do that?
Ethan
if you do option 1, mysite.com/forum will be it's own sub directory independent of the CI framework. That means you can use regular php functions within the mysite.com/forum to inspect the $_SESSION variable, which will hold the CI info you're looking for.
John

related questions