Checking Drupal authentication from external PHP
This may well be simple, but I'm new to Drupal. The organization I work for switched to Drupal a little while ago, but there's still some legacy code in various external PHP files that would be cumbersome to convert over to work within Drupal.
However, it would be very nice to be able to restrict ac开发者_如何学Ccess to some of these pages based on a person being authenticated against Drupal. (Some pages are administrative and are currently visible to anyone who knows the URL, for instance. Yes, poor design, but that's what I inherited...)
How can I check with Drupal, from an external PHP file, to see if the person visiting a given page has authenticated?
I would go with Rimians suggestion of registering the URLs within Drupal itself (+1), but as an alternative, you can bootstrap Drupal 'manually' and check a user permission after that directly from other scripts as well:
// initialize Drupal
// TODO: adjust path according to placement of script (might need to change to Drupal directory first)
require './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
// check user access rights
// TODO: Adjust to the permission you want to restrict to, e.g. 'access content' or whatever
if (!user_access('administer nodes')) {
// Insufficient rights, say so
drupal_access_denied();
exit(0);
}
// ... call legacy script
NOTE: Drupal does quite a bit of work during bootstrap, including some manipulation and setting of global variables, so make sure to check carefully for interferences/clashes with the legacy code (would also apply for Rimians suggestion).
If you want to restrict access to authenticated users only, you can replace the user_access()
call with user_is_logged_in()
. If you want to check by role, you can add a global $user;
and check the contents of the $user->roles
array
You'd need to include those URLs in the menu router so Drupal can bootstrap and check your permissions. Then you'd need to find away to run your third party PHP as an include file or maybe through an interface.
Some clever custom work is required but possibly not too hard. :)
this file should be inside Drupal installation It is hell easy
//set the working directory to your Drupal root
define("DRUPAL_ROOT", "/var/www/drupal/");
//require the bootstrap include
require_once 'includes/bootstrap.inc';
//Load Drupal
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
//(loads everything, but doesn't render anything)
$name = 'admin';
$password = 'admin';
//use Drupal user_authenticate function
if(!user_authenticate($name, $password)){
echo 'invalid';
}else{
echo 'valid';
}
I'm about to do the same thing. I made the component UserlandSession exactly for cases like these; it's a pure PHP session implementation completely independent of native PHP Sessions.
Within Drupal you would maintain the user's info in the session, then have access to the session in any other PHP code.
Use a script to get an instance...
<?php // getSessionInstance.php
use Shibalike\Util\UserlandSession\Storage\Files;
use Shibalike\Util\UserlandSession;
return new UserlandSession(
new Files('MySession', array('path' => '/path/to/session/storage'))
);
In Drupal:
<?php
$sess = (require 'path/to/getSessionInstance.php');
$sess->start();
$sess->set('user', $GLOBALS['user']);
In other apps:
<?php
$sess = (require 'path/to/getSessionInstance.php');
$sess->start();
$userInfo = $sess->get('user');
Drupal stores the the user authentication in the session. However it uses it own custom session handling (see includes/bootstrap.inc where it attaches the custom handlers and includes/session.inc for the callback functions). If you use the same session handling function you could access the Drupal session data to see if the user is authenticated.
精彩评论