detecting succesfull coppermine logins

[johnm1019]

I'm creating a custom site, and I am using coppermine for its photo abilities.  Because of this, I am going to use coppermine as a user/login manager.
How can I hook into the cookies or whatever after a user has logged in via coppermine to know in my application that a user is successfully logged in and grab their username?

The site is hosted as mydomain.com/app and the gallery is gallery.mydomain.com -- the two sites are also using the same database, as I dig through other parts of the coppermine database for photo stuff, so if I need to check a hash against the session table or something I can do that.


How do I do this?  What do I do with which cookies?

[Nibbler]

Generate the client_id, like so

Code Select Expand


                $this->client_id = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url']);


That is just an md5 hash of the user agent, protocol and site url.

That client_id is the name of the cookie you need to look for. When you read that cookie you get the sessioncookie.

Code Select Expand


                // Get the session cookie value
                $sessioncookie = $_COOKIE[$this->client_id];


Use that to generate the session_id using the client_id you had from before

Code Select Expand


                // Create the session id by concat(session_cookie_value, client_id)
                $session_id = $sessioncookie.$this->client_id;


The session_id stored in the sessions table is an md5 hash of the session_id you just calculated, so you can look that up and get the user_id from it.

Code Select Expand


                    // Check for valid session
                    $sql =  'select user_id from '.$this->sessionstable.' where session_id=md5("'.$session_id.'");';
                    $result = cpg_db_query($sql);


All code from bridge/coppermine.inc.php

[johnm1019]

Thank you!
You might sticky this because if you try and search for it, all your results are inundated with people looking to bridge coppermine to open-source platform xyz, rarely the other way around .

[johnm1019]

For those who find this later a little more info for ya.

I have my site setup as subdomain1.whatever.com and subdomain2.whatever.com (one of those is for the gallery, the other for the application)

By default coppermine specifies no domain for the cookie so the default is used which is the complete gallery.mydomain.com
If you want the cookies to be readable across all subdomains, go into bridge/coppermine.inc.php and find the only line that has "setcookie" on it.

What is there is
setcookie( $this->client_id, $this->session_id, time() + (CPG_WEEK*2), $CONFIG['cookie_path'] );

change that to
setcookie( $this->client_id, $this->session_id, time() + (CPG_WEEK*2), '/', '.yourdomain.com' );

The default cookie path is / anyway IIRC but why take risks.

Now your app on app.yourdomain.com can read the cookie that was set by the gallery at gallery.yourdomain.com

[Joachim Müller]

The default cookie path is / anyway IIRC but why take risks.

There is only a risk if you don't own the domain, but are on a subdomain (like yoursubdomain.yourfreehost.tld). If the domain is yours, there is no risk and you should not mess with the cookie path.