Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
noj75 Posted April 1, 2015 Posted April 1, 2015 Hi all, I am creating an external page that pulls the member data from the database, that is no problem. I need to create a logout link on this external page but am unable to do this as I do not know how to get the current (logged in) members CSRF Key. So when I point the link to forum/logout/ I get the The CSRF protection key did not match, error page. Does anyone know how I can get the CSRF key data to be able to log the user out please?Kind regards
noj75 Posted April 2, 2015 Author Posted April 2, 2015 @newbie LAC you are an absolute star! Thank you very much!
Vikestart Posted April 2, 2015 Posted April 2, 2015 Hello, \IPS\Session::i()->csrfKey I tried this, but my external page shows a different key from the one on the forums, so I'm getting did not match error.
noj75 Posted April 3, 2015 Author Posted April 3, 2015 I tried this, but my external page shows a different key from the one on the forums, so I'm getting did not match error. Off to work for a few hours but I will post my full code for you when I return.
noj75 Posted April 4, 2015 Author Posted April 4, 2015 @newbie LAC EDIT: Sorry, I meant @VikestartThe code below works fine for me. Hopefully this will help you out. Sorry for the delay. <?php /* ############### CALL THE IPS MEMBER INFO ############### */ require_once( 'path/to/your/init.php' ); \IPS\Session\Front::i(); $memCSRF = \IPS\Session::i()->csrfKey; $member = \IPS\Member::loggedIn(); /* ### SET THE MEMBER VARIABLES ### */ $memName = $member->name; $memEmail = $member->email; $memID = $member->member_id; /* ############### END IPS MEMBER INFO ############### */ ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Untitled Document</title> </head> <body> <p>Hello <?php echo $memName; ?></p> <p><a href="forum/logout/?csrfKey=<?php echo $memCSRF; ?>">Logout</a></p> <!-- ## CHANGE THE LINK TO YOUR LOGOUT PAGE ## --> </body> </html>
Vikestart Posted April 4, 2015 Posted April 4, 2015 Yeah, I know, I'm using the same code, but I'm getting two different keys The key I'm getting on my external page doesn't match the key generated in the IPS suite..
newbie LAC Posted April 5, 2015 Posted April 5, 2015 Yeah, I know, I'm using the same code, but I'm getting two different keys The key I'm getting on my external page doesn't match the key generated in the IPS suite.. Check your cookie settings How to generate the key /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); I think you have 2 cookies prefix_IPSSessionFront. For site and for forum.
Vikestart Posted April 5, 2015 Posted April 5, 2015 What do you mean?My cookie settings are as follows:define('COOKIE_DOMAIN', '.tswdb.com'); define('COOKIE_PREFIX', 'sanctdbforums_'); define('COOKIE_PATH', '/');The main website is http://www.tswdb.com/ and the forums is at http://sanctuary.tswdb.com/
lilgezuz Posted April 8, 2015 Posted April 8, 2015 Do any of you know a way to login from an external page? I'm getting it to login but after login I have to visit from forum directory then if I go back to my external page all my info will show up correctly
JEFF MACK Posted April 18, 2015 Posted April 18, 2015 So what is the final answer here to find the CSRFKEY?md5( email + login key + member_Id + joined + id) ?
JEFF MACK Posted June 5, 2017 Posted June 5, 2017 On 4/18/2015 at 6:09 PM, JEFF MACK said: So what is the final answer here to find the CSRFKEY? md5( email + login key + member_Id + joined + id) ? I am not using PHP, can anyone tell me how its put together in layman terms like above?
La-li-lu-le-lo Posted June 5, 2017 Posted June 5, 2017 I'm not sure how it works as of now I only learned about csrfKeys yesterday but noj75's code allows me to build login, logout and get the member's ID so I can query all the information I need from the database. Do you need help understanding the concept or putting the code (PHP) together? I was planning on learning more about csrfKeys today but I can help you put the code together if that is what you need. Question guys, what is the best way to check for an active session? As of now I'm using: $_SESSION['ips4_member_id'] Would you recommend another method? Thank you. Edit: Actually that's not working. I'm forced to use: if(isset($memID) && !empty($memID)){ } else{ } I'm sure there's a better way.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.