I am trying to integrate an external site with magento, so that when a user logs into site A, magentos session cookie gets set.
Currently I am doing this:
<?php
$email = $_POST["email"];
$password = $_POST["password"]; // not the same as magento password
//Validation.... sets that user is logged in in $_SESSION
session_start();
//login writes to $_SESSION
$success = login($username, $password);
if(!$success)die("Wrong credentials");
require_once("/path/to/mysite/magento/app/Mage.php");
Mage::app("default");
Mage::getSingleton('core/session', array('name' => 'frontend'));
$customer = Mage::getModel("customer/customer");
$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
$customer->loadByEmail($email);
$session = Mage::getSingleton("customer/session");
$session->loginById($customer->getId());
$session->setCustomerAsLoggedIn($customer);
//User is now logged in, redirect somewhere else
header("Location: home.php");
the problem is if I write to the session before magento starts it's magic, magento won't write to its cookie, and if I start magentos session before validation I can no longer write to $_SESSION and have it persist to the next (non-magento) page.
So, is there any way I can log a user into magento from outside magento, and not ruin my session?
2 Answers 2
Magento unfortunately needs to own the session start. However, there is no reason that you cannot manipulate $_SESSION directly as long as you:
- let Magento start the session first
- do not manipulate anything under one of Magento's session namespaces (e.g.
$_SESSION['customer'])
POC:
//ensure you are getting error output for debug
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors',1);
//$email = $_POST["email"];
//$password = $_POST["password"]; // not the same as magento password
require_once("app/Mage.php");
Mage::setIsDeveloperMode(true);
Mage::app("default");
Mage::getSingleton('core/session', array('name' => 'frontend'));
$customer = Mage:: getModel("customer/customer");
$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
//login writes to $_SESSION
//login($username, $password);
$customer->loadByEmail(/* try with a known email address */);
$session = Mage::getSingleton("customer/session");
$session->loginById($customer->getId());
$session->setCustomerAsLoggedIn($customer);
if(!isset($_SESSION['foo'])){
$_SESSION['foo'] = "I'm in ur session.";
echo 'No foo yet; refresh!';
} else {
echo $_SESSION['foo'];
}
The answer I came up with (convoluted as it is) is:
session_start();
login($_GET["username"], $_GET["password"]);
//These next few lines make me uneasy, but I can't remove the existing session code for magento
session_write_close(); // Write the data, end session
unset($_SESSION); // unset the session, magento uses isset($_SESSION) to check if it
// should start a session
session_name("frontend");// change the session name to frontend
require_once("../pop/app/Mage.php");
Mage::app("default");
Mage::getModel('core/session', array('name' => 'frontend'));
$customer = Mage::getModel("customer/customer");
$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
$customer->loadByEmail($username);
$sess = Mage::getSingleton("customer/session");
$sess->loginById($customer->getId());
$sess->setCustomerAsLoggedIn($customer);
I also was playing with having a intermediate loginToMagento.php page on the site that would log into magento avoiding starting a session, but that was a gross solution.
I would have gone with @benmarks solution but the existing session code was too ingrained into the site to avoid calling session_start() before magento started
require_once("/path/to/mysite/magento/app/Mage.php")has a syntax error, is that in your script?