[LRUG] [Off Topic] Extracting a user id from a Mambo session
Andrew Stewart
boss at airbladesoftware.com
Fri May 16 08:43:00 PDT 2008
On 15 May 2008, at 16:24, Tim Cowlishaw wrote:
> Hmm, I'm not a php programmer, but from a quick glance at the Mambo
> source, it looks like Mambo stores a mapping between a session_id
> and a user_id in a db table called mos_session. If you can grab this
> session id from the cookie, it should be possible to do a quick db
> query to authenticate against the mambo database and extract a
> user_id.
Thanks everyone for all the replies.
Tim's suggestion above looks like my best bet. Unfortunately, though,
when I logged in just now to Mambo and inspected the resulting cookie,
the sysadmin (I don't have a login to the server) couldn't relate any
of the cookie's values to anything in the session_id column of the
mos_session table. A great shame because this would have been a nice
solution.
The sysadmin also checked the session files on the disk, but they were
useless because every one was empty.
So we're unable to explain how this particular Mambo recognises a
logged-in user. Since I don't have access to this particular Mambo's
code (it's been customised, though nobody can tell me how), or the
server, I think I've done all I can.
Thanks again for the suggestions.
Cheers,
Andy
-------
AirBlade Software
http://airbladesoftware.com
More information about the Chat
mailing list