[LRUG] [Off Topic] Extracting a user id from a Mambo session
Tim Cowlishaw
tim at timcowlishaw.co.uk
Thu May 15 08:24:45 PDT 2008
Hmm, I'm not a php programmer, but from a quick glance at the Mambo
source, it looks like Mambo stores a mapping between a session_id and
a user_id in a db table called mos_session. If you can grab this
session id from the cookie, it should be possible to do a quick db
query to authenticate against the mambo database and extract a user_id.
Cheers,
Tim
On 15 May 2008, at 16:08, Tom Stuart wrote:
> Additionally, uselessly:
>
> On 15 May 2008, at 15:32, Andrew Stewart wrote:
>> My webapp will be hosted on a subdomain of the domain where the
>> Mambo site lives.
>
> So you'll be in trouble unless the cookie's domain is explicitly set
> to permit access by all subdomains, i.e. ".ourdomain.com", because
> otherwise the browser won't trust your subdomain to read it.
> Hopefully Mambo will already be doing this but it's another thing to
> not take for granted.
>
>> However since I've never touched Mambo or PHP before, I don't know
>> where to start looking for information on steps 1 and 2 above.
>
> First step would be to crack open the cookies viewer in your browser
> and eyeball it for cookies from Mambo -- maybe you'll get lucky and
> find one that a) is accessible to all subdomains and b) contains the
> user ID in plaintext.
>
> Cheers,
> -Tom
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
More information about the Chat
mailing list