CODE integrating drupal and cerberus helpdesk
Mmk a few things:
1) if I mispelled something (ie cebrerus) use your brains, it's obviously not what i spelled, or like db_fethc_object... obviously i meant db_fetch_object... Don't worry about addressing it, spell it write when you implement it... because its obviously not going to effect the overall outcome of the ideas here. I know i suck at spelling, ill live with it.
2)Don't bother bringing up silly syntax errors like i forgot to type a ';' somewhere, if you, the programmer, know there is supposed to be a ';' there, add it when you implement the code.
3)NO I DON'T HAVE THE ANSWER FOR THE BETA DRUPAL 6 so don't ask
4)Feel free to add to this if you want, there are a few good ways to error check for the ldap authentication module, so that if the user is in one database and not the other to only insert or update the appropriate databases, for what i am using the systems for, its not a big deal, so i didn't worry about it. If you feel the need to add the check in, please i ask, post it.
5) for those of you curious how this works read my synopsis.
6)there is a way to do this without LDAP, i haven't implemented it, strictly because we use LDAP. Its the same principle though:
when user logs in, capture log in data, insert into the cerberus database and then trick it into thinking its logged in.
7)USE THIS AT YOUR OWN RISK, THIS WORKS FOR ME AND IT SHOULD WORK FOR YOU, I WILL NOT ASSUME ANY RESPONSIBILITY FOR LOSS OF DATA OR ANYTHING OF THAT NATURE, PLEASE DO NOT BLAME ME IF YOU LOSE ANYTHING, YOU ARE ASSUMING FULL RESPONSIBILITY BY USING THIS CODE.
8) i will only answer serious questions, a serious question is either a problem with the code, or something of that magnitude, a syntax error or spelling error is not a serious question... I will be checking this occasionally
Incorporating Cerberus (sc) into Drupal (LDAP necessary)
Synopsis: This “hack” will allow a Drupal to trick Cerberus (sc) into thinking it is logged in. It utilizes the LDAP authentication routine so that Drupal will populate the Cerberus database with the email, first name, last name, etc of the user that logs in. Thus Cerberus can reference the information it needs to properly allowing the user to track their tickets, submit tickets etc. They cannot log out of Cerberus and they cannot change any information either.
Necessary ‘Do-hickeys’:
o Drupal v(5.1)
o Cerberus Web GUI (3.6 b. 431)
o Cerberus Support Center (3.6 release)
o LDAP Authentication for Drupal (v. 5.x-1.2) found here(http://drupal.org/project/ldap_integration) (date: 2007-Mar-29)
Here’s how to ‘do it’:
The following ‘hack’ takes place in this directory:
/var/www/html/sites/[Cerberus Web GUI Folder]/[Cerberus Support Center Folder]/cerberus-support-center/
In ‘session.php’:
You need to start a connection to the DB:
So add the mysql_connect(‘<i>DB_HOST</i>’,’<i>YOUR_USER_NAME</i>’,’<i>YOUR_PWD</i>’); as the first line in the file.
Next find the following lines of code:
Original:
session_name(“CerberusPublicGui”);
session_set_cookie_params(0,”/”,$_SERVER[“HTTP_HOST”], false);**YOU NEED TO COMMENT THEM BOTH OUT**
After you comment them out:
//session_name(“CerberusPublicGui”);
//session_set_cookie_params(0,”/”,$_SERVER[“HTTP_HOST”], false);
//If you don’t do this cerberus will automatically create its own session,
// we don’t want that Directly underneath those add the following lines of code:
session_start();
//THIS LINE OF CODE IS FOR DRUPAL 5.1!!!!!!!!!!!!!!!!!//
$temp = $_COOKIE[session_name()];
//FOR 5.2 SCROLL DOWN////IF YOU ARE USING 5.2 SCROLL DOWN TO THE NOTED 5.2 HACK//
===============================================================
//continue here after doing the 5.2 hack//
Followed by a MySQL query to pull the proper data from the Drupal DB
$query = mysql_query(“SELECT users.mail, users.name, address.address_id,
address_address FROM drupal.sessions, drupal.users, cerberus.address
WHERE sessions.sid = ‘$temp’ AND sessions.uid = users.uid AND users.mail = address_address”);
$row = mysql_fetch_row($query);**note that drupal and cerberus are the names of YOUR database names for each System respectively**
Mmk, now we are going to actually manipulate the session variables so that we actually physically trick Cerberus into thinking someone has logged in.
So we look to the preceding “if” statement:
If(!isset($_SESSION[“cer_login_serialized”])) …Ignore that and go straight for the ‘else’ clause that follows the if statement
Here we will add the products of our query:
Add the following lines AFTER:
$cer_session = unserialize($_SESSION[“cer_login_serialized”]); //DON’T CHANGE
Add:
$cer_session->user_name = $row[1];
$cer_session->user_email = $row[0];
$cer_session->user_company_id = 0; //not necessary but just in case ;)
$cer_session->user_id = $row[2];
$cer_session->is_logged_in = true;Now we will shift our focus onto the ldapauth.module found in the following path:
/var/www/html/sites/all/modules/ldapauth.module
[Thank you JRA for getting this LDAP query completed]
This is the tricky one,
What needs to happen here is get the LDAP stuff, put it into the drupal database for keeping, then insert it into the cerberus.address and cerberus.public_gui_users tables. This will effectively “trick” Cerberus into thinking that these users have registered their emails and are legitimate users.
Scroll to the function _ldapauth_check_ldap($name, $pass) {... portion of the code (near the bottom)
Once there continue to the very bottom of the function (consequently the bottom of the file too)… and look for the } right above the
}
else if (!$account->ldap_authentified)Here we will add the following code:
…
//this is the last line of code before you begin inserting the new code//
…WATCHDOG_NOTICE, l(t(‘edit’), ‘user/’ . $user->uid . ‘/edit’));
//RIGHT HERE IS THE BEGINNING OF THE NEW CODE//
$first_name = split(“\@”, $mail);
$first_name = split(“\.”, $first_name[0]);
$last_name = $ldap_user[‘sn’][0];
db_query(“INSERT INTO {cerberus.address} (address_address) VALUES (‘%s’)”, $mail);
$row = db_fetch_object(db_query(SELECT address_id FROM {cerberus.address} WHERE address_address = ‘%s’”, $mail));
db_query(“UPDATE {cerberus.address} SET public_user_id = ‘%d’ WHERE address_address = ‘%s’”,
$row->address, $mail);
db_query(“INSERT INTO {cerberus.public_gui_users} (public _user_is, name0first, name_last)
VALUES ( ‘%d’, ‘%s’, ‘%s’)”, $row->address-id, $first_name[0], $last_name);
//END OF NEW CODE//
}else if …=====================================================================================
NOW FOR THE DRUPAL 5.2 FIX!!!!!!!!!!!!!!!!!!
=====================================================================================
Ok, for Drupal 5.2 almost everything is the same, we really only need to change one line of code. However to do this you have to do this follow these steps:
/var/www/html/sites/[Cerberus Web GUI Folder]/[Cerberus Support Center Folder]/cerberus-support-center/
1)Go to the ‘session.php’ file and AT THE VERY TOP OF THE FILE add this line:
var_dump($_COOKIE);
2)Navigate to cerberus while you are WITHIN DRUPAL (ie visit the story or page, which ever you created) and you will see something like this:
“array(2) { ["PHPSESSID"]=>…” What you are looking for is the second element of the array
3)It will be [“SESSxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”] (32 alpha-numeric characters). THAT is the important portion of the cookie array.
4)So now go back to your session.php file:
a.Where we are supposed to add the
$temp = $_COOKIE[session_name()];
INSTEAD add:
$temp = $_COOKIE[SESS[your 32 alphanumeric character string];
Now Please scroll up to continue the rest of the hack this is the ONLY difference between the 5.1 and 5.2 drupal/cerberus integrations!!!
========================================================================
END OF INTEGRATION
========================================================================
Enjoy and good luck :)
8-6-07 error discovered
8-6-07--Problem Found
=======================================================
There is already a problem if you restart the box that runs your webserver then the $_COOKIE[SESSxxxxxxxxxxxxxxxxxxxx...] will re-enumerate, leaving this code useless, I am working on fixing that...
=======================================================
It seems as though this is
It seems as though this is long since abandoned but gave me a really good direction of what to look for. It names the session cookie after an md5'd hash of your server name (it may also include the path to your drupal installation if not in the root).
ergo the session cookie name is $_COOKIE['SESS' . md5($_SERVER['SERVER_NAME'])] or *maybe* $_COOKIE['SESS' . md5($_SERVER['SERVER_NAME'] . "/path/to/my/drupal")]
Always use this to find the cookie name as using the encrypted value may change when the server gets restarted if md5 uses uptime or something similar as salt.
UPDATE: I decided to put in the rest of the code I use. It's a modified version of obAuth from Cake but pulling user and role information in any system would use similar queries
$hasAccess = false;
$user = $this->controller->{$this->controller->modelNames[0]}->query(sprintf("SELECT u.*, s.* FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.sid = '%s'", $_COOKIE['SESS' . md5($_SERVER['SERVER_NAME'])]));
$user = $user[0];
if ($user && $user['u']['uid'] > 0) {
$roles = $this->controller->{$this->controller->modelNames[0]}->query(sprintf("SELECT r.rid, r.name FROM role r INNER JOIN users_roles ur ON ur.rid = r.rid WHERE ur.uid = %d", $user['u']['uid']));
if (!empty($groups)) {
if(!empty($groups)) {
foreach ($groups as $group) {
foreach ($roles as $role) {
if ($role['r']['name'] == $group)
//
// Update the sessions table's timestamp to keep session alive
$hasAccess = true;
}
}
}
} else {
$hasAccess = true;
}
}
if(!$hasAccess)
{
$this->controller->redirect('http://mywebsite.com/user');
exit();
}