Cannot encode non-existent session - revisited

Looks good to me. I don't really like the change from "user.logout" to "user.logoutuser" though...

There's some stuff in user_service_resetPassword() which is tailored to flex.org:

/**
 * Reset the password of user who corresponds to $email.
 * If the email is valid then the password is set to a random alphanumeric string and sent to the person via email
 */
function user_service_resetPassword($email){
	// generate an alphanumeric random password
	$randomPass = user_password(8);
	$randomPassHash = md5($randomPass);
	
	// first check the email is set and of valid format
	if(user_validate_mail($email))
		return services_error(t('Invalid Email'));
	
	// then ensure email is of valid user
	$checkEmail = db_query("SELECT uid FROM {users} WHERE mail='$email'");

	if(db_num_rows($checkEmail) == 0)
		return services_error(t('Email address does not exist')); 
	
	// set the current password to the hash of the random password
	db_query("UPDATE {users} SET pass='$randomPassHash' WHERE mail='$email' LIMIT 1");

	// email the user that key
	$subject = "Flex.org Password Reset";
	$body    = "Your password has been reset to: $randomPass";
	$from	 = "admin@flex.org";
	$headers = array();
	system_service_mail("newpassword", $email, $subject, $body, $from, $headers);

	return true;
}

It should use the information saved in Drupal's variable table.

please you provide a patch in correct format otherwise this issue will be closed.

Need this for Drupal 6.

I've cleaned up this code and used it before, its necessary functionality, so I'll put up a patch soon.

I'm against the naming change of user.login too.

For Flex reserved words, you can use the getOperation() method to call methods. So, since you can't do user.logout(), you do user.getOperation('logout').send(). Not as nice, but Flash/Flex really shouldn't have used "logout" as a method name.

Scott

functions like user_validate_mail() and user_register_submit() in user_service_module.patch can't be founded.Somebody help me

This patch is for Drupal 5 version of Services, it won't work on Drupal 6. A polished up version of this will go into Services core soon, at which point it'll be queued for port to D6. Keep watching this issue for updates.

Scott

correcting the title

Guys,

Anyone has a D6 version of this patch? i liked the code and im willing to commit it (on D6).

regards,

massa

I've been building a Flex/AIR app trying to use system.connect, user.login and user.logoutUser with session id's (cookie-less). When calling user.logoutUser I am getting an error every time with the following message:

session_encode(): Cannot encode non-existent session.

at line 652 in the Services module

Here's my sequence of events:

1. I clear all session data from the session table.
2. I system.connect, which gives me a session id and anonymous user ... everything seems ok so far.
3. I user.login with the session id ... I get success and the session table contains my uid/sessionid/ip address record ... again everything looks good.
4. I kill my application (and I don't invoke user.logoutUser)

5. I start my application again and run system.connect ... returns the user/sessionid of the previous login in step 3
6. I attempt to user.logoutUser (sessionid), and I get a Fault (session_encode(): Cannot encode non-existent session.) at Services line 652 ... seems like the session record is gone from the Session table.

Any ideas? Please help. I don't understand why the sessionid is getting smoked.

paulgrudnitski: I'm sure you've figured this out by now, but you should open up a new issue if not.

hi,

i'm using it with drupal 6 and i18n, no problem!

at first i got a callback because of error user_register_submit() ...
so i edited the code:
// user.register
array (
'#method' => 'user.register',
'#callback' => 'user_service_register',
'#file' => array('file' => 'inc', 'module' => 'user_service'), //THIS LINE WAS MISSING
[...]

to paulgrudnitski see #13 (or anyone else)
did you find any work around to your issue? i'm facing the same problem.
thanks

Moved to head - Scott you got a copy of the patch I review and tidy up?

Useful idea, but I have some concerns about the only patch posted here on top of the ones listed in the previous comments.

First, there are lots of coding standard problems. Camel case, trailing white space, bad indenting, incorrect use of the db abstraction api leaving a security hole, etc.

Also, I think the way the email is handled on the change password might leave things open to email fishing and the reset callback seems to bypasses the drupal_is_denied check's normally attached to this feature.

These callbacks are subtly tricky in their security implications which I believe is some of the reason they aren't currently available in the services module but it would be something nice to have.

Hi,

Can you help me i have the following error when a call user.resetPassword :
Fatal error: Call to undefined function t() in C:\Documents and Settings\itsme\Mes documents\Mes sites\DC_DG\includes\xmlrpc.inc on line 454

Do you know how fix this ?

Many thanks,
Xeon

So the change password and register functionality is well-handled by the user.save() service, especially as re-implemented using FAPI in #407726: Enforce unique email addresses with user save service. If you have interest in these functions please test that patch.

I'm not compelled by the resetPassword functionality, and this patch is dead old and out of date. I'm setting this won't fix. If anyone is dying to get this into 6.x-2.x before a stable is released feel free to submit a new patch and re-open.

The patch for D5 has an issue in that the code in user_service_logout() gets truncated. Minor fix, after applying the D5 patch move lines 243-257 up to line 145. I will try to re-roll the patch to fix this.

Here's a newly rolled patch for D5's user_service.module (attached) taking the original patch and doing a little cleaning up.

Seems Cannot encode non-existent session is still around in the latest dev 2-x. Would be nice if there was a fix or indication on where to look to help fix this error.

message in log: Warning: session_encode() [function.session-encode]: Cannot encode non-existent session in services_session_load() (line 921 of /var/www/html/mysite/sites/all/modules/services/services.module).

6.x.2 is no longer supported

i see. thx