By Hinrich on

A very simply, maybe stupid question: I want to get the User Id of the current logged in user. In the global scope I have the object $user. Can I relay on it? Do I have allways $GLOBALS['user']->uid?

I've looked for an API function to fetch the details of the current user, but found none.

Any hints?

Comments

Anonymous’s picture

Anonymous (not verified) commented

The global $user will always be there, for every function you need to know the user, just insert global $user; at the start and you can use it at will.

xopher’s picture

xopher commented

Okay, so I'm new to Drupal, but not to PHP. I'm trying to wrap my head around how things are coded, with varying levels of success. The reply to the above question seems to have satisfied Hinrich, but it didn't help me at all. Specifically, what "USER" variables are available to me on each page, and how do I access them?

I would like to store a user value in a $SESSION variable and test against it elsewhere on my site. For instance, how can I store (in $_SESSION) the user's name, or a simple flag indicating they are "logged in," and test against it elsewhere?

if($_SESSION['loggedIn']=='true'){
     //show custom logo;}
else{
     //show default logo;}

Is there a "Drupal way" that I'm just not getting yet?

Anonymous’s picture

Anonymous (not verified) commented

$user is a global object for the logged in user. Drupal stores a session token as a cookie, but it would be meaningless to an application outside of drupal. If you wanted to know if a user was logged in to drupal, from a non drupal section of your website, well that may be tricky. You would have to grab the drupal cookie and get the session id from it, then query the sessions table from your drupal database. This would then give you the user id, which as long as it's not 0, would let you know they are logged in as a user. The only other method would be to either hack drupal, or create a module, that sets the username in a cookie upon login, and check for that outside of drupal.

xopher’s picture

xopher commented

That's really bad news. How exactly did this come to be? If I have two PHP files, and I set $_SESSION['color'] to "RED" in the first file, as long as I put session_start() at the top of the second file, I should be able to retrieve that value.

This is how SESSION's work, this is what they're designed to do, store variables between page views. So what does Drupal do exactly that makes this NOT WORK?

Does Drupal do some kind of custom sessions processing that breaks the normal behaviour of session variables.

There are a lot of disparate threads on the Drupal forums discussing this, but none (that I've found) which actually explain what the problem is. I don't expect Drupal to be all things to all people, and I don't mind tinkering with core files to set a few variables here and there. But a custom module to set a variable? That's a bit much, especially one that's just duplicating core PHP functionality (like storing SESSION variables.)

I don't expect Drupal to bend over backwards to support other applications, but I also don't expect it to disable basic functionality I've come to expect while working with PHP.

Anonymous’s picture

Anonymous (not verified) commented

Actually, nearly every application works this way, especially if they deal with authentication. Sure it works fine to just set a single variable. But drupal and most other major applications store a lot of data. Authenication status, history, messages, etc. Authentication especially is tricky, if you just set the username in a cookie, then anyone can be logged into your site just by setting a cookie in their browser, big big security problem.

Nearly every major webapp I've worked with solves this by setting a secure randomly generated token in a cookie, which is then tied to data on the server. That way, should anyone mess with cookies to try to get in, they will fail.

It may not be convenient to you, but that's the way it should be done for many good reasons.

xopher’s picture

xopher commented

DEBTMAN, thanks for your reply, but you have misunderstood my question.

My question was why sessions did not work AS EXPECTED and was properly responded to below by YELVINGTON.

I never suggested cookies should be used instead of sessions for authentication.

Interestingly though, COOKIES may be the solution to my problem as I am simply trying to pass non-secure data back and forth between Drupal and a few non-Drupal pages. (see below)

yelvington’s picture

yelvington commented

Drupal doesn't do anything that breaks the way sessions work. It depends heavily on PHP session management. The problem is that Drupal uses PHP functionality that you are not accustomed to using.

Drupal uses the method documented in the PHP manual for implementing a custom session storage engine (the database instead of the filesystem). See the sessions/session.inc file. Using the database allows Drupal to scale with an array of webservers fronting a database cluster, supporting huge numbers of concurrent users.

If you want to have access to Drupal's internal variables in your own application, you have to either duplicate Drupal's database session handler functions in your application, or write a small and simple Drupal module to export those key-value pairs as cookies.

Or you could write your application as a Drupal module itself -- one way to think of Drupal is as an application development framework that provides authentication, persistent profile storage, scalable session management, and template-driven output.

xopher’s picture

xopher commented

Thank you for the solid explanation, that makes much more sense. I'm glad to hear that Drupal goes so far to ensure scalability--I would agree that it is the correct approach.

I'm assuming plain-old-cookies work in their normal manner, so if all I want to do is store a bit of text (like a user's First Name) I can simply store it in the cookie and access it outside of Drupal?

UPDATE: I have tried this and it does not work. Which raises the question. Are cookies also handled in some special manner by Drupal?

From every drupal page, print_r($_COOKIE); prints all of the stored cookies (including the one I'm adding during login.) They include cookies set by URCHIN for tracking, the PHPSESSIONID cookie and what I'm calling UserFirstName.

On non Drupal pages, I'm getting just the URCHIN and PHPSESSIONID cookies, which means the UserFirstName cookie is only accessible from within Drupal (same problem as SESSION variables.)

How can I set this so that it is available outside of Drupal? Do I need to use Javascript to set the cookie to break out of the Drupal world? I'm pretty confused as I thought COOKIES wouldn't have the same context/scope issues as the SESSION vars. Is this the same problem? Or something different? Any help is appreciated. Thanks.

yelvington’s picture

yelvington commented

Be sure you set the path and domain arguments correctly. You should be able to do this in any template.

<?php
 global $user;
 setcookie('myname', "$user->name, time()+3600, NULL, '/', '.example.com');
?>

The Firefox web developer extension is a great tool for checking your cookie work.

xopher’s picture

xopher commented

I had just figured this out, and was returning to post the solution. but you've beaten me to it.

Incidentally, what's the NULL for? I was under the impression that the setcookie args were as follows:

name, value, expire, path, domain, secure (boolean)

Thus, I am successfully using...

setcookie('FirstName', $user->name, time()+3600, '/', 'mydomain.com');

yelvington’s picture

yelvington commented

Cut and paste error, I think. :-)

Anonymous’s picture

Anonymous (not verified) commented

As I pointed out above, this is not adequate for anything involving security. If you just want another page to say 'Hi James' without caring if they are actually a real logged in user, well that's fine. But if you have other pages that actually need to verify the user is valid and logged in, this doesn't cut it.

yelvington’s picture

yelvington commented

debtman7 is correct; if you need to authenticate, you should roll up your sleeves and write a Drupal module and modify your external app so that the two can carry on a private conversation. Everything you need to know from a Drupal perspective is in drupaldocs.org.

xopher’s picture

xopher commented

Just in case this wasn't clear, I simply wanted to pass the user's name to non-drupal pages for AESTHETIC CONSISTENCY (so the "logged in as jack" bit was on every page.) I did accomplish this with cookies, and I couldn't care less if someone spoofs it, the end result is they will have a welcome message without actually logging in.

There are some other things going on (hiding login/register links, showing myaccount/logout links) based on the cookie's presence but security is left to Drupal and not transferred to the cookie test in any way.

dugawug’s picture

dugawug commented

If you want to have access to Drupal's internal variables in your own application, you have to either duplicate Drupal's database session handler functions in your application, or write a small and simple Drupal module to export those key-value pairs as cookies.

Question: How would one go about duplicating Drupal's database session handler functions?

jesusberlinchez’s picture

jesusberlinchez commented

Firsts at all, I'm sorry for my little english.

I'd the same problem and I found the solution in the next url: http://drupal.org/node/258208

You must be include the next lines in your script for activate the session variables defined in Drupal. Drupal not use the tipycal configuration to manipulate de Global Session, Drupal define de Global Session in the Database. For this case, if you use the typical function (session_start(), $SESSION['variable'], etc) your script don't know the Drupal values because is not declared for this procedure.

The lines that you must be include are (Remember!!!, put your php script in the main Drupal folder where index.php lives):

require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // This makes all Drupal functionality available to my script
global $user; // This makes the user's $user object available to my script
print $user->name; // This line is for this example

../.. from here began your script

With drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); load the Full specitification and values. If you only need the Session Values you can be change this line to drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);

Thank you for the all people that contributed in Drupal Project.