Expanding on my post from several months ago I'm wondering if anyone has taken it a step further in terms of doing control panel (admincp) logins?
I've got a control panel of my own for controlling the various aspects of the site, I was hoping to use Xenforo's Admin Session to control their session, timeout etc (so storing the session in the xf_session_admin table).
So where I authenticate the user/session and grab the userinfo I have the following in my public script (this works):
PHP:
XenForo_Session::startPublicSession($this->request);
$this->user = XenForo_Visitor::getInstance();
$this->userinfo = $this->user->toArray();
And in my new admin script I have this:
PHP:
$session = XenForo_Session::startAdminSession($this->request);
XenForo_Visitor::setup($session->get('user_id'));
$this->user = XenForo_Visitor::getInstance();
$this->userinfo = $this->user->toArray();
Does that look right or wrong to anyone? I'm not sure whether I need to call that setup function or not.
The other part I'm unsure on is the login function.My admin login function so far is below:
PHP:
public function login($data)
{
$loginModel = XenForo_Model::create('XenForo_Model_Login');
$userModel = XenForo_Model::create('XenForo_Model_User');
$error = "";
$userid = $userModel->validateAuthentication($data['login'], $data['password'], $error);
if (!$userid)
{
$loginModel->logLoginAttempt($data['login']);
return $error;
}
$loginModel->clearLoginAttempts($data['login']);
XenForo_Model_Ip::log($userid, 'user', $userid, 'login');
$session = XenForo_Application::get('session');
//$session = new Xenforo_Session();
$session->changeUserId($userid);
$session->save();
XenForo_Visitor::setup($userid);
// if guest on front-end, login there too
$publicSession = new XenForo_Session();
$publicSession->start();
if (!$publicSession->get('user_id'))
{
$publicSession->changeUserId($userid);
$publicSession->save();
}
//update session activity
XenForo_Model::create('XenForo_Model_User')->updateSessionActivity(
$this->user->getUserId(), $this->request->getClientIp(false),
"XenForo_ControllerPublic_Index", "Index", "valid", $this->request->getUserParams()
);
return;
}
It's very similar to the function I posted previously. I just looked at what had changed in XF's AdminController function and tried to adapt mine the same. Except I took out the is_admin check as that would always fail due to using my own admin user table.
The login itself autheticates fine i.e. it accepts the username/password, however when I echo out the userid from where I authenticate the session (the top bit of code) it comes back as 0.
Using the old authentication code (when I'm using startPublicSession rather than startAdminSession) it returns their userid, but it just doesnt seem to recognise the admin login. Any help would be appreciated.
EDIT: looking at the session_admin table it seems to be populating it but the expiry is set to the current date/time. And obviously I can't seem to get it to recognise the session lol.
EDIT 2: When I log into the forumcp and then use the authentication code above it returns the correct userid. Whereas when I use my own login function (above) the authentication code returns 0. I can't see what I'm doing wrong in my login function though.