Is there a such thing as login/logout api?

159 Posts

aaronkent Reply #1, 9 years, 4 months ago

I read some post from well over 9 years ago that talked about implementing it.

I can't find anything in the doc about logging a user in or out.

I've tried to utilize the Login extra for this purpose but it won't play nice with my custom session vars or cookie settings.

I want to code something that works exactly the way I need it to. Surprise, surprise.

Do you have to use the removeSessionCookie, removeSessionContext etc. to accomplish a logout?

Seems kinda like there should be a login and logout api by now. Can't find it.

Help!

196 Posts

whitebyte Reply #2, 9 years, 4 months ago

You may try using security/login and security/logout MODX processors. AFAIK this is "official" way of handling user sessions. Using MODX processors in't well documented yet, but you can start with this article - https://www.markhamstra.com/xpdo/2012/getting-started-with-class-based-processors-2.2/

In short, processors are some kind of utility classes used by modx core and manager. They are located in /core/model/modx/processors. For example, logout processor located in security/logout subfolder, it's name is logout.php. Look at the code, it's pretty self-explanatory.

To run the processor, you should perform

$response = $modx->runProcessor('action/path/to/processor',$arrayOfProperties,$otherOptions);

http://whitebyte.ru

159 Posts

aaronkent Reply #3, 9 years, 4 months ago

`
In short, processors are some kind of utility classes used by modx core and manager. They are located in /core/model/modx/processors. For example, logout processor located in security/logout subfolder, it's name is logout.php. Look at the code, it's pretty self-explanatory.

I handle all my utility stuff with processors also... So that makes perfect sense to me.

Shouldn't I also be able to run that file with an object method? Like...

$modx->processors->security->logout();

That would be super awesomeness. Trying the code you gave me now.

24,544 Posts

BobRay Reply #4, 9 years, 4 months ago

IIRC, you can also forward the user to the login page with ?service=logout on the end of the URL.

Logging a user in is fairly simple:

$user->addSessionContext($contextName);

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

159 Posts

aaronkent Reply #5, 9 years, 4 months ago

After trying this several times...

$response = $modx->runProcessor('security/logout');

without any errors in modx or in php error log, I am once again stuck because there is zero documentation.

I am doing pirint_r($_SESSION), and it doesn't change one bit either.

Really frustrating. Like trying to find a needle in a hay stack, while blindfolded, at night, without moonlight.

So, it doesn't actually work yet, or I need to pass it stuff that's not documented?

The logout.php file...it looks like it just logs the user out without passing any parameters, but it's not doing that. It's not doing anything.

159 Posts

aaronkent Reply #6, 9 years, 4 months ago

Quote from: BobRay at Dec 28, 2014, 12:36 AM

IIRC, you can also forward the user to the login page with ?service=logout on the end of the URL.

Logging a user in is fairly simple:
$user->addSessionContext($contextName);

I was using that but, see I am now using a custom processor to direct different users to their group home page hierarchically, among other things, remove session variables on logout, that's not working with my processor at all.

159 Posts

aaronkent Reply #7, 9 years, 4 months ago

Ok, I take it back. It IS logging out the web context but I'm still logged in to the manager context therefore I still have a username and id so it keeps passing that check. Is there a way to logout all contexts with $modx->runProcessor('security/logout'); so I have no logged in status at all? Or is it secure to check based on context?

It's not failing this and I need a comparison that will fail so the session variables I set get cleared...

<?php
if ( $modx->user->get('id') != '' && $modx->user->get('username') != '(anonymous)') {
    $_SESSION['isLoggedIn'] = true;
    $_SESSION['userName'] = $modx->user->get('username');
    $_SESSION['uid'] = $modx->user->get('id');
    $_SESSION['moxiemanager.filesystem.rootpath'] = "/".$modx->user->get('username');
} else {
    unset( $_SESSION['isLoggedIn'] );
    unset( $_SESSION['userName'] );
    unset( $_SESSION['uid'] );
    unset( $_SESSION['moxiemanager.filesystem.rootpath'] );
}

// Comment out everything below this line for production envronments.
print_r($_SESSION);

☆ A M B ☆
24,524 Posts

sottwell Reply #8, 9 years, 4 months ago

Try using it on a different browser. I always use a different browser when testing stuff that involves login, logout, sessions and cookies.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

24,544 Posts

BobRay Reply #9, 9 years, 4 months ago

You can test login status in a specific context with this if it helps:

if ($modx->user->hasSessionContext('web')) {
   /* User is logged in to web context */
} else {
   /* User is NOT logged in to web context */
}

BTW, changing the isLoggedIn $_SESSION variable may not fully log the user out, since they'll still have the session context set.

As Susan suggests -- never test login/logout code in the same browser where you're logged in to the Manager.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

159 Posts

aaronkent Reply #10, 9 years, 4 months ago

Thanks for your reply Bob. A context check is what I ended up using but I wasn't sure how secure it was. Seems to be working well.