Logout link not working from embedded PHP app. [SOLVED]

spit

Joined: 2007-08-20
Posts: 14
Posted: Sun, 2010-02-07 14:37

I have a standalone homepage away from my Gallery application. It’s written in PHP (not Smarty) and contains a number of navigation links, one of which is a LOGOUT link. I want to be able to click on LOGOUT, for Gallery to log me out, then reload the same homepage (i.e. not redirect me to main.php) but take me to a logged OUT state of this page.

I can login to my Gallery app through the embedding API, which works perfectly. The only issue I have is on clicking the LOGOUT link the process fails and I receive the following error.

Quote:
Error (ERROR_REQUEST_FORGED)
• in modules\core\classes\GalleryController.class at line 239 (GalleryCoreApi::error)
• in main.php at line 224 (GalleryController::assertIsGenuineRequest)
• in main.php at line 94
• in main.php at line 83

I’ve searched through all of the support info and realise from thread http://gallery.menalto.com/node/84312 that I can’t put the $authToken in the LOGOUT link due to security reasons. Valiant suggests in this post

Quote:
“the logout link cannot be hardcoded. if you want to insert a logout link in another page, you can use g2's (PHP / smarty templates) API to generate the logout link. or you can use g2's (PHP) API to logout”.

I can’t use smarty, as I’m in a full PHP page. I therefore want a PHP-only way to log out of an embedded page, log me out then reload the same page in a logged out state. I assume I should be able to use g2’s PHP API, as suggested by Valiant. I therefore searched in the GalleryEmbedApi docs and found a “GalleryEmbed::logout();” command, but I can’t get this to work.

I’m no doubt missing something small, but having searched hard to find the answer, I’m stuck. Does anyone have any advice?

Muchos Thankos!

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Sun, 2010-02-07 15:24
$session = &$gallery->getSession();
GalleryUtilities::putRequestVariable('authToken', $session->getAuthToken());

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

 
spit

Joined: 2007-08-20
Posts: 14
Posted: Mon, 2010-02-08 10:24

Suprsidr - thanks for the reply - I've used this and can therefore access authToken. However, I still can't get it to work and wonder if I've been asking the question in the wrong way. What I'd ideally like is to press a LOGOUT link that reloads the current page, but in the process of reloading, it logs the user out of G2 and takes them to the logged out version of the same page.

In other words in the "current.php" page I might put a variable within the logout link URL such as "$logout=Y" then trap the "Y" at the top of the "current.php" page on the reload with

Quote:
if($logout=='Y'){ logoutcommand; }

. So I guess what I'm really after is a logout command that can be called in place of 'logoutcommand' (I don't think this is a security issue, as it's only logout - I obviously wouldn't do a logIN call this way).

Thanks,
Spit

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Mon, 2010-02-08 13:09

This is how its done:

    G2_init(); // my gallery initialization
    global $gallery,$authToken;

    if (!isset($authToken)) {
        $session = &$gallery->getSession();
        $authToken = $session->getAuthToken(); // use a variable for later use(s)
        GalleryUtilities::putRequestVariable('authToken', $authToken);
    }
    // Set some $gallery config options ($gallery->setConfig)
    $g2data = GalleryEmbed::handleRequest();

    if ($g2data['isDone']){
        exit;
    }
    // Start outputting display
    GalleryEmbed::done();
    echo $g2data['headHtml'];
    echo $g2data['bodyHtml'];

any link gallery constructs will have the proper authToken attached.

IMO - logout links are insignificant.
99% of users simply navigate away from the page and never logout.
Why waste your time getting the perfect logout link.

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

 
spit

Joined: 2007-08-20
Posts: 14
Posted: Tue, 2010-02-09 17:11

Sidr,

Thanks for your fast response.

I’m a little confused - I’ve used your code, but the rendering of my standalone page fails at the “G2_init();” command and nothing displays on the page after that point, not even an error message.

The full code I’m using is:

Quote:
// this page is called myhomepage.php
if(isset($_GET['logout'])) {
$logout = $_GET['logout'];
}else{
$logout = '';
}
echo'<div class="test">Blogout=' . $logout . '</div>';
if($logout == 'Y'){
echo'<div class="test">logging out</div>';
// SIDR CODE - START
G2_init(); // my gallery initialization
global $gallery,$authToken;
if (!isset($authToken)) {
$session = &$gallery->getSession();
$authToken = $session->getAuthToken(); // use a variable for later use(s)
GalleryUtilities::putRequestVariable('authToken', $authToken);
}
// Set some $gallery config options ($gallery->setConfig)
$g2data = GalleryEmbed::handleRequest();
if ($g2data['isDone']){
exit;
}
// Start outputting display
GalleryEmbed::done();
// SIDR CODE - END
}
// START OF MY PAGE CODE BELOW
echo'<a href="http://localhost/gallery2/myhomepage.php?logout=Y">Logout</a>';
// etc...

Do I need to add anything else to your code to do the following:

1) remove the failure of the PHP code to complete the page rendering.
2) force the logout command to work just before the page reloads, such as either of these two lines:

I agree generally about your point that not everyone will want to log out, however, this site has private pictures of families that the owners would want to protect and log out from.

Thanks again for your help.

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Tue, 2010-02-09 17:24

As the comment implies its my gallery initialization if you're running gallery embedded you may have already initialized gallery and place the code according to your needs.
I was just illustrating where the putRequestVariable method would be called.
Somewhere between your gallery init and handleRequest

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

 
spit

Joined: 2007-08-20
Posts: 14
Posted: Wed, 2010-02-10 07:47

Sidr - that's really helpful - I've now managed to get it all working, so a big "thank you" to you!

For anyone else reading this - here's the final code I used - I had to fix to additional things:
1) add my embedded commands:

Quote:
require_once(dirname(__FILE__) . '/../embed.php');
$ret = GalleryEmbed::init(array('embedUri' => 'blog-index.php?x=313f1'));

2) change my LOGOUT link to include:

Quote:
g2_controller=core.Logout
g2_authToken='.$authToken.'

My full code is therefore:

Quote:
// this page is called myhomepage.php
if(isset($_GET['logout'])) {
$logout = $_GET['logout'];
}else{
$logout = '';
}
if($logout == 'Y'){
require_once(dirname(__FILE__) . '/../embed.php');
$ret = GalleryEmbed::init(array('embedUri' => 'myhomepage'));

global $gallery,$authToken;
if (!isset($authToken)) {
$session = &$gallery->getSession();
$authToken = $session->getAuthToken(); // use a variable for later use(s)
GalleryUtilities::putRequestVariable('authToken', $authToken);
}
$g2data = GalleryEmbed::handleRequest();
if ($g2data['isDone']){
exit;
}
GalleryEmbed::done();
}else{
require_once(dirname(__FILE__) . '/../embed.php');
$ret = GalleryEmbed::init(array('embedUri' => 'myhomepage'));
}

// START OF MY PAGE CODE BELOW
echo'<a href="http://localhost/gallery2/myhomepage.php?g2_controller=core.Logout&g2_authToken='.$authToken.'&logout=Y">Logout</a>';
// etc...