Session problem, when including Moodle page

Session problem, when including Moodle page

by Konrad Lorinczi -
Number of replies: 17

 

I try to include a Moodle page (same server) using  file_get_contents() PHP function.
The user is logged in, and try to call file_get_contents($url) to load a page of an assignment.
I pass the sesskey through the URL, but it seems, it is not enough, the page loads as if the user would be not logged in.

function get_webpage($url, $sesskey) {
    global $USER;
    $url .= '&sesskey='.$sesskey;
    $page = file_get_contents($url);
    return $page;
}

 

Isn't enough to pass the sesskey?
What other variables do I need to pass to file_get_contents($url)?
Any idea how to fix this session problem?

 

Thanks!

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Hubert Chathi -

Moodle uses the MoodleSession cookie to identify the user's session.  The sesskey parameter is only used to prevent CSRF attacks, and does not identify the user.

Note, however, that it seems that Moodle checks the IP addresses of requests, and if you make a request from a different IP address, then it will complain (such as would happen if you fetch the page locally).  I'm not sure if that can be turned off.

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

Any idea how to solve this problem?

I need to include the course module pages into a Moodle page (something like Server Side Include), and without session handling I can not go further.

 

 

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

I tried the following code, but still the same login page.

 

    $opts = array(
      'http'=>array(
        'method'=>"POST",
        'header'=>
            "Accept-language: en\r\n".
            "Content-type: application/x-www-form-urlencoded\r\n",
            'content'=>http_build_query(array(
                'sesskey'=>$sesskey1,
                'MoodleSession'=>$_COOKIE['MoodleSession'], 
                'MoodleSessionTest'=>$_COOKIE['MoodleSessionTest'], 
                'MOODLEID_'=>$_COOKIE['MOODLEID_'], 
                'PHPSESSID'=>$_COOKIE['PHPSESSID'], 
            )
        )
        
      )
    );

    $context = stream_context_create($opts);

    $page = file_get_contents($url, false, $context);
print_r($page);



Any idea?


Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

bump...

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Mary Evans -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

Hi,

I'm not sure if this code might help in solving your problem. It's part of a profileblock I add, to some themes I make, which puts the login form in the header.

I know it's not the same case you are using but it uses $SESSION. It's a very old file we used in Moodle 1.9 but still works in Moodle 2

I just thought there may be a clue in there somewhere for you to use?

function get_content () {
    global $USER, $CFG, $SESSION, $COURSE;
    $wwwroot = '';
    $signup = ''; }

if (empty($CFG->loginhttps)) {
        $wwwroot = $CFG->wwwroot;
} else {
        $wwwroot = str_replace("http://", "https://", $CFG->wwwroot);
}

if (!isloggedin() or isguestuser()) {
    echo '<div id="profilelogin">';
    echo '<form id="login" method="post" action="'.$wwwroot.'/login/index.php?authldap_skipntlmsso=1">';
    echo '<ul>';
    echo '<li><input class="loginform" type="text" name="username" id="login_username" value="" placeholder="'.get_string('username').'") /></li>';
    echo '<li><input class="loginform" type="password" name="password" id="login_password" value="" placeholder="'.get_string('password').'"/></li>';
    echo '<li><input type="submit" value="&nbsp;&nbsp;'.get_string('login').'&nbsp;&nbsp;" /></li>';
    echo '</ul>';
    echo '</form>';
    echo '</div>';
} else {
    echo '<div id="profilepic">';
    echo $OUTPUT->user_picture($USER, array('size'=>60));
    echo '</div>';
    echo '<div id="profilename">';
    echo '<ul><li><a href="'.$CFG->wwwroot.'/user/view.php?id='.$USER->id.'&amp;course='.$COURSE->id.'">'.$USER->firstname.' '.$USER->lastname.'</a></li></ul>';
    echo '</div>';
} ?>

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Hubert Chathi -

You are not building the HTTP request correctly.  Cookies are set in the "Set-Cookie" HTTP header.

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

Mary: I'm afraid the code you quoted, is not related to my problem. I need to load/include a Moodle page into another Moodle page, while I keep the logged in session. I have to pass session info to PHP so it loads a page indise Moodle, not just the login page.

Hubert Chathi: so you mean it should look like this?

    $opts = array(
      'http'=>array(
        'method'=>"POST",
        'header'=>
            "Accept-language: en\r\n".
            "Content-type: application/x-www-form-urlencoded\r\n",
            'Set-Cookie'=>http_build_query(array(
                'sesskey'=>$sesskey1,
                'MoodleSession'=>$_COOKIE['MoodleSession'], 
                'MoodleSessionTest'=>$_COOKIE['MoodleSessionTest'], 
                'MOODLEID_'=>$_COOKIE['MOODLEID_'], 
                'PHPSESSID'=>$_COOKIE['PHPSESSID'], 
            )
        )
        
      )
    );

    $context = stream_context_create($opts);

    $page = file_get_contents($url, false, $context);
print_r($page);

Thanks is advance!

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Hubert Chathi -

https://en.wikipedia.org/wiki/HTTP_cookie#Setting_a_cookie shows what the headers look like when setting cookies (see the second block, where there are two "Set-Cookie" headers sent from the server to the client).

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

Is this better? However I still get the login page...

 

    $opts = array(
      'https'=>array(
        'method'=>"GET",
        'header' =>    
                "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10\r\n" .
                "Set-Cookie: sesskey=".$sesskey1."\r\n" . 
                "Set-Cookie: MoodleSession=".$_COOKIE['MoodleSession']."\r\n" . 
                "Set-Cookie: MoodleSessionTest=".$_COOKIE['MoodleSessionTest']."\r\n" . 
                "Set-Cookie: MOODLEID_=".$_COOKIE['MOODLEID_']."\r\n" . 
                "Set-Cookie: PHPSESSID=".$_COOKIE['PHPSESSID']."\r\n"
      )
    );
print_r($opts);

    $context = stream_context_create($opts);
print_r($context);

    $page = file_get_contents($url, false, $context);


    $opts2 = array(
      'https'=>array(
        'method'=>"GET",
        'header' =>    
                "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10\r\n" .
                "Cookie: sesskey=".$_COOKIE['sesskey']."\r\n" . 
                "Cookie: MoodleSession=".$_COOKIE['MoodleSession']."\r\n" . 
                "Cookie: MoodleSessionTest=".$_COOKIE['MoodleSessionTest']."\r\n" . 
                "Cookie: MOODLEID_=".$_COOKIE['MOODLEID_']."\r\n" . 
                "Cookie: PHPSESSID=".$_COOKIE['PHPSESSID']."\r\n"
      )
    );
print_r($opts2);

    $context = stream_context_create($opts2);
print_r($context);

    $page = file_get_contents($url, false, $context);
print_r($page);


In first step I set the cookies, then in second step I read them, and pass to the page.

Do I still do something wrong?

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Hubert Chathi -

Sorry, I was wrong.  Cookies are set by the client in the "Cookie" header, and multiple cookies are set in the same header, separated by a semicolon (";").  See the third block in that Wikipedia page.  You shouldn't need the first step.

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

This is the solution, what I tried earlier.

But this is not working, it shows a login page, Moodle seems does not take session info sad

    $opts = array(
      'https'=>array(
        'method'=>"GET",
        'header' =>    
                "Accept-language: en-us,en;q=0.5\r\n" .
                "Cookie: sesskey=".$sesskey1."; MoodleSession=".$_COOKIE['MoodleSession']."; MoodleSessionTest=".$_COOKIE['MoodleSessionTest']."; MOODLEID_=".$_COOKIE['MOODLEID_']."; PHPSESSID=".$_COOKIE['PHPSESSID']."\r\n"
      )
    );
    
    $context = stream_context_create($opts);
print_r($context);

    $page = file_get_contents($url, false, $context);
print_r($page);


Something is still wrong...

Average of ratings: -
In reply to Konrad Lorinczi

Re: Session problem, when including Moodle page

by Hubert Chathi -

You should use 'http' instead of 'https' in the $opts array.

However, this doesn't seem to work as expected (in Moodle 2.x): it seems that there is some session locking going on -- the session is locked until the user's request is completed, which prevents the file_get_contents request from completing.  But you can verify that it is making the correct request by hard-coding in your MoodleSession cookie, and then visiting the page in a different browser.

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

I tried using http in $opts array, but I get the same Moodle login page sad sad

Average of ratings: -
In reply to Hubert Chathi

Re: Session problem, when including Moodle page

by Konrad Lorinczi -

I also tried this code, without success:

    $opts = array(
      'https'=>array(
        'method'=>"GET",
        'header' =>    
                "Accept-language: en-us,en;q=0.5\r\n" .
                "Cookie: sesskey=".$sesskey1."; MoodleSession=".$_COOKIE['MoodleSession']."; MoodleSessionTest=".$_COOKIE['MoodleSessionTest']."; MOODLEID_=".$_COOKIE['MOODLEID_']."; PHPSESSID=".$_COOKIE['PHPSESSID']."\r\n"
      )
    );
    
    $context = stream_context_create($opts);
print_r($context);

    $page = file_get_contents($url, false, $context);
print_r($page);


Any idea?

Average of ratings: -