Hello everybody.
The approach used by Nicolas to authenticate on APE is perfect valid
(php to ape).
Also I want to share the way I use to authenticate on it. The approach
is to have APE asks to "PHP" if the authentication is valid (ape to php).
For my case, APE is a "piece" of my website and not the core of it. (for
example a normal CMS + real-time chat)
1. The user enters to the website (php+apache+mysql) and enter its
user and password (i.e. login.php)
2. A hash is stored into a cookie when it is authenticated
3. The hash value is taken and send when APE connects (javascript at
client side)
4. The APE server gets that hash upon connections and makes a request
to a "localhost" script (i.e. connect hook)
5. A php script on "localhost" handles any mysql and/or logic related
to test if the authentication is valid and send the response to
APE (i.e. localhost/ape_auth.php?session_id=aaaaaa)
6. APE drops or accepts the incoming connection based on the
php-script response
7. You should want to make the php-script drops all request other
than those coming from "localhost"
The code at the *APE server side* looks like this (javascript)
/**
* Hook connect method
* When an user is connecting, it must provide its valid session ID.
* If it is not a logged user, then does not accept the connection
*
* @param params (object) The list of parameters sent by the client
* @param cmd (object) Contains information about the client:
*/
Ape.registerHookCmd("connect", function(params, cmd) {
if ( ! params || ! params.session_id) return 0;
var request = new
Http('http://127.0.0.1/is_user_logged_in.php?session=' +
params.session_id);
request.getContent(function(result) { //call the PHP file
if (result !== 0) {
var user = JSON.parse(result); //the JSON gotten could
include user data (i.e. name, uid, email, etc)
cmd.user.code = user.code;
cmd.user.uid = user.uid;
cmd.sendResponse('userCode', {'code': user.code});
log('- ' + user.code + ' is connecting');
return 1;
} else {
log('USER_NOT_LOGGED_IN');
cmd.sendResponse('ERR', {'code': 1001, 'value': 'User
not logged-in'});
return 0;
}
});
});
The code at the *APE client side* looks like this (javascript)
Note: JS unserialize is a very helpful function :-) ->
http://phpjs.org/functions/unserialize:571
var client = new APE.Client();
//Intercept the onLoad event
client.addEvent('load', function(cmd){
//get the session_id from the cookie
var ck = unserialize(Cookie.read('session_id'));
//Call the core start function to connect to APE Server
client.core.start({
'session_id': ck.session_id
});
});
client.load();
On 11/30/2011 05:23 AM, Nicolas Guibert wrote:
> What I do is send a command to APE via PHP when the user is registered.
>
> The command sends a key to APE who stores it.
>
> Then, when the client tries to connect to APE, it sends the key with
> it, and APE checks it.
>
> The code below should help you:
>
>
> $cmd = array(array(
> 'cmd' => 'REGISTER_USER',
> 'params' => array(
> 'name' => "register_user",
> 'user_id' => $user_id,
> 'check_key' => $key,
> 'activation_key' => $activation_key
> )
> ));
>
> // Attention this is synchronous, so it may freeze the server ??
> $data=send_command_to_APE($cmd);
>
> if ($data===FALSE OR $data=="")
> {
> //die("Server down!!");
> header('location:server_down.php');
> die(); // Otherwise, the next header location will take
> precedence.
> }
> else
> {
> if ($data[0]->raw=="ERR") // 005 NICK USED
> {
> // We can test
> // $data[0]->data->code
> // for "005"
> // OR
> // $data[0]->data->value
> // for "NICK USED";
> header('location:already_connected.php');
> die();
> }
> else
> {
> //die("data:".$data[0]->data->value);//print_r($data));
>
> // Something went wrong with the registration of the user
> on the HM server
> if ($data[0]->data->value==0)
> {
> header('location:server_down.php');
> die();
> }
>
> //die("data:".$data[0]->data->value);//print_r($data));
> // Nothing, let's continue! Checks succeeded!
> }
> //die("ok");
> }
>
>
>
> // Attention this is synchronous, so it may freeze the server ??
> function send_command_to_APE($cmd)
> {
>
> $base="local.ape-project.org <http://local.ape-project.org>";
> $port=":6969";
>
> $APEserver = "http://ape.".$base.$port."/?";;
>
> $context= stream_context_create(array(
> 'http' => array(
> 'timeout' => 5
> )
> )
> );
>
> $data =
> @file_get_contents($APEserver.rawurlencode(json_encode($cmd)),0,
> $context);
>
> $data = json_decode($data);
>
> return $data;
> }
>
>
>
>
>
> 2011/11/30 KhoaTA <[email protected] <mailto:[email protected]>>
>
> And one thing currently i have to have APE connect MySQL.
>
> That is authenticating user who connects to APE.
> The process is:
> - User connects to web server, web server will save sessionId in MySQL
> & return sessionId to user.
> - User then connects to APE along with sessionId, APE will check if
> the submitted sessionId is equal to sessionId in MySQL.
>
> Currently i can't find another way for authentication. And APE is
> having problem with MySQL now.
> Thanks for your support.
>
> --
> You received this message because you are subscribed to the Google
> Groups "APE Project" group.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>
> To unsubscribe from this group, send email to
> [email protected]
> <mailto:ape-project%[email protected]>
> For more options, visit this group at
> http://groups.google.com/group/ape-project?hl=en
> ---
> APE Project (Ajax Push Engine)
> Official website : http://www.ape-project.org/
> Git Hub : http://github.com/APE-Project/
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "APE Project" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/ape-project?hl=en
> ---
> APE Project (Ajax Push Engine)
> Official website : http://www.ape-project.org/
> Git Hub : http://github.com/APE-Project/
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
