External login check

7h3ev1l

Hey, how can i check if user is logged in flarum forum with php.
I want to make some php apps without laravel i need to get "is user logged" and "username"

Davis

7h3ev1l Use
https://discuss.flarum.org/api/users/7h3ev1l
or
https://discuss.flarum.org/api/users/4389

with

data->attributes->lastSeenTime
and
data->attributes->username

Franz

I think 7h3ev1l is asking for checking whether the current visitor is logged in with Flarum on another page of his site. Correct?

7h3ev1l

Nice, but is possible to get current login user without to know name of the user.
Is there cookie who can do this?

datitisev

7h3ev1l There is probably a cookie with the user's token or so.
That's what Google does, anyway ?

Davis

7h3ev1l Oh you want a list of all the users currently online?

7h3ev1l

Yes i see allready.. does flarum have some php file who i can include at php file and to get directly is user logged and name of the user.

7h3ev1l

Davis Sure not, but this will be good too ?DDD

I actually need this for just a php app and i need to get user session+username its simple
I need to do this.

if ($logged = 1) {
echo $nameofuser;
}

santiagobiali

7h3ev1l you can use the user's api, if it returns something, then its logged, if returns not found it's not.

santiagobiali

Oh you want a list of all the users currently online?

Flarum gets last_seen_time from users table. If it's less than 5 minutes then it's online.
You could do something like that.

EDIT: didn't see the preview post.

7h3ev1l

Yeah but how can i know who i am who is the logged user ?DDDD Oh maybe i cant explain...

Davis

7h3ev1l You can find the user currently logged in by using the Javascript varible app.session.user

7h3ev1l

Franz yes

Toby

I don't actually think there's a good way to do this currently... Provided your site is on the same domain, you do have access to a cookie called flarum_session which can authenticate API requests... but then that doesn't help because we don't have an API endpoint to get the current user – we assume that you already know the user ID, like the default client.

Perhaps we need to implement an API endpoint to get the user whom the session belongs to (/api/user ?). Or we could add an attribute with the current user ID to the /api/forum endpoint. Any thoughts @Franz?

7h3ev1l

/api/user is not problem to use it with php. json etc, i know how.

Toby I think this is the way i need.

Franz

I think the /api/user endpoint would only make sense for fetching the data via JavaScript. But in this case, the OP wants to do it via PHP, I think.

Toby

Franz Why do you think it would only be useful for JS? Say you have an API token on file in PHP (effectively the same thing as a session cookie) – how else are you going to tell who the token belongs to?

Franz

Toby I thought this endpoint was meant to provide information about the currently logged in user, i.e. authenticating via cookie...?

Toby

Franz It would provide information about the currently logged in user, as in the user who the API request belongs to – whether they've been authenticated via a cookie, or via a token header.

7h3ev1l

Something new?