7

I am making an app with codeigniter, and implementing nodejs for realtime stuff. I want to check if a user is logged in with nodejs. With the code below I am able to get the codeigniter session id in nodejs server:

var server = require('https').createServer(options, function(request, response){
var cookies=(function(str){
    var result={};
    str.split(/;\s+/).forEach(function(e){
        var parts=e.split(/=/,2);
        result[parts[0]]=parts[1]||'';
    });
    return result;
})(request.headers.cookie),
    sessionCookieName='ci_session',
    sessionId=cookies[sessionCookieName]||'';
    console.log(sessionId);
}).listen(8080);

The codeigniter session is stored in database and encryption is set to true. And sess_match_ip = TRUE, sess_match_useragent = TRUE;

Now my question is, what is a good way to check if the user is logged in? I have installed the node-mysql client. Iknow that CI does something like:

SELECT *
FROM (`ci_sessions`)
WHERE `session_id` =  'blabla'
AND `ip_address` =  '127.0.0.1'
AND `user_agent` =  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2   
(KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2'

How do I decrypt the session id and check if I get a match from the db?

Thanks in advance

George

Improve this question

2 Answers 2

Reset to default
6

To decrypt the cookie with node.js I think the simplest way is to directly call your CodeIgniter application via comand line. So create a controller with a function decrypt (for exemple) :

class Welcome extends CI_Controller
{
    public function decrypt($toDescrypt)
    {
        $this->load->library('encrypt');
        $toDescrypt = urldecode($toDescrypt);
        echo $this->encrypt->decode($toDescrypt);
    }
}

And in node.js :

var exec = require('child_process').exec;
var mysql = require('mysql');
var client = mysql.createClient({
    user: 'root',
    password: ''
});

var server = require('http').createServer(function(request, response){
    var cookies=(function(str){
        var result={};
        str.split(/;\s+/).forEach(function(e){
            var parts=e.split(/=/,2);
            result[parts[0]]=parts[1]||'';
        });
        return result;
    })(request.headers.cookie),
    sessionCookieName='ci_session',
    sessionId=cookies[sessionCookieName]||'';

    //Execute the PHP code which will decrypt your sessionId and then you can use it to make your request
    var result = exec('php index.php welcome decrypt ' + sessionId, function(error, stdout, stderr) {
        var parts = stdout.split(';')
        var session_id = parts[1].split(':')[2];
        var ip_address = parts[3].split(':')[2];
        var user_agent = parts[5].split(':')[2] + ';' + parts[6] + ';' + parts[7];
        var query = 'select * from ci_sessions where session_id=' + session_id +
                ' and ip_address=' + ip_address + ' and user_agent=' + user_agent;

        client.query('use test');
        client.query(query, function(err, results, fields) {
            console.log(results[0].user_data);

            client.end();
        });
    });
}).listen(8080);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the answer :) Is there a way to make the function "decrypt" private?
Turns out you cant call a private function through the cli. Is there any other way to deny access to that function other than the nodejs call?
Found out that you can do this with codeigniters is_cli_request() stackoverflow.com/questions/8362946/…
0

To add to TrexXx answer, I have found that using the php-unserialize extension (npm install php-unserialize), brings a better cross browser experience. The query would get the results from the unserialized object, which is a lot more reliable:

var leSessionObj = require('php-unserialize').unserialize(sessionId);

Then

var query = 'select * from ci_sessions where session_id=' + leSessionObj.session_id +
        ' and ip_address=' + leSessionObj.ip_address + ' and user_agent=' + leSessionObj.user_agent;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.