Passing Session Variable Error With Joomla

[motrellik]

Hi,

 

I'm attempting to create a global login module using openid and joomla so users can login to the website using their steam accounts.

So far the following code for the module works great:

 

<?php

// no direct access
defined('_JEXEC') or die;

class SteamSignIn
{
const STEAM_LOGIN = 'https://steamcommunity.com/openid/login';

public static function genUrl($returnTo = false, $useAmp = true)
{
$returnTo = (!$returnTo) ? (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/index.php?option=com_simpleregistration' : $returnTo;

$params = array(
'openid.ns' => 'http://specs.openid.net/auth/2.0',
'openid.mode' => 'checkid_setup',
'openid.return_to' => $returnTo,
'openid.realm' => (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'],
'openid.identity' => 'http://specs.openid.net/auth/2.0/identifier_select',
'openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select',
);

$sep = ($useAmp) ? '&' : '&';
return self::STEAM_LOGIN . '?' . http_build_query($params, '', $sep);
}

/**
* Validate the incoming data
*
* @return string Returns the SteamID64 if successful or empty string on failure
*/
public static function validate()
{
// Star off with some basic params
$params = array(
'openid.assoc_handle' => $_GET['openid_assoc_handle'],
'openid.signed' => $_GET['openid_signed'],
'openid.sig' => $_GET['openid_sig'],
'openid.ns' => 'http://specs.openid.net/auth/2.0',
);

// Get all the params that were sent back and resend them for validation
$signed = explode(',', $_GET['openid_signed']);
foreach($signed as $item)
{
$val = $_GET['openid_' . str_replace('.', '_', $item)];
$params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($val) : $val;
}
// Finally, add the all important mode.
$params['openid.mode'] = 'check_authentication';

// Stored to send a Content-Length header
$data = http_build_query($params);
$context = stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' =>
 "Accept-language: en\r\n".
 "Content-type: application/x-www-form-urlencoded\r\n" .
 "Content-Length: " . strlen($data) . "\r\n",
'content' => $data,
),
));
$result = file_get_contents(self::STEAM_LOGIN, false, $context);

// Validate wheather it's true and if we have a good ID
preg_match("#^http://steamcommunity.com/openid/id/([0-9]{17,25})#", $_GET['openid_claimed_id'], $matches);
$steamID64 = is_numeric($matches[1]) ? $matches[1] : 0;
// Return our final value
return preg_match("#is_valid\s*:\s*true#i", $result) == 1 ? $steamID64 : '';
}
}
$steam_login_verify = SteamSignIn::validate();
if(!empty($steam_login_verify)) { ?>
<?php
session_start();
$_SESSION['steamidcode'] = $steam_login_verify;
?>
<?php } else {
$user =& JFactory::getUser();
if (!$user->guest) {
$username = $user->username;
$avatar = $user->avatar;
}
$steam_sign_in_url = SteamSignIn::genUrl();
echo "<a href=\"$steam_sign_in_url\"><img class='steam-login-image' src='http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png' /></a>";
echo "<img class='user-login' src='$avatar' width='40' height='40' /> <span class='user-login'>Hi, $username</span>";
}
// Hide the sign in image after the user is logged in
$usr = JFactory::getUser();
if(0!=$usr->get('id')) : ?>
<style type="text/css">
img.steam-login-image {display:none !important;}
</style>
<?php endif; ?>

<?php
$usr = & JFactory::getUser();
if (($usr->id)==0) : ?>
<style type="text/css">
span.user-login {display:none !important}
img.user-login {display:none !important}
</style>
<?php endif; ?>

 

The problem is that after the module redirects to the component page (to complete the registration process), the session doesn't pass the variable '$steam_login_verify'

 

This is the session code and retrieval of the steamid for the component:

 

<?php
$steam_login_verify = $_SESSION['steamidcode'];
$data = file_get_contents("http://steamcommunity.com/profiles/$steam_login_verify?xml=1");
$profile = new SimpleXMLElement($data); // parse the xml
$avatar = $profile->avatarFull;
$username = $profile->steamID;
$name = $profile->realname;
?>

 

I've tested the session with just regular text and it works, then i tested with $steam_login_verify and it worked, but then stopped working for some reason.

I'm sort of new to php and was following a sessions tutorial. I've also tried using cookies but haven't had success.

 

The error i get when the varible isn't passed is "500 - String could not be parsed as XML".

 

Any help would be appreciated.

 

Thanks guys.

[Christian F.]

I suspect you're getting a warning about "Cannot send headers" in here, but that you've got error reporting turned off and thus you don't see it.

It is highly recommended to have error reporting turned on in your development environment, as it'll help you spot errors immediately. Especially these kinds of errors, which otherwise doesn't have a immediate and clearly visible side effect.

 

That said, you should also remove all of those extra PHP tags from your code. No point in stopping the PHP parser in one line , and starting it in the next. It just wastes resources.

 

PS: There is a thread on header errors stickied at the top of the PHP coding help section, I recommend reading it.