Forum

Thread tagged as: Question, Members

perch_member_logged_in() not working

Hi,

I have come across a weird issue tonight and I cant see what's going on. I have set up the secure downloads page as per the example in the members app documentation. However it doesn't seem to be working. The code block I believe to be at fault is:

    if (perch_member_logged_in()) {
    $allow_download = true;
}

I have switched on debug logs if the user is not logged in. And whilst on the index.php page (also for the members area) I can see loads of SQL calls, the download page only has one for a pagePath (which returns 0 results)

The full PHP for download.php is:

<?php include($_SERVER['DOCUMENT_ROOT'] . '/perch/runtime.php');
// config
$bucket_name = $_GET['clientId'];
$url_param   = 'file';
// By default, deny downloads unless we've proved the member is allowed this file.
$allow_download = false;
// Check a member is logged in
if (perch_member_logged_in()) {
    $allow_download = true;
}
/*
Alternatively, you could check for a specific tag, e.g.

if (perch_member_has_tag('subscriber')) {
    $allow_download = true;
}   
*/
if ($bucket_name == 00005){
    $allow_download = true;     
}   
// Deliver the file.
if ($allow_download) {
    perch_members_secure_download(perch_get($url_param), $bucket_name, false);
}else{
    echo "Please login to see images";
    echo PerchSystem::get_page();
    PerchUtil::output_debug();
}
exit;
?>

I had to add an override in for a recent client of mine as they really wanted to see their photos however this is totally bypassing security. Perch is obviously running on the page because the two bits in the else statement work.

Any ideas?

Stefan Wright

Stefan Wright 0 points

  • 3 years ago

I have also found that if I try to run the same code locally, I get a query for SELECT * FROM perch3_members_sessions on the download.php page but not if I run the same thing on my hosting. This does mean I show as logged in when on download.php on LOCALHOST but not LIVE

Drew McLellan

Drew McLellan 2638 points
Perch Support

Can you show us your diagnostic report?

Drew McLellan said:

Can you show us your diagnostic report?

Sure,

Basic
    Health check
    Perch is up to date
    PHP 7.1.19 is up to date
    MySQL 5.5.5-10.1.30-MariaDB-1~xenial is up to date
    Image processing available
   Summary information
   Perch: 3.1.1, PHP: 7.1.19, MySQL: mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $, with PDO
   Server OS: Linux, cgi-fcgi
   Installed apps: content (3.1.1), assets (3.1.1), categories (3.1.1), perch_forms (1.10), perch_gallery (2.8.9), perch_members (1.6.4)
   App runtimes: <?php $apps_list = [ 'perch_forms', 'perch_gallery', 'perch_members' ];
   PERCH_LOGINPATH: /perch
   PERCH_PATH: /customers/4/f/9/stefan-wright.com/httpd.www/perch
   PERCH_CORE: /customers/4/f/9/stefan-wright.com/httpd.www/perch/core
   PERCH_RESFILEPATH: /customers/4/f/9/stefan-wright.com/httpd.www/perch/resources
   Image manipulation: GD
   PHP limits: Max upload 96M, Max POST 96M, Memory: 512M, Total max file upload: 96M
   F1: 3b606135b33e6a102526838f4152a807
   Resource folder writeable: Yes
   SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
   REQUEST_URI: /perch/core/settings/diagnostics/
   HTTP_HOST: www.stefan-wright.com
   DOCUMENT_ROOT: /customers/4/f/9/stefan-wright.com/httpd.www

Extended:

Perch: 3.1.1
Production mode: Production (100)
Installed apps: content (3.1.1), assets (3.1.1), categories (3.1.1), perch_forms (1.10), perch_gallery (2.8.9), perch_members (1.6.4)
DB driver: PDO
DB tables: bucketsPHP (3), clients (3), offer_codes (2), packageDetails (1), perch3_categories (0), perch3_category_counts (0), perch3_category_sets (0), perch3_content_index (769), perch3_content_items (132), perch3_content_regions (48), perch3_forms (6), perch3_forms_responses (68), perch3_gallery_albums (5), perch3_gallery_image_versions (6348), perch3_gallery_images (1056), perch3_members (3), perch3_members_forms (2), perch3_members_member_tags (4), perch3_members_sessions (5), perch3_members_tags (7), perch3_menu_items (11), perch3_navigation (2), perch3_navigation_pages (6), perch3_page_templates (1), perch3_pages (17), perch3_resource_log (172), perch3_resource_tags (1), perch3_resources (60), perch3_resources_to_tags (1), perch3_settings (28), perch3_user_passwords (0), perch3_user_privileges (37), perch3_user_role_privileges (2), perch3_user_roles (2), perch3_users (1), receipts (6)
Users: 1
App runtimes:
<?php
    $apps_list = [ 
    'perch_forms',
    'perch_gallery',
    'perch_members'
    ];
Editor plug-ins: desktop.ini
H1: 3c55d419b5b43b2692630ae581df1ad1
L1: 3baded0fc9ef5f3d42dacbffc053e828
F1: 3b606135b33e6a102526838f4152a807
headerColour: #484848
content_singlePageEdit: 1
helpURL:
siteURL: /
hideBranding: 1
content_collapseList: 1
lang: en-gb
installedAt: 3.0.14
update_3.0.14: done
latest_version:
on_sale_version: 3.1.1
headerScheme: dark
dashboard: 1
sidebar_back_link: 1
hide_pwd_reset: 0
keyboardShortcuts: 0
content_hideNonEditableRegions: 0
content_frontend_edit: 0
content_skip_region_list: 0
assets_restrict_buckets: 0
logoPath: /stefan-wright.com/perch/resources/logo.jpg
perch_gallery_update: 2.8.5
perch_gallery_bucket_mode: dynamic
perch_gallery_bucket: secure
perch_gallery_basicUpload: 0
update_3.1.1: done
perch_members_update: 1.4
perch_members_login_page: /members/login.php?r={returnURL}
PERCH_DEVELOPMENT: 10
PERCH_STAGING: 50
PERCH_PRODUCTION: 100
PERCH_DB_USERNAME: stefan_wright_com
PERCH_DB_SERVER: localhost
PERCH_DB_DATABASE: stefan_wright_com
PERCH_DB_PREFIX: perch3_
PERCH_TZ: UTC
PERCH_EMAIL_FROM: info@stefan-wright.com
PERCH_EMAIL_FROM_NAME: Stefan Wright Photography
PERCH_LOGINPATH: /perch
PERCH_PATH: /customers/4/f/9/stefan-wright.com/httpd.www/perch
PERCH_CORE: /customers/4/f/9/stefan-wright.com/httpd.www/perch/core
PERCH_RESFILEPATH: /customers/4/f/9/stefan-wright.com/httpd.www/perch/resources
PERCH_RESPATH: /perch/resources
PERCH_HTML5: 1
PERCH_EMAIL_METHOD: smtp
PERCH_EMAIL_HOST: send.one.com
PERCH_EMAIL_AUTH: 1
PERCH_EMAIL_SECURE: tls
PERCH_EMAIL_PORT: 587
PERCH_EMAIL_USERNAME: info@stefan-wright.com
PERCH_DEBUG: 1
PERCH_RUNWAY:
PERCH_ERROR_MODE: DIE
PERCH_DATE_LONG: %d %B %Y
PERCH_DATE_SHORT: %d %b %Y
PERCH_TIME_SHORT: %H:%M
PERCH_TIME_LONG: %H:%M:%S
PERCH_RUNWAY_ROUTED:
PERCH_STRONG_PASSWORDS:
PERCH_ASSET_VERSION: 8255e4c4a367cfa3e2bd
PERCH_PREVIEW_ARG: preview
PERCH_TEMPLATE_PATH: /customers/4/f/9/stefan-wright.com/httpd.www/perch/templates
PERCH_TEMPLATE_FILTERS:
PERCH_DEFAULT_DOC: index.php
PERCH_DEFAULT_EXT: .php
PERCH_PRODUCTION_MODE: 100
PERCH_XHTML_MARKUP:
PERCH_RWD: 1
PERCH_HTML_ENTITIES:
PERCH_SSL:
PERCH_STRIPSLASHES:
PERCH_PROGRESSIVE_FLUSH: 1
PERCH_PARANOID:
PERCH_FORCE_SECURE_COOKIES:
PERCH_DEFAULT_BUCKET: default
PERCH_TRANSLATION_ASSIST:
PERCH_PASSWORD_MIN_LENGTH: 6
PERCH_MAX_FAILED_LOGINS: 10
PERCH_AUTH_LOCKOUT_DURATION: 1 HOUR
PERCH_VERIFY_UPLOADS:
PERCH_PRIV_ASSIST:
PERCH_CUSTOM_EDITOR_CONFIGS:
PERCH_ENABLE_EXIF: 1
PERCH_AUTH_PLUGIN:
PERCH_DB_CHARSET: utf8
PERCH_DB_PORT:
PERCH_DB_SOCKET:
PERCH_APPS_EDITOR_PLUGIN: markitup
PERCH_APPS_EDITOR_MARKUP_LANGUAGE: markdown
Hosting settings
PHP: 7.1.19
Zend: 3.1.0
OS: Linux
SAPI: cgi-fcgi
Safe mode: not detected
MySQL client: mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
MySQL server: 5.5.5-10.1.30-MariaDB-1~xenial
Free disk space: 45.85 TB
Extensions: Core, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, calendar, ctype, curl, dba, dom, hash, fileinfo, filter, gd, gettext, SPL, iconv, session, intl, json, mbstring, mcrypt, standard, mysqlnd, mysqli, PDO, pdo_mysql, pdo_sqlite, readline, Reflection, imap, SimpleXML, soap, exif, sysvshm, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, cgi-fcgi
GD: Yes
ImageMagick: No
PHP max upload size: 96M
PHP max form post size: 96M
PHP memory limit: 512M
Total max uploadable file size: 96M
Resource folder writeable: Yes
Session timeout: 24 minutes
Native JSON: Yes
Filter functions: Yes
Transliteration functions: Yes
ONECOM_DOMAIN_NAME: stefan-wright.com
ONECOM_DOMAIN_ROOT: /customers/4/f/9/stefan-wright.com/
ONECOM_MEMORYLIMIT: 1073741824
ONECOM_CPU_SHARES: 1024
ONECOM_EXEC: php7.1
HTTP_CONNECTION: close
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
REQUEST_URI: /perch/core/settings/diagnostics/?extended
QUERY_STRING: extended
REQUEST_METHOD: GET
SERVER_PROTOCOL: HTTP/1.1
GATEWAY_INTERFACE: CGI/1.1
REMOTE_PORT: 33404
SCRIPT_FILENAME: /customers/4/f/9/stefan-wright.com/httpd.www/perch/core/settings/diagnostics/index.php
SERVER_ADMIN: support@one.com
CONTEXT_DOCUMENT_ROOT: /var/www
REQUEST_SCHEME: http
REMOTE_ADDR: 162.158.154.92
SERVER_PORT: 80
SERVER_ADDR: 10.27.3.12
SERVER_NAME: www.stefan-wright.com
SERVER_SOFTWARE: Apache
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HTTP_X_VARNISH: 1005099900
HTTP_COOKIE: _ga=GA1.2.1087799426.1529414854; cmsa=1; _gid=GA1.2.77265838.1533556564; PHPSESSID=ef9197d6c8eb18fcafdb3d5167f7dff2
HTTP_X_ONECOM_HOST: stefan-wright.com
HTTP_X_FORWARDED_PROTO: http
HTTP_X_ONECOM_FORWARDED_PROTO: http
HTTP_X_FORWARDED_FOR: 194.74.101.82, 162.158.154.92
HTTP_CF_CONNECTING_IP: 194.74.101.82
HTTP_ACCEPT_LANGUAGE: en-GB,en;q=0.9
HTTP_REFERER: https://www.stefan-wright.com/perch/core/settings/diagnostics/
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
HTTP_DNT: 1
HTTP_UPGRADE_INSECURE_REQUESTS: 1
HTTP_CF_VISITOR: {"scheme":"https"}
HTTP_CF_RAY: 446153918aa335c0-LHR
HTTP_CF_IPCOUNTRY: GB
HTTP_ACCEPT_ENCODING: gzip
HTTP_HOST: www.stefan-wright.com
ENV_VCV_ENV_ADDONS_ID: one.com
ENV_VCV_TOKEN_URL: https://wpapi.one.com/api/v1.0/plugins/visualcomposer/activate
ONECOM_WP_ADDONS_API: https://wpapi.one.com
ONECOM_WEBSHOP_HOST: webshop1.cst.webpod1-cph3.one.com
ONECOM_TMPDIR: /customers/4/f/9/stefan-wright.com//tmp
DOMAIN_NAME: stefan-wright.com
ONECOM_DOCUMENT_ROOT: /customers/4/f/9/stefan-wright.com/httpd.www
DOCUMENT_ROOT: /customers/4/f/9/stefan-wright.com/httpd.www
FCGI_ROLE: RESPONDER
PHP_SELF: /perch/core/settings/diagnostics/index.php
REQUEST_TIME_FLOAT: 1533556651.8059
REQUEST_TIME: 1533556651

I have just realised the problem. The request is cross-domain! so of course the session isnt transferred to that.

Sorry, it was such a silly question

For anyone else that comes across this "issue" potentially. I ended up modifying some of the core code so that I was able to be change the domain the cookie is stored against

@Perch team, maybe this is something that could be introduced as a variable in the perch core config?

Stefan,

Modifying core code is a real bad idea. Not only will the changes be overwritten when you update perch but it will also void perch support. Even simple changes can cause headaches within the core code. Thanks for the tip but it’s highly discouraged.

Robert Ketter said:

Stefan,

Modifying core code is a real bad idea. Not only will the changes be overwritten when you update perch but it will also void perch support. Even simple changes can cause headaches within the core code. Thanks for the tip but it’s highly discouraged.

Hi Robert, I understand the risk to myself, I will remove the previous tip though so as not to put other at risk of what might be a temporary fix/workaround.

Do you happen to know if there is a different way to set the cookie domain option?