Forum
perch_member_logged_in() not working
Hi,
I have come across a weird issue tonight and I cant see what's going on. I have set up the secure downloads page as per the example in the members app documentation. However it doesn't seem to be working. The code block I believe to be at fault is:
if (perch_member_logged_in()) {
$allow_download = true;
}
I have switched on debug logs if the user is not logged in. And whilst on the index.php page (also for the members area) I can see loads of SQL calls, the download page only has one for a pagePath (which returns 0 results)
The full PHP for download.php is:
<?php include($_SERVER['DOCUMENT_ROOT'] . '/perch/runtime.php');
// config
$bucket_name = $_GET['clientId'];
$url_param = 'file';
// By default, deny downloads unless we've proved the member is allowed this file.
$allow_download = false;
// Check a member is logged in
if (perch_member_logged_in()) {
$allow_download = true;
}
/*
Alternatively, you could check for a specific tag, e.g.
if (perch_member_has_tag('subscriber')) {
$allow_download = true;
}
*/
if ($bucket_name == 00005){
$allow_download = true;
}
// Deliver the file.
if ($allow_download) {
perch_members_secure_download(perch_get($url_param), $bucket_name, false);
}else{
echo "Please login to see images";
echo PerchSystem::get_page();
PerchUtil::output_debug();
}
exit;
?>
I had to add an override in for a recent client of mine as they really wanted to see their photos however this is totally bypassing security. Perch is obviously running on the page because the two bits in the else statement work.
Any ideas?
I have also found that if I try to run the same code locally, I get a query for SELECT * FROM perch3_members_sessions on the download.php page but not if I run the same thing on my hosting. This does mean I show as logged in when on download.php on LOCALHOST but not LIVE
Can you show us your diagnostic report?
Sure,
Extended:
I have just realised the problem. The request is cross-domain! so of course the session isnt transferred to that.
Sorry, it was such a silly question
For anyone else that comes across this "issue" potentially. I ended up modifying some of the core code so that I was able to be change the domain the cookie is stored against
@Perch team, maybe this is something that could be introduced as a variable in the perch core config?
Stefan,
Modifying core code is a real bad idea. Not only will the changes be overwritten when you update perch but it will also void perch support. Even simple changes can cause headaches within the core code. Thanks for the tip but it’s highly discouraged.
Hi Robert, I understand the risk to myself, I will remove the previous tip though so as not to put other at risk of what might be a temporary fix/workaround.
Do you happen to know if there is a different way to set the cookie domain option?