Elgg engine integration with other php aplicactions

Hi community, I´ve an Elgg 2.1 installation, and in the same domain and Elgg directory installation I´ve another php aplication:

/var/www/elgg/htdocs/  <--- Elgg

/var/www/elgg/htdocs/app1 <--- Php aplication

So the urls are:

www.domain.com/index.php <--- Elgg

www.domain.com/app1/index.php &lt;--- Php aplication

I´ve loginrequired plugin installed to protect some urls, and I´d like to protect also some urls of the Php aplication like

www.domain.com/app1/admin/auth

But Elgg engine is not running in the php application so the urls are open to the world so, do someone know the way to restrict to logged in users the external php aplication urls?

Thanks in advance!

 

 

  • Here's what I would do:

    • Generate a secure 128 bit key and embed it in both applications.
    • In Elgg, on every request, generate a string like $msg = time() . "," . elgg_get_logged_in_user_guid(); and use HMAC (hash_hmac()) and the key to generate a $mac, which you'd append to $msg. Send that message as a cookie "Elgg_status".
    • In your other application, you can explode the $time, $guid, and $mac and use HMAC and the shared key to verify the time and user GUID. What you won't know is if they were logged out due to inactivity, you'll just know when they were last verified. The good is that this is super lightweight so you can do it on every request.
    • In your application, you can always take $_COOKIES['ELGG'], and make an internal HTTP request to Elgg to verify it responds as if you're logged in. But making server-side HTTP requests to Elgg is slow and effectively doubles the load on your server, so do this sparingly.