Single Signon with Magento account from drupal

Question

I have custom Magento script file as below which does login by just passing email and password to that PHP file.

It works fine when i'm making a call from browser.

But, I want to make this call through Drupal Module which i have created.

As i expected call is happening from Drupal module and i'm getting success message too. But login is not happening.

My hunch is that magento have some login restrictions which happening outside magento root folder.

Please find the source below. Drupal directory - /www/drupal/ Magento directory - /www/drupal/store/

/www/drupal/store/api_config.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');

require_once (dirname(dirname(realpath(__FILE__))).'/store/app/Mage.php');
umask(0);
Mage::app();
Mage::getSingleton('core/session', array('name' => 'frontend'));
$websiteId = Mage::app()->getWebsite()->getId();
$store = Mage::app()->getStore();
$response = array();

/www/drupal/store/api_login.php

<?php
require_once "api_config.php";

$session = Mage::getSingleton('customer/session');
//$session->start();

if (isset($_GET['email']) && !empty($_GET['email']) && isset($_GET['password']) && !empty($_GET['password'] )) {
    if (!filter_var($_GET['email'], FILTER_VALIDATE_EMAIL) === false) {
        $email = $_GET['email'];
        $password = $_GET['password'];

        try {
            if ($session->login($email, $password )) {
                $response['status'] = 'success';
                $response['data'] = array($_GET);
                $response['message'] = array('User loggedin Successfully.');
            } else {
                $response['status'] = 'error';
                $response['data'] = array($_GET);
                $response['message'] = array('User login failed.');
            }
            if ($session->getCustomer()->getIsJustConfirmed()) {
                $this->_welcomeCustomer($session->getCustomer(), true);
            }
        } catch (Mage_Core_Exception $e) {
            switch ($e->getCode()) {
                case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED:
                    $value = Mage::helper('customer')->getEmailConfirmationUrl($email);
                    $message = Mage::helper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', $value);
                    break;
                case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
                    $message = $e->getMessage();
                    break;
                default:
                    $message = $e->getMessage();
            }
            //$session->addError($message);
            $response['status'] = 'error';
            $response['data'] = array($_GET);
            $response['message'] = array($message);
            echo $message;
            $session->setUsername($email);
        } catch (Exception $e) {
            $response['status'] = 'error';
            $response['data'] = array($_GET);
            $response['message'] = array($e);
            // Mage::logException($e); // PA DSS violation: this exception log can disclose customer password
        }
    } else {
        //$session->addError('Login and password are required.');
        $response['status'] = 'error';
        $response['data'] = array($_GET);
        $response['message'] = array('Invalid Email address');
    }
} else {
    //$session->addError('Login and password are required.');
    $response['status'] = 'error';
    $response['data'] = array($_GET);
    $response['message'] = array('Login and password are required.');
}
print_r(json_encode($response, JSON_FORCE_OBJECT));die;
?>

/www/drupal/sites/all/modules/single_signon/single_signon.module

<?php
function single_signon_user_login(&$edit, $account) {

    //store variable values
    $postData = array();
    $postData['email'] = $account->mail;
    $postData['password'] = $edit['input']['pass'];

    $inc = 1; //count of registration

    if (!empty($postData['email']) && !empty($postData['password'])) {

        // use of drupal_http_request
        $data = http_build_query($postData, '', '&');
        //$url = url('http://127.0.0.1/drupal/store/api_login.php?'.$data);
        //$headers = array('Content-Type' => 'application/x-www-form-urlencoded');
        //print_r($url);
        // the actual sending of the data
        $JSONresponse = drupal_http_request('http://127.0.0.1/drupal/store/api_login.php?email=john@example.com&password=password');
        //print_r($JSONresponse);die;
        $response = json_decode($JSONresponse->data, true);

        if ($response['status']=='success') {
            $inc+=1;
            $message = 'Logged in successfully('.$inc.')';
            drupal_set_message($message, $type = 'status', $repeat = FALSE); //message goes here
        } else {
            $message = 'Logged in failed. Due to '.$response['message'].'('.$inc.')';
            drupal_set_message($message, $type = 'error ', $repeat = FALSE);
        }
    } else {
        $message = 'Not able to log inside store('.$inc.')';
        drupal_set_message($message, $type = 'status', $repeat = FALSE); //message goes here
    }
}
?>

Any suggestions for findings to solve this mystery would be really helpful.

Answer 1

I'm not sure to understand it well : You have a php script using data send in the URL (GET) to connect a user in a session. And you would like the Drupal server to use it to connect directly to your Magento.

I think your code is working, but unfortunately it could not help the user to connect to Magento.

As this is the Drupal server asking for the connection, it would be the Drupal server session that will be connected and not the navigation user one.

If the user have to be connected, in his navigator, to the Magento server, it has to be the navigator witch must call the Magento script directly. It could be done in an iframe or via Ajax I think.

I think you can also find some other solutions, as OAuth, but it will need a lot more of coding.

EDIT

I found some interesting subject about your problem :

• Getting logged in user ID from Magento in external script - multiple session issue?
• Magento Session from external page (same domain)
• Magento external login will not create session cookie

I think you have to manually create the Magento session cookie on the user navigator, from the Drupal script.

You'll need to send back to Drupal the SessionID from Magento, using this method (I think, you'll have to verify) :

$response['sessionId'] = $session->getEncryptedSessionId();

And inside the Drupal script, you'll have to record a new cookie with the Magento session information. Maybe you have to have a look at a working Magento cookie to see how it is defined and what is its name.

if ($response['status']=='success') {
    ...
    setcookie('frontend', $response['sessionId'], time() + 3600 * 24 * 180, '/');
    ...
}

You'll probably have to declare, in the settings of Magento, the path for cookies at '/'.

Can you give an example of the structure of the session cookie from Magento ?