Hesk and login via Auth

Helpdesk for my helpdesk software

Moderator: mkoch227

Post Reply
lhesk
Posts: 12
Joined: Thu Sep 29, 2022 6:23 am

Hesk and login via Auth

Post by lhesk »

I have implementation which give me possibilite login to hesk via keycloak. Below part of code. Everything works but I hew few questions.
1. I know that session in hesk works on the base parametr session.gc_maxlifetime but How it works on page admin_main.php where is autorefresh page?
2. How long works session when user works all the time?

Code: Select all

 
//Login via AOuth
if(isset($_SESSION['logged_keykloak_auth'])) 
{ 
	//Check user by email logged 
	$result = hesk_dbQuery("SELECT user FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` = '".hesk_dbEscape($_SESSION['email_auth'])."' LIMIT 1"); 

	if(hesk_dbNumRows($result) == true)
	{ 
		//Find user in database 
		$row = $result->fetch_assoc(); 

		$result2 = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($row['user'])."' LIMIT 1"); 
		$user_row = hesk_dbFetchAssoc($result2); 

		process_successful_login($user_row); 
		exit(); 
	} 
	else 
	{  
		//Redericted when not find user in database 
		header('Location:index.php?user=unfinded'); 
		exit(); 
	} 
}
Top
Klemen
Site Admin
Posts: 10139
Joined: Fri Feb 11, 2005 4:04 pm

Re: Hesk and login via Auth

Post by Klemen »

Hesk doesn't do anything special; it just uses the built-in PHP session functions.

You may want to look at and study hesk_session_start function from the /inc/common.inc.php file.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here Image

Image You should follow me on Twitter here

Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...

Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Top
lhesk
Posts: 12
Joined: Thu Sep 29, 2022 6:23 am

Re: Hesk and login via Auth

Post by lhesk »

I checked file common.inc.php but I didn't find any inform which I didn't know. Tell me, what will happend on page admin_main.php where I have set auto refresh on 60 seconds. Siession never expire?
Top
Klemen
Site Admin
Posts: 10139
Joined: Fri Feb 11, 2005 4:04 pm

Re: Hesk and login via Auth

Post by Klemen »

The page reloads and the session restarts, yes.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here Image

Image You should follow me on Twitter here

Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...

Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Top
lhesk
Posts: 12
Joined: Thu Sep 29, 2022 6:23 am

Re: Hesk and login via Auth

Post by lhesk »

I would like to keep session in Keycloak so could you tell me, can I use session_regenerate_id ? in my logic? I have logic when every request/refresh page check validy access token in keycloak, if access token expired, refresh token create new access token.
Top
Klemen
Site Admin
Posts: 10139
Joined: Fri Feb 11, 2005 4:04 pm

Re: Hesk and login via Auth

Post by Klemen »

session_regenerate_id just changed the ID of the session, it doesn't change any of the data:
https://www.php.net/manual/en/function. ... ate-id.php

It's commonly used to prevent session fixation so you should generally use it when you handle authentication changes:
https://stackoverflow.com/questions/229 ... enerate-id

Why, when and if you need to use it in your code is up to you, that's not something we can help with.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here Image

Image You should follow me on Twitter here

Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...

Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Top
Post Reply

Return to “Hesk - helpdesk software”