1
<?php
header("Access-Control-Allow-Origin: *");
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
$user->session_begin();
$auth->acl($user->data);
$user->setup();
$mode = request_var('mode', '');
echo $user->data['username'];
?>

So I have this code on my hosted website. I'm using phpBB but if I go to my website DyingGhost.tk/getLoggedUser.php it returns the logged in user. But if I use a get request via another webpage I get Anonymous (phpBB bot function I think). Why dose it not return the username even that the user is logged in.

Callum Overy
  • 11
  • 1
  • This is because you have to send the session id with the request, so your website can identify the user. – skroczek Feb 28 '15 at 14:53
  • So is their a way I can do this? – Callum Overy Feb 28 '15 at 14:54
  • Sure you can, but it's highly insecure. See http://stackoverflow.com/questions/1244087/how-can-i-send-phpsessid-in-the-url for more information. – skroczek Feb 28 '15 at 14:58
  • Can you explain what problems I will have with this? – Callum Overy Feb 28 '15 at 14:59
  • The biggest problem is, that you open your website for session hijacking, Please ask google for more information about that ;). But this is a very complex problem, and the resolution depends strongly from what you are trying to do. – skroczek Feb 28 '15 at 15:08

0 Answers0