search

3liz / lizmap-web-client

Transfer a QGIS project on a server, Lizmap is providing the web interface to browse it
https://www.lizmap.com
Mozilla Public License 2.0
254 stars 143 forks source link

Strange output for a php request of $_SESSION #4774

Open Antoviscomi opened 1 day ago

Antoviscomi commented 1 day ago

When I try to obtain informations on active LWC(PHP) session in my machine by

session_start(); echo '<pre>'; print_r($_SESSION); echo '</pre>';

I receive this response caused by a request that throws an error about an incomplete object in the PHP session:

`(
    [JX_LANG] => it_IT
    [JELIX_USER] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => cDaoRecord_lizmap_Jx_user_Jx_pgsql
            [__dao_profile:protected] => jauth
            [login] => admin
            [email] => admin@localhost.localdomain
            [password] => $2y$10$kHglBdPNhE8gwddEewV.YOXJZQJbT9YhzdR254rAqcCWFUMpIN2g2
            [firstname] => 
            [lastname] => 
            [organization] => 
            [phonenumber] => 
            [street] => 
            [postcode] => 
            [city] => 
            [country] => 
            [comment] => 
            [status] => 1
            [keyactivate] => 
            [request_date] => 
            [create_date] => 2023-07-18 09:51:11.441193
        )

    [JFORMS_SESSION] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => jFormsSession
        )

)`

then I'm not able to pass $_SESSION info to another php because of session crash. can someone tell me if is it a bug or a misconfiguration caused by me? And in both cases what can i do?

Versions, safeguards, check summary etc

Versions :

List of safeguards :
* Mode : normal * Allow parent folder : yes * Number of parent : 10 folder(s) * Prevent other drive : no * Prevent PG service : no * Prevent PG Auth DB : no * Force PG user&pass : no * Prevent ECW : no

Check Lizmap plugin

Operating system

Ubuntu 22.04

Browsers

Chrome

Browsers version

Versione 129.0.6668.58 (Build ufficiale) (a 64 bit)

Relevant log output

No response

nworr commented 11 hours ago

According to stack overflow, it's because the "cDaoRecord_lizmap_Jx_user_Jx_pgsql" (and jFormsSession) classes are unknown when session is deserialized (by print_r)

If you want to know the currrent user in session, you need to use jelix/lizmap objects ( jAuth::getUserSession()) or ensure the class used by object in session are defined.

Antoviscomi commented 3 hours ago

@nworr

If you want to know the currrent user in session, you need to use jelix/lizmap objects ( jAuth::getUserSession()) or ensure the class used by object in session are defined.

using jAuth::getUserSession() as follow:

try {
    // Prova a ottenere la sessione utente
    $user = jAuth::getUserSession();

    if ($user && !($user instanceof jAuthDummyUser)) {
        // Controlla che l'utente abbia le proprietà id e group
        $userId = isset($user->id) ? $user->id : 'N/A';
        $group = isset($user->group) ? $user->group : 'N/A';
        error_log("Debug: Utente connesso. ID: $userId, Gruppo: $group");

        // Verifica se l'utente è admin o registrato
        if (in_array($group, ['admins', 'users'])) {
            error_log("Debug: Utente autorizzato.");
            // Includi il form HTML o reindirizza alla pagina protetta
            // include '/var/www/webgism/lizmap/www/mapsm/myscript.php';
            exit;
        } else {
            error_log("Debug: Utente non autorizzato." . print_r($user, true));
        }
    } else {
        error_log("Debug: Utente non autenticato o autenticazione fallita.");
    }
} catch (Exception $e) {
    error_log("Debug: Errore durante il recupero della sessione utente: " . $e->getMessage());
}

my debug log come out as you can see after correct login in LWC

PHP message: Debug: Utente connesso. ID: , Gruppo: ', referer: http://xxx.xx.xx.xx/webgism/admin.php/auth/login?auth_url_return=%2Fwebgism%2Fmapsm%2Fmyscript.php