What is the best way to log a user in programatically in ExpressionEngine

Question

I'm building an app that allows the app to hit an ACT url which then triggers a module method to create a new entry using the ExpressionEngine API. However, as there is no user logged in / loggin in, it is not allowed to submit an entry to a channel.

What is the best way to do this. Bypass the EE api and submit the entry manually, or log a user in progamatically..but then how would that work with sessions etc etc?

If the answer is to "log a user in" it would be great to see a code sample if possible.

Thanks!

Answer 1

As you mention, there are 2 ways to add a new entry:

1. manually add the database records
2. use the Channel Entries API (http://expressionengine.com/user_guide/development/api/api_channel_entries.html)

The main differences are that entries added using the API will:

• perform all the usual data validation (ie, fields that are marked as being required must not be empty)
• run any 3rd-party extensions that installed
• keep the site statistics up to date (eg, the number of posts by the author)

Adding the entry manually is reasonably easy for simple channels, but gets more complicated if you are using 3rd party fieldtypes that use additional tables.

To log a member in you should just need to:

// Get the member's id (the member must have permissions to post entries)
$member_id = 1;

// Create session
$this->EE->session->create_new_session($member_id);

use the channel entries api to add the entry, and then:

// Log user back out
$this->EE->session->destroy();

when you have finished.

Answer 2

You are going to want to take a look at the Auth.php class in ./system/libraries/Auth.php. This class is an abstraction of the authentication API's and allows you to do exactly what you want. The "loggin as user" feature uses these same methods, as well as the member module.

You can also take a look at the Authenticate module (which is free) so you get an idea of how others work with the Auth class.

https://objectivehtml.com/authenticate

Here is some pseudo code for you to use:

// Fetch the member from the DB using whatever logic you need
$this->EE->db->where('username', 'some-username');
$member = $this->EE->db->get('members');

$this->EE->load->library('auth');

// Load a new Auth_result object which logs in the member
$authed = new Auth_result($member->row());
$authed->start_session($cp_session = FALSE);

$member->free_result();

This code should work, but I didn't not have time to execute it, which is why it's considered pseudo code.

I should also add that I am not sure if this even the best way to solve your problem. I am simply answering the questions of "how to programmatically login a user without knowing their password and without submitting a login form."