Skip to content

Instantly share code, notes, and snippets.

@frzsombor

frzsombor/gist:ddd0e11f93885060ef35

Last active July 4, 2024 12:56
Show Gist options
  • Save frzsombor/ddd0e11f93885060ef35 to your computer and use it in GitHub Desktop.
Save frzsombor/ddd0e11f93885060ef35 to your computer and use it in GitHub Desktop.
Download ZIP
Share Laravel's session and check authentication from external projects
Raw
gistfile1.php
<?php
/*
|--------------------------------------------------------------------------
| Sharing Laravel's session and checking authentication
|--------------------------------------------------------------------------
|
| Use the following code in any CMS (WordPress, Joomla, etc), filemanager (CKFinder,
| KCFinder, simogeos's Filemanager, etc), or any other non-Laravel project to boot into
| the Laravel framework, with session support, and check if the user is authenticated.
|
| The following code is tested with Laravel 4.2.11
| It may not work with Laravel 5
|
| Last update: 2015-01-09
|
*/
require '/path/to/laravel/bootstrap/autoload.php';
$app = require_once '/path/to/laravel/bootstrap/start.php';
$request = $app['request'];
$client = (new \Stack\Builder)
->push('Illuminate\Cookie\Guard', $app['encrypter'])
->push('Illuminate\Cookie\Queue', $app['cookie'])
->push('Illuminate\Session\Middleware', $app['session'], null);
$stack = $client->resolve($app);
$stack->handle($request);
$isAuthorized = Auth::check();
@yura20066
Copy link

yura20066 commented Jan 21, 2021
edited
Loading

Laravel 7
Hello, help me please.
I added CKFinder to the admin panel in the articles section, and I want to make access only for the logged-in administrator when I remove exit (); function everything works there is a loading of images adding folders, but exit (); gives an error (Invalid request), but without exit (); I understand that it is not safe.:((
Thank you in advance for your help!

$config['authentication'] = function () {
    require $_SERVER['DOCUMENT_ROOT'] . '/vendor/autoload.php';
    $app = require_once  $_SERVER['DOCUMENT_ROOT']. '/bootstrap/app.php';
    $response = $app->make('Illuminate\Contracts\Http\Kernel')->handle(Illuminate\Http\Request::capture());
    $cookie = $_COOKIE[$app['config']['session']['cookie']] ?? false;
    if ($cookie) {
        $id = $app['encrypter']->decrypt($cookie, false);
        $session = $app['session']->driver();
        $session->setId($id);
        $session->start();
    }
    if (!$app['auth']->check() || !$app['auth']->user()->is_admin){
        header('HTTP/1.0 403 Forbidden'); exit();
    }
    return true;
};

@chithract
Copy link

The solution above for 5.2 should still work. In 5.5+ you just need to change bootstrap/autoload.php to vendor/autoload.php.

<?php

require '/path/to/laravel/vendor/autoload.php';
$app = require_once '/path/to/laravel/bootstrap/app.php';

$app->make('Illuminate\Contracts\Http\Kernel')
    ->handle(Illuminate\Http\Request::capture());

// An instance of the Laravel app should be now at your fingertip ;-)

...

$isAuthorized = Auth::check();

How can we achieve this if both applications are on different servers?

@jshrek
Copy link

jshrek commented Dec 7, 2023
edited
Loading

Laravel 5.5

require __DIR__.'/../../../vendor/autoload.php';
$app = require __DIR__.'/../../../bootstrap/app.php';

$app->make('Illuminate\Contracts\Http\Kernel')
    ->handle(Illuminate\Http\Request::capture());

$value = Session::get("any key");

Use Session::all() to see what keys are available:

    $value = Session::all();
    echo "<pre>";
    print_r($value);
    echo "<pre>";

But in 5.5 I am still getting empty array for Session and for Auth ... so not pulling the session over for some reason :(

@WimDeMeester
Copy link

Anyone an idea for a laravel 11 project?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment