Home/ Questions/Q 926713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T19:43:45+00:00

I’m writing a custom php code in my Drupal website. I need to load

  • 0

I’m writing a custom php code in my Drupal website. I need to load the content of specific pages from PHP.

These pages are visible only for authenticated users, and it seems I cannot access them from php, even if I trigger the script when I’m logged in as user.

Is there a way to simulate “a logged in” user from php, so I have access to all the content of the website ?

update:

global $user;
if (user_access('access content')) {

require_once("dompdf/dompdf_config.inc.php");

$html = file_get_contents('http://mywebsite.com/admin/store/orders/45/invoice/print');


$dompdf = new DOMPDF();
$dompdf->load_html($html);

//$dompdf->load_html_file('invoices/' . $file);
$dompdf->render();
$dompdf->stream("sample.pdf");
}

I’ve tried with relative path and it is the same…

And this is with impersonating the admin user

//access as administrator
global $user;
$original_user = $user;
session_save_session(FALSE); 
$user = user_load(array('uid' => 1));

//generate pdf
require_once("dompdf/dompdf_config.inc.php");
$html = file_get_contents('http://mywebsite/admin/store/orders/45/invoice/print');
$dompdf = new DOMPDF();
$dompdf->load_html($html);
//$dompdf->load_html_file('invoices/' . $file);
$dompdf->render();
$dompdf->stream("sample.pdf");

//logout as administrator
$user = $original_user;
session_save_session(TRUE);

Still I get access denied as resulting page (and generated pdf).
thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    These pages are visible only for authenticated users, and it seems I cannot access them from php, even if I trigger the script when I’m logged in as user.

    Drupal checks if the user has permission to view a node using the global variable $user. To do what you are trying to do, if you cannot trust that the currently logged in user have the permission to view the node you are interested in, you should read Safely Impersonating Another User.

    I am not saying that you should be doing that. Before to impersonate another user, I would verify if the followed approach is the only possible one.
    For example, if you just need to access a field contained in a node, then you can use node_load(), which doesn’t verify if the current user can view the loaded node.
    If you need to show the body of a node, you can use the following code:

    $node = node_load($nid);
if ($node) {
  $body = check_markup($node->body, $node->format, FALSE);
}

    Showing information for which the current user doesn’t have access is considered a security issue, though.

    Update

    The issue with your code is that you are using file_get_contents('http://mywebsite/admin/store/orders/45/invoice/print'); doing so, you are opening a new connection to the site, and the new connection is opened as anonymous user. That is the reason the node that authenticated users are able to see is not returned.
    Even if the code would work, what you get is not the HTML to render the node only, but also the full page, including the blocks Drupal normally show on the top, and to the left/right sides.

    If you are interested in rendering a node, then you should use the following code. (It’s just a skeleton, and it’s not complete.)

    // $nid is the node ID.
// Check the result, in the case the node has been deleted, or there are other errors.
$node = node_load($nid);
if ($node) {
  // The arguments tell the function that you don't want to render a teaser, that the node is
  // rendered as it is the only node in the page, and that you don't want the additional
  // links that are usually rendered after the node content.
  $html = node_view($node, FALSE, TRUE, FALSE);

  // This is your code.
  $dompdf = new DOMPDF();
  $dompdf->load_html($html);
  $dompdf->render();
  $dompdf->stream("sample.pdf");
}
    • 0