Drupal7 programmatically log user in with username only

Question

I'd like to log in by passing a url like "http://example.com?name=admin" (which I will encryption after) If a user is exsist, login directly, if not, direct to /user page

I look up some solutions, but almost all of them need to provide password to authentication.

There is an api : user_login_finalize() but have no idea how to use it

Can anyone help me out how to achieve this?

Thanks a lot!

$name = urldecode($_GET["name"]);

$sso = user_load_by_name($name);
if(!$sso){
// User doesn't exist
echo 'Welcome, visitor!';
} 
else {
// User exists
echo 'Welcome!'.$name;
}

Answer 1

Its as simple as:

global $user; $user = $sso; user_login_finalize($user->uid);

in your else block.

However, its better to rethink about security issues of such a scenario...

Answer 2

I use this

define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

$sso = urldecode($_GET["name"]);
$user = user_load_by_name($sso);

if(!$user){
    drupal_goto('user/login');
} 
else {
    $user_id = $user->uid;
    user_login_finalize($user_id);
    drupal_goto('<front>');
}

Answer 3

Usually it goes like this:

$uid = user_authenticate($username, $password);
$account = array('uid' => $uid);
user_login_submit(array(), $account); 

But in your case, since you don't have password, should be (I didn't try it) like:

$user = user_load_by_name($usernamename);
$account = array('uid' => $user->uid);
user_login_submit(array(), $account); 

Also check these pages:

https://www.drupal.org/project/login_activity/issues/2066899

https://api.drupal.org/api/drupal/modules%21user%21user.module/function/user_load_by_name/7.x

And be careful not to make security hole to your site.