One time login link using generated random hash instead of password

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
aleksanderd
Registered User
Posts: 3
Joined: Fri Aug 17, 2018 4:29 pm

One time login link using generated random hash instead of password

Post by aleksanderd »

Hi!

My global goal is to setup phpbb to use outside auth data(from main site db, using Yii2 project on same server).
I wrote the shell command for user update and calling it at user update events at main site, its seems to work ok.

Now I need to redirect main site's users to forum and not to ask user/password again since they already logged at main site.
I plans to write some action at main site which will redirect logged users to phpbb using a one time login link.

So I need two hacks for phpbb:
1) shell command which will generate the login link (random hash written to some table for later checking).
2) some entry point in phpbb accepting the hash and calling complete login procedure, etc.

1st step is not too hard: I can create mysql table manually and write a shell command.

but what about 2nd step? What the best way to do it?

Thank you!
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: One time login link using generated random hash instead of password

Post by stevemaury »

Why not just use LDAP, which phpBB supports natively? Also supports OAuth and Apache.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
aleksanderd
Registered User
Posts: 3
Joined: Fri Aug 17, 2018 4:29 pm

Re: One time login link using generated random hash instead of password

Post by aleksanderd »

thank you, but we have custom mysql table with users, I dont know LDAP, etc )

anyway, how LDAP or OAuth helps to generate one time no-password login link?

more clean question is: how to learn phpbb to login by some token instead of user/pass.
the token is generated by me, so I need a right place to put token validating code.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: One time login link using generated random hash instead of password

Post by stevemaury »

LDAP allows you to do this:
My global goal is to setup phpbb to use outside auth data(from main site db
It would be easier to learn a commonly used protocol than to reinvent the wheel.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
aleksanderd
Registered User
Posts: 3
Joined: Fri Aug 17, 2018 4:29 pm

Re: One time login link using generated random hash instead of password

Post by aleksanderd »

ok, thnx for advice, will try to learn later.

but what about main question? what the best place to inject some token validation code to login without user/pass?
Post Reply

Return to “[3.2.x] Support Forum”