Custom Authentication

This forum is now closed as part of retiring phpBB2.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

This forum is now closed due to phpBB2.0 being retired.
2inspyr
Registered User
Posts: 5
Joined: Wed May 11, 2005 11:16 am

Post by 2inspyr » Fri Oct 27, 2006 7:13 pm

ok im working on the same sort of thing you are, and after readin this, i have an idea. You could infact have at the end of you code a hidden form. which works like this:


my sites login.php
-------------------------------
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['username'], $_POST['password'], isset($_POST['remember']));

/* Login successful */
if($retval){
$userName = $_POST['username'];
$passworD = $_POST['password'];
header("Location: phpbb_login.php?username=".$userName."&password=$passworD");
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
-------------------------------------------------------

phpbb_login.php (which i made this is the page which passes the info to phpbb's login.php)
--------------------------------------------
<html>
<head>
<title>phpbb Login</title>
</head>

<body onLoad="document.Login.submit()" >
<form method="post" name="Login" action="/path/to/you/phpbb/login.php">
<input type="hidden" name="username" value="<? echo $_GET['username']; ?>">
<input type="hidden" name='password' value ="<? echo $_GET['password']; ?>">
<input type="hidden" name="login" value="login">
</form>
</body>
</html>
---------------------------------------------------------------

now the only thing is, that it creates a security issue, as when it does to the "phpbb_login.php, your username and password are in full view, i am working on a way around this atm, im thinking about using a simple base64encode when the user logs in, to send the data across to the phpbb login page, where it will be decoded again, and then read by the phpbb login. Obviously there will be a bit of editing involved, but it shouldnt be to difficult.

so to sum it all up, you have this.

your login.php -> phpbb_login.php -> phpbb's login.php -> logged in on both your site and phpbb

so basically you have just created a middle man to pass the login info onto phpbb.




i have used this many times with E107 to submit posts to the forums that are entered in a form. I guess u could call it a "double post". basically when the user clicks submit, it runs through your login script first, once that done and they are logged in, you have that code in your script which will then take the needed info they entered and post it to the login script for phpbb, logging them into phpbb. What i would suggest is, you make another login for phpbb, i.e login2.php, then run through it and change the redirection back to your homepage. Then when they login, they will lgin to your site, then your phpbb installation, and then be directed back to your homepage. Thats the way i would do it. It works for me so far, i just need to make the redirection work, which i havent had time to do yet.

Regards
2inspyr

Post Reply

Return to “[2.0.x] MOD Writers Discussion”

cron