Get SMF Credentials from Another Site on Same Server?

[ForumGuy789]

I think what I want to do is likely very basic integration. From another website on the same server as SMF I want to access a users session variables or cookie info for their username and password hash. With this I log them into the other site automatically and any DB queries are done by me in my own php code.

Any links that can provide an extremely simple example for how to do this? If not, any chance i can get a simple explanation on how to do it?

I'm newish to php but not new to programming and I just refreshed myself on php. I already have a login system on the non-SMF site where they type their SMF username/pass and it lets them in but would like to make it more automatic if possible. Users are sent from the SMF site to the other site so there are a few different ways I could handle it probably (encrypted headers, etc)

So all i need are the username and password hash.

I don't even know.. is it possible to access a person's php session of one site on another site if it's on the same server?

[Acans]

You could use SSI, and in the header make it on login to redirect to that page instead of going back to the forum.

http://wiki.simplemachines.org/smf/Category:SSI

[Kindred]

That will work across subdomains, but not full domains.

[ForumGuy789]

I'll check out SSI I guess. The forum is a subdomain so maybe it's what I'm looking for. 

1 - So sessions don't work across different websites on the same server? Even if they have the same base site name?
forum.mysite.com  and mysite.com?

2 - And it's probably bad form to pass the hashed password in a query string to the main site from the forum right?

[margarett]

1 - That's a subdomain so it should work
2 - Probably not. That's just handled server-side, so I see no issue...

[Kindred]

Why do you need to pass the password?

If you are trying to do that, then you should not be using SSI, you should be either using the SMF Hooks in the code or using the API

[ForumGuy789]

Why do you need to pass the password?

If you are trying to do that, then you should not be using SSI, you should be either using the SMF Hooks in the code or using the API

I need the password so i can log them into the main website using the same username/pass as SMF.

Right now i have it so they can log in to the main site using a form on the main site.. but I'd like to make it more seamless when they click a link from the forums to the mainsite. Not sure if i'm being unclear. I want them to be auto-logged in into the main site if they click this forum link.

I already have a version of this link on the forum that will add the user's name and hashed password to the query string in the link to the main website. Then i use this info and my own php code to log them into the main website using their SMF account info. It's one way to make it automatic.. but I'm not sure I want to use that method since the hashed password can be seen so easily. Yes, ideally only the user will see it but still.. not sure if it's bad form to do that or not.

[Arantor]

Using anything other than the cookie for general reauthentication is bad form. Putting it in the query string is EASY to sniff unless it's over HTTPS. Any packet sniffer will be able to observe it trivially.

Right now I don't see what the problem with SSI is, actually. It will quite happily work across subdomains and I've certainly used it for single-sign-on inside a domain. I just made sure to always be extending SSI so all authentication went back to the forum to log in and then return me to whatever page I was on before I logged in (no biggie to do, it's the call to ssi_login())

[ForumGuy789]

Ok thanks for the help guys