News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SMF and JSP

Started by moufa, May 28, 2015, 08:32:39 AM

Previous topic - Next topic

moufa

I have a JSP webpage with an authentication module in wamp (MySQL), and tomcat with 20 fixed record
and i also have an SMF forum running on the wamp (APACHE, MYSQL) with the same 20 fixed records. So both usernames and passwords are the same

I want when somebody login through the JSP authetication module to have a link that would automatically give access to the SMF using the same username and password. How can i do that?

Thank you very much

Kindred

that is tough....  because the smf password is hashed and encrypted using a php sha1 routine...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

moufa

Quote from: Kindred

that is tough....  because the smf password is hashed and encrypted using a php sha1 routine...


That is not a trouble because the passwords on the authentication jsp module are in plain text. I can add another field in MySQL holding the same passwords in SHA1 and then i can do a comparison with the SHA1 hashed passwords of the SMF

Kindred

no offense, but that seems incredibly insecure
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

moufa

Quote from: Kindred on May 28, 2015, 09:04:36 AM
no offense, but that seems incredibly insecure


Yes i know that, but this is something that will run on a local network so there is no access from the outside. Could you please tell me how can i implement such functionality the way i described it? thanks again

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

moufa

i think i figured out how to do it. from the jsp page i will call a php. this php will do a mysql query, check the SMF hash with the other hash from the authentication module and it will return the username and password of the person logged in. Then it will create a cookie same as the one created by the SMF with the retrieved username and password and it will redirect the page to the SMF index page. The SMF should read the previously created cookie and it should login automatically.

hope this will work. I f you have any thoughts or inputs please share them

moufa

Quote from: Kindred on May 28, 2015, 09:57:45 AM
http://wiki.simplemachines.org/smf/SMF_API perhaps...


yes that did the trick!


i will post the code for anyone to get some help!

the changes i did were in the index.php file after the loadSession(); function


if ($_GET['user']!=NULL)  // fetching the username of the external system's user through url parameter
{

$rem_user = $_GET['user'];

$result = mysql_query ("SELECT id_member FROM smf_members WHERE member_name = '$rem_user'");  // a select mysql query will check if this username is already a forum member or not

if (mysql_num_rows($result)) // if there is already registered then do nothing
{}
else  // lets register this username
{

$result1 = mysql_query("SELECT password, email FROM authentication.users WHERE username = '$rem_user'");  // selection of password and email from the external system's database for this username

$row = mysql_fetch_assoc($result1);

$rem_pass = $row['password'];

$rem_email = $row['email'];

mysql_free_result($result1);

require_once($sourcedir . '/Subs-Members.php'); // importing the needed page

$options = array(
'username' => $rem_user,
'email' => $rem_email,
'password' => $rem_pass,
'password_check' => $rem_pass,
'auth_method' => 'password'
);

$id_member = registerMember($options);   // calling the registerMember function with the required parameters

updateMemberData($id_member, array('is_activated' => 1)); // updating the registered member to be instantly activated in order to avoid admin approval
}

mysql_free_result($result);

$result2 = mysql_query ("SELECT id_member, passwd, password_salt FROM smf_members WHERE member_name = '$rem_user'");  // selecting member id, password and salt from forum member to create the login cookie

$row = mysql_fetch_assoc($result2);
$memid = strval($row['id_member']);
$user_settings['passwd'] = $row['passwd'];
$user_settings['password_salt'] = $row['password_salt'];

mysql_free_result($result2);

require_once($sourcedir . '/Subs-Auth.php'); // importing the needed page

setLoginCookie(86400000, $memid, sha1($user_settings['passwd'] . $user_settings['password_salt']));   // set the login cookie with 1 day session in order the registered member or not to be automatically login to the forum

}


Advertisement: