News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

SMF external login (set session)

Started by anonymous001, August 12, 2015, 06:11:00 AM

Previous topic - Next topic

anonymous001

Dear smf dev community;

I would like to use my existing registration page, user can check if he wants his account to be SMF registered too, if so I would add the account using the smf hook for registering an account (password for SMF is generated random and NOT shown to the user, I want to handle the login process in an automatic way):

http://wiki.simplemachines.org/smf/Integration_hooks#integrate_register

The following problem occurs, I dont understand how to handle the login process, so cookies/session is set right, and SMF detects the user as "logged" into. In my external app the user can login using some password and username he entered on registration process and then click a button ("Log me into SMF"). After this the username & password should be requested from database (username is stored in session) and I want to user to be logged into SMF. Any idea how to handle this? I don't understand which one of the hooks I would need for this task and if the session is set automaticly, after executing the correct hook.

Kindred

So, you are using it wrong...

If the system is using smf as the primary, and needs to trigger a secondary script, you would use hooks.
If the system is using an outside script as the primary and needs to trigger an smf check or function, then the API is the thing to use...

Then there is ssi, which just allows the use of predefined smf functions outside of the smf main environment.

Out of curiosity, though... Why would you generate a random password?  Why would that password not be shown to the user?
That seems like a terrible user experience, to me...

Also, why would the user have a different password for your main script and for smf?  That just seems illogical.   What I believe you should be doing is
A- register the user in your script
B- use the API to pass the user details to smf and create a new smf account using the username and password established during step a.
C- when the user logs in to the main site/script, use the API to pass the login details and confirm the session.
D-If the user logs into the forum directly, pass the login back to the main script (this would be a use of hooks)


Now, as a potential issue, depending on how your script deals with sessions, you may actually get conflicting sessions...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

anonymous001

Okay, I will explain what I want to develope.
I've got my application where a user can register, entering an username, a password and an email adress.
Now the user can log himself into a dashboard where he can do some stuff and enter the forum. I only want to get user which are registered through my application to be able to access the forum.
What did I need SMF (functions) to do?
-Register an user account in the SMF table
-Processing the login process automatic (I don't want the user to log into SMF manually, he should enter my dashboard and then click "Enter board" and he should be redirected (to SMF) and logged into his SMF account)

Where to find the api details and which api details did I need for this task?

All the best;

Kindred

the API is available and described in the wiki, in the pages just "above" the hooks pages that you referenced above.

However, your description does beg the question...

why do users have to register with your system? Does your system do anything in particular? Is it hardened and does it hash/encrypt the passwords?

If not, then I recommend shifting your focus...
Use SMF to handle your site registration as well -- you can even use SMF permissions and membergroups to control access to your site features outside of SMF by using SSI (which is also described in the wiki)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

anonymous001

heyho;

Sorry, no way, I need to handle registrations as I explained in post #2.
All checks for example if username already exists are handled by my system.
Could you please tell me the two functions I have to use from the API to:
-register an user
-log into user account & set cookies

Kindred

well, actually, you did not explain anything... you merely declared that you needed to do it this way with no actual explanation.

Personally, I have yet to find any  "custom site script" that has anything close to the security of SMF... and, as I already said, you can use the smf permissions system and membergroups to easily control access to things across the site, with SSI.     but it's your site.

As for the  functions... I am not sure. I don't use the API. I know what it does...   but that's about it.
Have you actually READ the WIKI articles on the API (and the RESTful API)? I believe that several things like this are explained in there.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

anonymous001

Yes I read about the two versions of API scripts. Did they work with the current stable version of SMF?
What I don't understand is the difference between the API and the SSI.php.
Which one should I use the develope the functions I explained above?

All the best;

Kindred

Quote from: Kindred on August 12, 2015, 07:55:06 AM
If the system is using smf as the primary, and needs to trigger a secondary script, you would use hooks.
If the system is using an outside script as the primary and needs to trigger an smf check or function, then the API is the thing to use...

Then there is ssi, which just allows the use of predefined smf functions outside of the smf main environment.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

anonymous001

What would you suggest to use?
I tend to use the the REST API.
-Any feedback about the API? Did it support the actual stable version of SMF?

All the best;

Kindred

yes, the APIs both work just fine on 2.0.x

as for which one to use...  well, if your site needs the RESTful design, then use that... otherwise, use the other. :)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

anonymous001

Okay, changing the Login formular and the logout button / making them do not appear in the menue is easy.
Is there any global routing array? Maybe I can so change all requests to login/logout to my scripts, without reading the hook manual.
-I will keep you up to date about the option to disable changing e-mail and password in settings! ;)

Kindred

oops... you posted to the wrong topic.   :)  When you open a new topic on a separate discussion matter, please continue to use the new topic instead of jumping back. :D
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: