I know it is weird to ask this. But i really need this.
I have three forums running on SMF 2.0.2. Is it possible for a member to use all the three forums with the same username and password, by just registering to any one of those three forums?
I know there is some OPENID for such things. But i don't think many of my members will go for that.
If i am asking for too much, my apologies.
The 3 forums need to be on the same domain and same database for it to work.
Actually that's not strictly true (they only need to be on the same domain if you want the *login* to be shared, i.e. logged into one logs you into all the rest, you can still use the same details even if they're on different domains, but you would have to log into each one separately)
There really is no easy way to do this, there are a lot of bits to it and you'd have to do everything just right to avoid making it insecure in the process, and there are not many people who know how to do it right. It's best avoided if possible.
I have a doubt that i am trying for something which is not that easy. I really don't want to go into anything complicated; and confused the members in that process. Thanks a lot.
actually, if you have all of the forums on the same server and database, I have seen the code which would enable you to have one forum set across multiple domains.
Pretty snazzy, actually....
all point to the same server and share the same forum, same users, etc... but display different boards and different themese based on the incoming domain (and can share boards between domains as well)
How about replicating the username/password table keeping them all the same for all three forums?
won't work... the hash on the passwords would be different
Um, why would they be different?
Is it a random salt on the hash or is it unsalted?
Interesting question, since the answer is neither. (Non random salt != unsalted)
The password hash in SMF is (like, I would add, several other forum systems), sha1(strtolower(username) . password)
You get all the benefits of salting the hash, it's a per-user salt so it neutralises rainbow tables, but you don't require any additional columns etc.
If you were to use the erroneously-named password_salt column, you actually don't really benefit much because you still have to prepare a brute attack per row should you get hold of the DB table.
I built something a while back that was similar. I don't recall if I saved the code or not. Basically it was two sites on different domains, different databases but on the same server. I think I had some rules to check the email address, password and username to see if they where the same when a user logged into one. If they where the same I had the server generate a hidden 1px image on the screen from the other domain which set the other cookie. In the URL to the image contained the token which would expire after a minute.
I know the sites that I had this configured on, one of them is still up and running on SMF 1.1.x branch, the other one though is gone. I am thinking the files should still be there but have to look for them. I am digging in them now, it has been a long time since I touched the source of this site, maybe 2 years. Finding allot of useful old code I have done and forgot about.