SSO login, cookies and it's not working for me

Started by oskar866, May 25, 2025, 01:32:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

oskar866

May 25, 2025, 01:32:49 PM
Hello,

I'm trying to work out how to sign member in automatically via the creation of the setLoginCookie, prior to the cookies being created there will be some code to make sure who is going to be auto signed in is really them.  The code I've tried to use (and failed) is:

Code Select
$ssi_guest_access = true;
if (!file_exists(dirname(__FILE__) . '/SSI.php'))
die('Cannot find SSI.php');

require_once(dirname(__FILE__) . '/SSI.php');
require_once($sourcedir . '/LogInOut.php');
require_once($sourcedir . '/Subs-Auth.php');


...


$request = $smcFunc['db_query']('', '
    SELECT id_member, passwd, password_salt
    FROM {db_prefix}members
    WHERE member_name = {string:username}
    LIMIT 1',
    array(
        'username' => $username,
    )
);

echo "username = " . $username . "<br>";

echo "number of rows = " . $smcFunc['db_num_rows']($request) . "<br>";

if ($smcFunc['db_num_rows']($request) === 0) {
    die('User not found in SMF.');
} else {
    list($id_member, $passwd, $salt) = $smcFunc['db_fetch_row']($request);
    $smcFunc['db_free_result']($request);

    echo "User found: ID = $id_member<br>";
}

echo "passwd = $passwd<br>";
echo "salt = $salt<br>";
echo "sha1 : " . sha1($passwd . $salt) . "<BR>";

setLoginCookie(120, $id_member, sha1($passwd . $salt));

// Redirect to forum


//redirectexit('index.php');
//redirectexit('action=forum');
redirectexit();

The $id_member was worked out in code above what I've just copied in this post.

My hope was that once the cookie was made created and the forum would be loaded and the user would automatically be logged in, what I getting is the login forum page :(

On this login page I can inspect the page and I can see the SMFCookie550 cookie with an expiry of 120 seconds after creation so it sounds like the cookies is being made but the auto login isn't working.  Any ideas what I'm getting wrong/not understanding?

Thanks

oskar866

#1
May 27, 2025, 02:23:44 PM
Perhaps I should make this post a little easier to answer by asking 'has ANYONE managed to sign someone into a SMF forum using a PHP script that reads the username and password from the forum database?'

I can't believe this hasn't been done before, I'm getting no where trying to work this out.

Thanks

Sesquipedalian

#2
May 28, 2025, 11:41:09 AM
You may need to adjust your cookie settings in the relevant SMF admin page. 

By default, SMF cookies only apply within the forum directory itself, and not on other pages of your website outside that directory. It sounds like you want the SMF cookies to be used on pages outside of the forum, so you will need to change those settings. 

However, there is no one-size-fits-all answer here; the configuration you need to get the behaviour you want will depend on the URL structure of your website.

The help text for the various cookie settings should give you some guidance. You may also want to review this page: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies
I promise you nothing.
Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

oskar866

#3
May 30, 2025, 07:24:41 AM
Quote from: Sesquipedalian on May 28, 2025, 11:41:09 AMBy default, SMF cookies only apply within the forum directory itself, and not on other pages of your website outside that directory. It sounds like you want the SMF cookies to be used on pages outside of the forum, so you will need to change those settings.

Thanks for the reply.  To answer one of your points, the php file is in the root of the forum, with SSI.php etc.  Once this test script is working then yes, I will hopefully be able to use it in a website but for the moment I'm trying to get the basics working - and failing. 
Print
Go Up Pages1
User actions
Advertisement: