Simple script for login

Started by meelash, December 24, 2009, 07:44:13 AM

Previous topic - Next topic

meelash

I spent about a whole day reading about integration hooks and ssi.php, etc. yesterday just to do a simple thing. And nowhere could I find a simple step by step of what to put where, what everything did, and how it worked. Anyway, I figured I'd post my solution for others, maybe it could be put in Tips and Tricks.

Background:
I am loading SMF within an iFrame on my site when a user clicks a button on the site. The users are all automatically registered to both SMF and my site when they register with me.

The iframe is given the URL of forumLogin.php?userName=username&password=password which contains the following script:
<?php

include_once('forums/SSI.php');

$userName=$_GET["userName"];
$password=$_GET["hashedPassword"];

global $scripturl$txt$user_info$context;

echo '
<form id="login" name="login" action="'
$scripturl'?action=login2" method="post" accept-charset="'$context['character_set'], '">
<input type="hidden" id="user" name="user" value='
$userName' />
<input type="hidden" name="passwrd" id="passwrd"  value='
$password' />
<input type="hidden" name="cookielength" value="-1" />
</form>'
;

echo '
<script type = "text/javascript">
            document.login.submit();
        </script>
'
;

?>



Note that password is already salted and hashed since I set it up that my site salts and hashes the password and saves it and sends the hashed password to SMF as the password. Then I don't have to worry about whatever SMF does with it, and also I can set my own limitations on characters, etc. in the password and ignore SMF's limitations, since the hash of it will always look the same.

Arantor

Interesting, very interesting. So you're sending the hashed password to SMF which will rehash it?

Note you would have been a lot better just grabbing the SMF API and using the functions there to register users, authenticate then and set the cookie for them.

meelash

Quote from: The Grinch on December 24, 2009, 08:10:41 AM
Interesting, very interesting. So you're sending the hashed password to SMF which will rehash it?

Note you would have been a lot better just grabbing the SMF API and using the functions there to register users, authenticate then and set the cookie for them.

Yup, r.e. the password.

I do use the SMF API during registration, just sending it the user name, email, and hashed password twice (my site already does checks like that the two passwords entered are the same, etc.).

I could just set the cookie and redirect, but I don't know, I felt like for this simple task this way might be less confusing for newbies. And I couldn't find simple instructions on what cookie variable means what, but that could just be my lack of search skills. Part of it might be how many times similar questions have been asked on the forum, so when you do a search you get a million results to wade through. (Wait, did I just contribute to that problem....oops 8))

Arantor

Well, pushing it into an iframe is one solution. ssi_login might have been another.

End of the day it comes back to being specific to what you're trying to do; I'd normally be inclined to let SMF do the work and inherit the permissions/user system that way.

Lugial

This sounds nice, may I have the link to yuor site so that I can see exactly how it works?

http://epicvideogamers.com ~ I'm not some arrogant, selfish douche bag, if you need any kind of support, just pm me.

meelash

Quote from: beasley23803 on December 24, 2009, 06:30:48 PM
This sounds nice, may I have the link to yuor site so that I can see exactly how it works?

hmmm... that's a bit difficult, because you have to register and log into the site, then you can click on a button that brings up the embedded iframe page with that code on it, which automatically logs in.

the iframe url is like: hxxp:www.domain.com/page_name.php?username= [nonactive]aUserName&password=aHashedPassword

Advertisement: