Integrating login site to smf forum

generadordecash · August 21, 2013, 05:46:55 PM

I have coded a website with a panel login. I want that all users who log in on hxxp:site.com/login [nonactive] of my website, they'll be automatically logged also on hxxp:site.com/forum [nonactive]. Is it possible?

Arantor · August 21, 2013, 05:49:36 PM

It is, but unless your panel is as secure as SMF's password system, no-one here is going to help you do it because that would damage SMF's security.

How does your panel work? Does it protect against session fixation? What protections against brute forcing?

generadordecash · August 21, 2013, 07:29:07 PM

Quote from: Arantor on August 21, 2013, 05:49:36 PM
It is, but unless your panel is as secure as SMF's password system, no-one here is going to help you do it because that would damage SMF's security.

How does your panel work? Does it protect against session fixation? What protections against brute forcing?

The users must insert their username and password. I crypt the password in md5 ($crypted_password = md5($_POST['password'])). If the user has entered the correct combination, the script will create a session ($_SESSION['logged'] = array('username' => $username, email => $email)). No protections against brute forcing.

Arantor · August 21, 2013, 07:33:09 PM

Yeah, that's chronically insecure.

You could always just export SMF's own system to your site and inherit all SMF's hardening straight off, as well as getting single sign on as a bonus.

More details: How to use the SMF user system outside of SMF

News:

Integrating login site to smf forum

generadordecash

Arantor

generadordecash

Arantor