How to integrate an alternative authentication mechanism?

[XxMikexX]

Hi all,

I am authenticating the visitors to my SMF 2.0 RC4 outside the application.

The only thing which I needed to do now is to set the user as logged in within the board.
What is the easiest way to produce the necessary cookie?

Thanks for any help!

[Arantor]

It would really help if you provided more details about how you're generating this cookie, its contents and so on.

[XxMikexX]

That is actually what I am asking you.

The only thing that my authentication system will return me is the USERID used within SMF.
I then need to login the user - in the best case just create the necessary cookie that identifies him.

[SlammedDime]

setlogincookie() - No better example than to look at the code of how SMF itself does it.

[XxMikexX]

If someone ever needs to integrate a alternative authentication/registration mechanism, this is my solution:

(hint, this application is used on a dedicated internal network and therefore does not need to be secure...)

Code Select Expand


define('SMF', 1);
require_once(dirname(__FILE__) . '/Settings.php');
require_once($sourcedir . '/QueryString.php');
require_once($sourcedir . '/Subs.php');
require_once($sourcedir . '/Errors.php');
require_once($sourcedir . '/Load.php');
require_once($sourcedir . '/Security.php');
require_once($sourcedir . '/Subs-Auth.php');

// get the username - apache variable (for some seconds...)
$employee = trim($_SERVER['REMOTE_USER']);

// Connect to the database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('<h3>WebSSO did not work. Error connecting to mysqldb</h3>');
mysql_select_db($dbname);

// EVIL EVIL EVIL - SQL Injection possible... but who will use $_SERVER['REMOTE_USER'] for SQL Injection :)
$employee_uid = trim(current(mysql_fetch_assoc(mysql_query("SELECT id_member FROM smf_members WHERE member_name='$employee'"))));

// User is not registered - do it now
if(!$employee_uid) {
// Initiate smcfunctions
$smcFunc = array();
loadDatabase();
reloadSettings();
$scripturl = curPageURL();

// set registration values
$_POST['regSubmit'] = 1;
$_POST['user'] = $employee;
$_POST['email'] = $employee;
// create the semi-secure-no-chance-to-ever-guess individual password
$_POST['password'] = substr(md5(INSERTSOMEFUNNYPASSWORDCREATIONHERE,10);
$_POST['emailPassword'] = 'doit';

$regOptions = array(
'interface' => 'admin',
'username' => $_POST['user'],
'email' => $_POST['email'],
'password' => $_POST['password'],
'password_check' => $_POST['password'],
'check_reserved_name' => false,
'check_password_strength' => false,
'check_email_ban' => false,
'send_welcome_email' => 1,
'require' => 'nothing',
'memberGroup' => 0,
);

# Modified registration code from Subs-Members.php
#######################################

global $scripturl, $txt, $modSettings, $context, $sourcedir;
global $user_info, $options, $settings, $smcFunc;

// We'll need some external functions.
require_once($sourcedir . '/Subs-Post.php');

// Put any errors in here.
$reg_errors = array();

// What method of authorizaton are we going to use?
$regOptions['auth_method'] = 'password';

$reservedVars = array(
'actual_theme_url',
'actual_images_url',
'base_theme_dir',
'base_theme_url',
'default_images_url',
'default_theme_dir',
'default_theme_url',
'default_template',
'images_url',
'number_recent_posts',
'smiley_sets_default',
'theme_dir',
'theme_id',
'theme_layers',
'theme_templates',
'theme_url',
);

// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array(
'member_name' => $regOptions['username'],
'email_address' => $regOptions['email'],
'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']),
'password_salt' => substr(md5(mt_rand()), 0, 4) ,
'posts' => 0,
'date_registered' => time(),
'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'],
'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'],
'validation_code' => '',
'real_name' => $regOptions['username'],
'personal_text' => $modSettings['default_personal_text'],
'pm_email_notify' => 1,
'id_theme' => 0,
'id_post_group' => 4,
'lngfile' => '',
'buddy_list' => '',
'pm_ignore_list' => '',
'message_labels' => '',
'website_title' => '',
'website_url' => '',
'location' => '',
'icq' => '',
'aim' => '',
'yim' => '',
'msn' => '',
'time_format' => '',
'signature' => '',
'avatar' => '',
'usertitle' => '',
'secret_question' => '',
'secret_answer' => '',
'additional_groups' => '',
'ignore_boards' => '',
'smiley_set' => '',
'openid_uri' => '',
);

$regOptions['register_vars']['is_activated'] = 1;

// Right, now let's prepare for insertion.
$knownInts = array(
'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad',
'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types',
'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
);
$knownFloats = array(
'time_offset',
);

$column_names = array();
$values = array();
foreach ($regOptions['register_vars'] as $var => $val)
{
$type = 'string';
if (in_array($var, $knownInts))
$type = 'int';
elseif (in_array($var, $knownFloats))
$type = 'float';
elseif ($var == 'birthdate')
$type = 'date';

$column_names[$var] = $type;
$values[$var] = $val;
}

// Register them into the database.
$smcFunc['db_insert']('',
'{db_prefix}members',
$column_names,
$values,
array('id_member')
);
$memberID = $smcFunc['db_insert_id']('{db_prefix}members', 'id_member');

// Update the number of members and latest member's info - and pass the name, but remove the 's.
if ($regOptions['register_vars']['is_activated'] == 1)
updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
else
updateStats('member');

// If it's enabled, increase the registrations for today.
trackStats(array('registers' => '+'));

// Can post straight away - welcome them to your fantastic community...
if ($regOptions['require'] == 'nothing')
{
if (!empty($regOptions['send_welcome_email']))
{
$replacements = array(
'REALNAME' => $regOptions['register_vars']['real_name'],
'USERNAME' => $regOptions['username'],
'PASSWORD' => $regOptions['password'],
'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
'OPENID' => '',
'SCRIPTURL' => $scripturl,
);
$emaildata = loadEmailTemplate('register_immediate', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, true, 0);
}
}

// Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
$_SESSION['just_registered'] = 1;

#######################################
# End of Subs_Members.php code

// User is now registered so get his uid
$employee_uid = trim(current(mysql_fetch_assoc(mysql_query("SELECT id_member FROM smf_members WHERE member_name='$employee'"))));
}

// Get the user's password and salt
$employee_pw = trim(current(mysql_fetch_assoc(mysql_query("SELECT passwd FROM smf_members WHERE member_name='$employee'"))));
$employee_salt = trim(current(mysql_fetch_assoc(mysql_query("SELECT password_salt FROM smf_members WHERE member_name='$employee'"))));

// Close it
mysql_close($conn);

// Log the user in for the next month
setLoginCookie(60 * 24 * 30, $employee_uid, sha1($employee_pw.$employee_salt));


[Masterd]

Did you solved this? I'm marking it as solved.