• Welcome to Simple Machines Community Forum. Please login or sign up.

Same username/password for all my forums. Possible?

Started by Srinib, July 06, 2012, 02:52:45 PM

Previous topic - Next topic

Srinib

I know it is weird to ask this. But i really need this.
I have three forums running on SMF 2.0.2. Is it possible for a member to use all the three forums with the same username and password, by just registering to any one of those three forums?

I know there is some OPENID for such things. But i don't think many of my members  will go for that.

If i am asking for too much, my apologies.

Kenny01

The 3 forums need to be on the same domain and same database for it to work.

Arantor

Actually that's not strictly true (they only need to be on the same domain if you want the *login* to be shared, i.e. logged into one logs you into all the rest, you can still use the same details even if they're on different domains, but you would have to log into each one separately)

There really is no easy way to do this, there are a lot of bits to it and you'd have to do everything just right to avoid making it insecure in the process, and there are not many people who know how to do it right. It's best avoided if possible.
No good deed goes unpunished
All helpful urges should be circumvented

Srinib

I have a doubt that i am trying for something which is not that easy. I really don't want to go into anything complicated; and confused the members in that process. Thanks a lot.

Kindred

actually, if you have all of the forums on the same server and database, I have seen the code which would enable you to have one forum set across multiple domains.

Pretty snazzy, actually....

a.com
b.com
c.com
all point to the same server and share the same forum, same users, etc... but display different boards and different themese based on the incoming domain (and can share boards between domains as well)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Armada

How about replicating the username/password table keeping them all the same for all three forums?
--- SMF Rocks even more than YabbSE---

Kindred

won't work... the hash on the passwords would be different
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

No good deed goes unpunished
All helpful urges should be circumvented

Armada

Is it a random salt on the hash or is it unsalted?
--- SMF Rocks even more than YabbSE---

Arantor

Interesting question, since the answer is neither. (Non random salt != unsalted)

The password hash in SMF is (like, I would add, several other forum systems), sha1(strtolower(username) . password)

You get all the benefits of salting the hash, it's a per-user salt so it neutralises rainbow tables, but you don't require any additional columns etc.

If you were to use the erroneously-named password_salt column, you actually don't really benefit much because you still have to prepare a brute attack per row should you get hold of the DB table.
No good deed goes unpunished
All helpful urges should be circumvented

nend

I built something a while back that was similar. I don't recall if I saved the code or not. Basically it was two sites on different domains, different databases but on the same server. I think I had some rules to check the email address, password and username to see if they where the same when a user logged into one. If they where the same I had the server generate a hidden 1px image on the screen from the other domain which set the other cookie. In the URL to the image contained the token which would expire after a minute.

I know the sites that I had this configured on, one of them is still up and running on SMF 1.1.x branch, the other one though is gone. I am thinking the files should still be there but have to look for them. I am digging in them now, it has been a long time since I touched the source of this site, maybe 2 years. Finding allot of useful old code I have done and forgot about.

Advertisement: