Uutiset:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu
Advertisement:

External Login

Aloittaja Coldfire202, elokuu 16, 2013, 07:34:25 IP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

Coldfire202

elokuu 16, 2013, 07:34:25 IP
So, I have a test/dummy website that is running on SMF, obviously. In my program I have a form that you have to insert the username and password from the site.

I have researched two ways to do this. One is through cURL and the other is through an API. Here are those links...

celticproductions(dot)net/articles/4/php/forum+login+using+curl.html
simplemachines(dot)org/community/index.php?topic=458832.0

But I'm having trouble writing the code in my application. It's winforms, if I am correct on that, and Visual C#.
When I say I have trouble writing code, I mean I don't know where to start with writing the code. I'm not quite sure what to do.

Arantor

#1
elokuu 16, 2013, 08:02:23 IP
I'm curious, why do you need to use a desktop application to call the server?

Doing what you're trying to do is difficult, especially since you haven't explained what you're doing with it afterwards... validating username/password is one thing, keeping the user logged in is something else entirely.
Holder of controversial views, all of which my own.

Coldfire202

#2
elokuu 16, 2013, 08:14:51 IP
Lainaus käyttäjältä: Arantor - elokuu 16, 2013, 08:02:23 IP
I'm curious, why do you need to use a desktop application to call the server?

Doing what you're trying to do is difficult, especially since you haven't explained what you're doing with it afterwards... validating username/password is one thing, keeping the user logged in is something else entirely.

It's for a program. It only verifies the person is an actual user or not, once it confirms they're a user. It goes to the main program.

Arantor

#3
elokuu 16, 2013, 08:18:43 IP
I'm curious... why do that? I'd also note that there's not really any good way to do what you want to do without risking a vulnerability in your forum.
Holder of controversial views, all of which my own.

Coldfire202

#4
elokuu 16, 2013, 08:21:07 IP
Lainaus käyttäjältä: Arantor - elokuu 16, 2013, 08:18:43 IP
I'm curious... why do that? I'd also note that there's not really any good way to do what you want to do without risking a vulnerability in your forum.
It's just for testing purposes. Me learning new things. I'm trying to learn new things and this one of them.
And if I do make a program with this, then I want to make sure I know how to do it.

Arantor

#5
elokuu 16, 2013, 08:26:44 IP
Interesting... I've never heard of anyone making an integration like this just to say they can do it.

There are some issues with it:
* having a script whose purpose is to validate a user is inherently a risk, because it's always going to be a brute-force vector; SMF manages this by flagging up failed logins as errors, so that you can see if account(s) are being targeted for abuse.
* the method you were almost certainly going to use is less secure than the one SMF uses for sending passwords; it encrypts the password before sending it, except that you will not be able to do that in a third party module.
* using it for anything beyond validation is simply going to fail due to a lack of cookie management.
* remembering a user's details is a security matter on the local machine; see all the debates around Chrome's 'vulnerability' with this in recent times.

I'm very wary of helping people with doing this stuff because it's hard enough to get right when you're doing it for an actual system. Doing it for the sake of doing it doesn't actually teach you everything.

That and the fact that you'll need to do a bunch of custom PHP programming to interface with your custom (probably C#) programming and believe me when I say it's hard to mix the paradigms especially if you're new to both at the same time.
Holder of controversial views, all of which my own.

Coldfire202

#6
elokuu 16, 2013, 08:44:55 IP
Lainaus käyttäjältä: Arantor - elokuu 16, 2013, 08:26:44 IP
Interesting... I've never heard of anyone making an integration like this just to say they can do it.

There are some issues with it:
* having a script whose purpose is to validate a user is inherently a risk, because it's always going to be a brute-force vector; SMF manages this by flagging up failed logins as errors, so that you can see if account(s) are being targeted for abuse.
* the method you were almost certainly going to use is less secure than the one SMF uses for sending passwords; it encrypts the password before sending it, except that you will not be able to do that in a third party module.
* using it for anything beyond validation is simply going to fail due to a lack of cookie management.
* remembering a user's details is a security matter on the local machine; see all the debates around Chrome's 'vulnerability' with this in recent times.

I'm very wary of helping people with doing this stuff because it's hard enough to get right when you're doing it for an actual system. Doing it for the sake of doing it doesn't actually teach you everything.

That and the fact that you'll need to do a bunch of custom PHP programming to interface with your custom (probably C#) programming and believe me when I say it's hard to mix the paradigms especially if you're new to both at the same time.

Okay thank you for the info! :)

Coldfire202

#7
elokuu 17, 2013, 02:34:36 AP
I still never got my answer though. How would I accomplish this?
Whats the code? etc.

Arantor

#8
elokuu 17, 2013, 09:31:34 AP
I'm sorry, I thought it was clear enough that I wasn't going to provide an answer because of the above.
Holder of controversial views, all of which my own.

Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: