Integrating user verification with third-party app (not a website)

[NateW]

I'm one of the developers of  the open-source game UFO: Alien Invasion. We're interested in adding a function to the game which would allow users to upload saved files to a central repository. We'd like to integrate this with our SMF forum user accounts, by having the user enter a username and password in the game, then sending those details to a PHP script on the server, and then performing some action on the server depending on whether or not those details were valid.

As far as I can tell, it looks like the SSI file was designed to handle easy integration with third-party websites, but this relies on the availability of cookies and otherwise expects to be used from within a website. Is that correct?

If I am correct, I need to use the integration hooks. But it's not clear to me whether I am meant to use integrate_validate_login or integrate_verify_user.

Would someone with more knowledge of SMF's platform kindly point me in the right direction? Are the integration hooks the right approach? If so, which ones?

Many thanks.

[Arantor]

Yup, the entire setup is based around cookies - like everything else on the web, since there's no concept of conventional stateful connections in HTTP (the entire cookie/session setup is a workaround)

The integration hooks that you're referring to are really designed for offloading the entire authentication setup to a third party system but even then it's still around cookies (essentially the integration hooks just pass the cookies or anything else in the same request to third party code and expect to receive user ids back)

Seems to me that you don't really want that, because it sounds like you're trying to use the forum authentication for file storage (and perhaps attachments or similar to actually store the files)... which means not diverting the authentication to a third party.

Really it sounds like you probably want to use the API rather than SSI or hooks, which would allow you to validate the details... but ultimately it depends on how much of the other stuff is tied to the forum - if you're using the forum for attachments/file storage or not, for example.

[NateW]

Thanks Arantor, I will look into the API. To be clear, we don't need to maintain status in any way (ie - for them to stay "logged in" while playing the game). We merely need to be able to authenticate the login details so that we can associate the file they upload with a user account on the forums. Ideally, in the future, we'd allow them to register as well. But first things first...

Thanks for the quick reply.