Automatic Login from HTTP Authentication

hiennhan12 · September 16, 2018, 11:17:50 PM

I would like to implement an automatic login feature for our forums on a local intranet. The username would be taken from $_SERVER['REMOTE_USER'] and then logged in automatically using whatever password was in the database. If the username was not in the database, then it would be created with a random password.

I am using simple machines 1.1.11. I haven't seen anything like this, so I'm wondering if LogInOut.php is the place to make the modifications, or if I should use some of the integration hooks that I have seen people mention.

Any help is appreciated. Thanks.

vbgamer45 · September 16, 2018, 11:41:12 PM

This part would be some what odd "If the username was not in the database, then it would be created with a random password. " how would they ever get the password to the account without an email provided.

Kindred · September 17, 2018, 08:03:22 AM

Additionally, 1.1.x is at end of life. Very little, if any support is being given to it, it has not received several security updates and it will not work on modern versions of php.

So, if you are planning any development, you should be using 2.0.15 at least.
Additionally, passing username with automatic login as $_SERVER['REMOTE_USER'] is insecure to an extreme....

News:

Automatic Login from HTTP Authentication

hiennhan12

vbgamer45

Kindred