Can there be an automatic login to the board from the website?

ArieKant · January 03, 2025, 08:33:21 AM

Hello,

I have a website with it's own login function and I really want that when people registered for my website, they directly are registered for the SMF forum which is included on my website.

Is there maybe a MOD for or another workaround?

I can fill in the fields in the SMF tables when they registered om the website but I don't know if this will give somewhere problems because they didn't registered through the SNF register form.

Kind regards,

Arie

Kindred · January 03, 2025, 09:44:56 AM

unless you know exactly what you are doing, you should never write directly to the SMF database.

There are a number if SMF functions that you can/should call to do the proper actions...
The normal process would be to go the other way -- use the SMF login (even on outside pages, by using SSI) and then pass THAT info to your scripts.

Most of the bridges that did the way you indicate are no longer supported (because the scirpts on both sides have changed significantly over the years and the REST API has not been updated in some time.

It *CAN* be done, but that's more in the cutom scripting area than support (and thus I am moving this question to the custom script discussion area)

Arantor · January 03, 2025, 10:06:02 AM

Much more information about the current login is needed.

ArieKant · January 03, 2025, 10:17:47 AM

Tnx for the update!

I understand it could be tricky to write directly to the database, that's why I am trying it very carefully ....

Anyway, I get it done to write to the smf_members table the correct data but I can't figur it out how the hashing and salting is done.

I try to do the password hash woth the password_hash function but when I try to login it says that the password is wrong so I assume there is another hashing?

And maybe a 'stupid' question but how to fill the password_salt field?

Kind regards,

Arie

P.S. When i get to ungly I will certain look into your other option to do the login from SMF but the login I now have is still live so changing the login would be a big challenge

ArieKant · January 03, 2025, 10:19:42 AM

Quote from: Arantor on January 03, 2025, 10:06:02 AMMuch more information about the current login is needed.

It is just a normal PHP login script with a email address and a password. I don't know exactly what more do you need?

Arantor · January 03, 2025, 11:43:13 AM

Well, let's start with whether SMF's password storage is more secure than your website's.

Or whether you should rip out your website's and use SMF's login plus session handling which has 20 years of history backing up its security claims.

Kindred · January 03, 2025, 02:18:35 PM

Quote from: Arantor on January 03, 2025, 11:43:13 AMWell, let's start with whether SMF's password storage is more secure than your website's.

Or whether you should rip out your website's and use SMF's login plus session handling which has 20 years of history backing up its security claims.

As Arantor says -- this is generally a better option, all around. It's a proven, hardened system.
If you are using a homemade login, then SMF's is definitely going to be better 99.9999% of the time.
If you are using some other web script system -- then it would help if you tell us which one...

In short, unless you are using an existing system like wordpress, or another hardened script -- using SSI.php > ssi_login(); is a better choice.... and if you do that, you can also use SSI.php to leverage the SMF usergroup/permissions system on your website.

Arantor · January 04, 2025, 04:02:02 AM

The flip side is that depending on how the other system is implemented you could theoretically skip using SMF's login and tying it explicitly to the other system using the integration hooks. But like I said, more details required.

News:

Can there be an automatic login to the board from the website?