• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Common logon for several php programs

I would like for a user to only have to logon once and have those credentials be used for access to several "off the shelf" php programs like eZpublish, phpbb, phprojekt, etc. I have only done some very basic scripting, so I don't know where to start to accomplish this, so any help would be appreciated.

Thanks
RW Wood
0
PstWood
Asked:
PstWood
  • 3
  • 2
1 Solution
 
Julian MatzCommented:
You could use a central database for login credentials, then use sessions to keep the login alive.


You would need to add
session_start()
to all your pages to keep the session alive. Depending on the code, you might also need to change it individually for each app since they might not all use the same session values. For example, different apps could use the following sessions:

$_SESSION['uid']
$_SESSION['user']
$_SESSION['username']

So changing all that could be extremely time consuming depending on how many references are made to these sessions in each of the apps.

One way to do it I guess, would be to have a central login page also where you could set each of the sessions after login. For example:

$username = isset($_POST['username']) ? $_POST['username'] : '';
$username = isset($_POST['password']) ? $_POST['password'] : '';

// Sanitize input and check database to validate user......

session_start()

$_SESSION['uid'] = $username;
$_SESSION['user'] = $username;
$_SESSION['username'] = $username;

Hope this makes sense...

0
 
PstWoodAuthor Commented:
Each app has its own database that stores both user info and session info. The userinfo is accessed for permissions to site areas, etc, and the session info is stored in each database. So at session_start() how would that info get posted to all the databases? Do I have to essentially take apart each login routine and incorporate them into one new script?

Thanks
rww
0
 
MasonWolfCommented:
I did something similar recently. I recommend a "least application of brute force" approach. It will involve modifying the login scripts, yes, but that isn't necessarily that difficult provided you know where to tweak.

The applications you mention need more than just username and password information from users, but if you start by saving only the most basic information necessary for logging into a central database like julianmatz suggests, then you should only need to modify 2 functions.

The first is the function that checks that the user has entered a valid username and password. Modify it to behave like this:

Have the script first check the database where it expects the login to reside
If login not found there, have it query the central database
If login exists there, use that information and insert a new record into the program-specific database
In either case, next add a cookie to the user's machine that acts as a pointer to the login information in the central database.
Now proceed normally - return success for the test of username and password, and let the script act normally to create its own session and place its own cookie

The second function to modify will be the one that checks whether or not a user is currently logged in:

First check for the expected session cookie.
If not found, check for the cookie that points to the central database.
If general cookie found, check to see if that user already has a record in that particular application's database
If not, add one in.
Next, create appropriate login cookie and return success

I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products. What you're doing sounds very cool and I wish you luck.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PstWoodAuthor Commented:
MasonWolf said: "The applications you mention need more than just username and password information from users, but if you start by saving only the most basic information necessary for logging into a central database like julianmatz suggests, then you should only need to modify 2 functions."

By "central database" do you mean one other than either of the ones that the two programs use, or do the tables from both databases have to be dumped into the same db?

MasonWolf said: "I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products."

I've hacked some of the scripts a bit, but it may be beyond me. I've already tried both forums for the two programs, and have gotten little response (none to be exact).

Do you know of anywhere I could look at a login script that has the functionality I'm looking for, even if it's not for the programs I want to use if for? I'm like a kid who learns by taking apart a clock to see what makes it tick. :-)

Thanks.
rww
0
 
MasonWolfCommented:
By central database I mean some very simple database, possibly even a flatfile, created by you that holds just a single table that contains a username and a password.

As for a login script, here's the one I was referring to when I said I did something similar recently. This one only deals with the first modification I mentioned - checking a separate database for the username and password.

      Function AuthUser($user, $pass)
            {
            $query = "      SELECT tickets_users_password
                        FROM tickets_users
                        WHERE tickets_users_username = '$user'
                        AND tickets_users_status = '1'";
            $result = mysql_query($query);
            IF (!$result)
                  {
                  return 0;
                  }
            IF (($row = mysql_fetch_array($result)) && ($pass == $row['tickets_users_password'] && $pass != ''))
                  {
                  return 1;
                  }
            ELSE
                  {
                  mysql_select_db("isr_isrdb");
                  $query = "SELECT * FROM user_data WHERE username = '$user'";
                  $result = mysql_query($query);
                  mysql_select_db("isr_stck1");
                  if($user = mysql_fetch_assoc($result))
                  {
                        require_once('/home/isr/public_html/config.php');
                        require_once(CLASSES_ROOT . 'base_initialization.php');
                        $obj = new ISR();
                        $pass1 = $obj->rsaEncrypt($pass);
                        if($pass1 == $user['password'] && $pass != '')
                        {
                              $query = "      INSERT INTO tickets_users
                              SET
                              tickets_users_name     = '".$user['first_name']."',
                              tickets_users_username = '".$user['username']."',
                              tickets_users_password = '".$pass."',
                              tickets_users_status = 1,
                              tickets_users_email    = '".$user['email']."'";
                              mysql_query($query);
                              return 1;
                        }
                  }
                  return 0;
                  }
            }
0
 
PstWoodAuthor Commented:
This will get me started. Thanks.
RWW
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now