PstWood
asked on
Common logon for several php programs
I would like for a user to only have to logon once and have those credentials be used for access to several "off the shelf" php programs like eZpublish, phpbb, phprojekt, etc. I have only done some very basic scripting, so I don't know where to start to accomplish this, so any help would be appreciated.
Thanks
RW Wood
Thanks
RW Wood
ASKER
Each app has its own database that stores both user info and session info. The userinfo is accessed for permissions to site areas, etc, and the session info is stored in each database. So at session_start() how would that info get posted to all the databases? Do I have to essentially take apart each login routine and incorporate them into one new script?
Thanks
rww
Thanks
rww
I did something similar recently. I recommend a "least application of brute force" approach. It will involve modifying the login scripts, yes, but that isn't necessarily that difficult provided you know where to tweak.
The applications you mention need more than just username and password information from users, but if you start by saving only the most basic information necessary for logging into a central database like julianmatz suggests, then you should only need to modify 2 functions.
The first is the function that checks that the user has entered a valid username and password. Modify it to behave like this:
Have the script first check the database where it expects the login to reside
If login not found there, have it query the central database
If login exists there, use that information and insert a new record into the program-specific database
In either case, next add a cookie to the user's machine that acts as a pointer to the login information in the central database.
Now proceed normally - return success for the test of username and password, and let the script act normally to create its own session and place its own cookie
The second function to modify will be the one that checks whether or not a user is currently logged in:
First check for the expected session cookie.
If not found, check for the cookie that points to the central database.
If general cookie found, check to see if that user already has a record in that particular application's database
If not, add one in.
Next, create appropriate login cookie and return success
I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products. What you're doing sounds very cool and I wish you luck.
The applications you mention need more than just username and password information from users, but if you start by saving only the most basic information necessary for logging into a central database like julianmatz suggests, then you should only need to modify 2 functions.
The first is the function that checks that the user has entered a valid username and password. Modify it to behave like this:
Have the script first check the database where it expects the login to reside
If login not found there, have it query the central database
If login exists there, use that information and insert a new record into the program-specific database
In either case, next add a cookie to the user's machine that acts as a pointer to the login information in the central database.
Now proceed normally - return success for the test of username and password, and let the script act normally to create its own session and place its own cookie
The second function to modify will be the one that checks whether or not a user is currently logged in:
First check for the expected session cookie.
If not found, check for the cookie that points to the central database.
If general cookie found, check to see if that user already has a record in that particular application's database
If not, add one in.
Next, create appropriate login cookie and return success
I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products. What you're doing sounds very cool and I wish you luck.
ASKER
MasonWolf said: "The applications you mention need more than just username and password information from users, but if you start by saving only the most basic information necessary for logging into a central database like julianmatz suggests, then you should only need to modify 2 functions."
By "central database" do you mean one other than either of the ones that the two programs use, or do the tables from both databases have to be dumped into the same db?
MasonWolf said: "I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products."
I've hacked some of the scripts a bit, but it may be beyond me. I've already tried both forums for the two programs, and have gotten little response (none to be exact).
Do you know of anywhere I could look at a login script that has the functionality I'm looking for, even if it's not for the programs I want to use if for? I'm like a kid who learns by taking apart a clock to see what makes it tick. :-)
Thanks.
rww
By "central database" do you mean one other than either of the ones that the two programs use, or do the tables from both databases have to be dumped into the same db?
MasonWolf said: "I won't try to kid you though. If you don't have a good grasp of these programs you need to modify, this task may be beyond your skills. You may want to post your request for help in the specific forums that support these products."
I've hacked some of the scripts a bit, but it may be beyond me. I've already tried both forums for the two programs, and have gotten little response (none to be exact).
Do you know of anywhere I could look at a login script that has the functionality I'm looking for, even if it's not for the programs I want to use if for? I'm like a kid who learns by taking apart a clock to see what makes it tick. :-)
Thanks.
rww
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This will get me started. Thanks.
RWW
RWW
You would need to add
session_start()
to all your pages to keep the session alive. Depending on the code, you might also need to change it individually for each app since they might not all use the same session values. For example, different apps could use the following sessions:
$_SESSION['uid']
$_SESSION['user']
$_SESSION['username']
So changing all that could be extremely time consuming depending on how many references are made to these sessions in each of the apps.
One way to do it I guess, would be to have a central login page also where you could set each of the sessions after login. For example:
$username = isset($_POST['username']) ? $_POST['username'] : '';
$username = isset($_POST['password']) ? $_POST['password'] : '';
// Sanitize input and check database to validate user......
session_start()
$_SESSION['uid'] = $username;
$_SESSION['user'] = $username;
$_SESSION['username'] = $username;
Hope this makes sense...