I have a website that requires login and I've installed PHPBB to a subdomain. I want users to automatically register to the PHPBB forum when they register to the main page and I need to give them access to only specific forums so I need to give them forum permissions based on their choices on the register page. How can I achieve this?
I've tried sending requests to ACP Add User Plugin using cURL but it requires tokens so after some time token expires and I can't send any more requests.
When you use your Browser to get the key, go into the developer tools, network tab, select the first http request, right click and choose copy as curl.
I would NEVER install Chrome on my PC. So here is a Firefox example.
Then go to Convert curl commands to PHP
And paste in the curl copied from your Browser.
So now you can go get a new token when ever you need a new one.
Related
I'm trying to create an intranet site where, if possible, all parts of it should be SSO in a way that a user who is logged into his Active Directory account in Windows would immediately be signed on with that same account in all pages of my site through LDAP.
Now the main component of this site is built with a CMS and from there the user should be able to click the links on this site to get to the other tools we're using, like for example the ticket system.
The CMS and the ticket-system software both are able to connect through LDAP themselves but I want a SSO solution for this.
So I searched and found this for the apache server: mod_authnz_sspi
This apparently lets you use $_SERVER['REMOTE_USER'] in PHP to get the windows user signed on right now.
Now I'm stuck since I'm not really sure how to use this to automatically log the user into the sites.
What do I have to do with this to get the SSO solution that I want?
I thought about creating a simple HTML form with the same fields like the one from the ticket-system form I'm trying to log into. I would then try to send the POST-data to the form of the ticket-system and log the user in automatically. For the username I would send $_SERVER['PHP_AUTH_USER'] and for the password $_SERVER['PHP_AUTH_PW']. However, the ticket system is protected with a CSRF-Token which I would have to include into the sent POST-data but can't know in advance since it is generated in the moment of accessing the page.
So it would be really helpful if someone could tell me how to get a SSO working with the mod_authnz_sspi tool (or another).
If there isn't any other way than through using a HTML-form that sends the POST data like I tried, then it would be helpful if someone knew a workaround to the CSRF-Token problem!
You can create an AUTH application that administrate your users (details, permissions, etc.). When an user access other application if it are not logged in redirect it to the AUTH application. AUTH application check user credentials, generate an access_token and redirect user back to the application that try to access. More info you find here https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/
I have a Moodle(3.0) website and a WordPress blog (3.5.4). I need to implement SSO between these two.
Here is the basic idea why I want to do it:
Some of the courses in Moodle contain external content (load a page with resources in iframe). At the bottom of the iframe page, that is loaded there is a bbPress embedded (Forum plugin for WordPress).
I need the SSO, so when user logs in his moodle account and choose to view certain resource to be able to participate in the forum topic under the resource without the need of login again.
I've read Authenticate Users From Moodle Into WordPress, and tried to configure External database Authentication Method in Moodle, but so far no luck.
I've found an WordPress plugin Edwiser Bridge, but it makes quite the opposite (integrates Moodle within WordPress) - which is of no use to my particular case.
I will much appreciate every help I can get. Thanks
I ended up building an API, which makes the handshake between Moodle and Wordpress.
I've modified the moodle/login/index.php page and wp-login.php to send requests to the API when logging in.
Every time someone logs in either platform a request is being sent to the API. It tries to log the user programmatically and start a session cookie for the user. (if the username and password match in the db).
When user is being registered the user data is stored in both databases (Moodle and Wordpress).
NOTE: This is not exactly SSO, but it solved my problem and its working.
As per the title - I'm trying to trigger an Azure Website "triggered" WebJob from our custom PHP deployment application hosted external to Azure websites.
Thanks to what I believe is Active Directory, I'm able to navigate the /api URLs in my browser and get a JSON output without having to reauthenticate. For example, /api/triggeredwebjobs outputs the triggered WebJob information (that I've set up inside Azure Portal) in my browser.
I've gotten as far in my PHP app as sending a POST request and it is successfully authenticating using basic auth, but every single /api URL that I set in my PHP app returns:
"No route registered for '/api/triggeredwebjobs/{webjobname}'"
where {webjobname} is my custom name for the web job, hidden for privacy of the client. Every URL returns this, but if I navigate in my browser, I only get that error if I navigate to a URL that doesn't exist, such as /api/blahblahblah.
I've set up a deployment user which is what it's using to authenticate... I've even logged in to https://{azuresite}.scm.azurewebsites.net/basicauth using the deployment user and successfully gotten output from each /api page in my browser.
If it helps, I'm using Httpful.phar to handle the HTTP requests.
Thank you very much for taking the time to read and possibly assist.
A colleague helped me get to the bottom of this - the documentation was out of date. I have opened an issue on the Kudu Github Repo to get them to review this:
https://github.com/projectkudu/kudu/issues/1466
To solve the issue for future readers of this question, the correct URL to use within the requester app is:
https://{yoursite}.scm.azurewebsites.net/jobs/triggered/{jobname}/run
Good luck!
I have got Trac installed as a subset of a larger website. Ideally I'd like to be able to log users into trac from the main site without having to use the trac interface itself. The main site is implemented in PHP on IIS. Additionally if the user is logged in via Trac then I'd like to be able to offer access to other features from some of the PHP pages based upon the user privileges.
Authentication uses an htpasswd file in trac and being able to administrate users via the trac interface is useful. Additionally the same user/pass would be used for subversion as this can use the htpasswd file. I can't use this with IIS to do the login via a virtual path and authentication role. I don't want to use LDAP/ActiveDirectory
It would be nice to be able to implement a login page in PHP that actually logs the user into Trac. However I an unsure how I would add an appropriate __FORM_TOKEN field in the PHP page. It would be fine to use the trac login page itself but after logging in, it goes to the trac wiki home page rather than the referer that I set in the form data if it is not a sub-url of the trac part of the site.
Also it would be handy to be able to query permissions for the user currently logged into trac from PHP. Presumably this is possible via the sqlite database, but how do I know who the current user is?
Ended up generating the trac_form_token cookie myself for my PHP login form, from a sub-url of the trac root (overriding that sub-url from within IIS so that it is not handled by trac but by php instead). Easy enough to do.
Checking the logged in user is easy enough to do if you configure trac to set the path of the trac_auth cookie to be the root of the site. You can then access this and query the trac sqlite database from PHP to get the user name and permissions.
Then for the PHP login, you generate the trac_form_token and do a POST curl request to trac and then pass on the cookies you need from the returned response header.
EDIT: change to trac.ini to make trac_auth cookie available site-wide and not just from /trac/
[trac]
auth_cookie_path = \
I am currently in the process of creating a mobile version of my web app.
The app is being developed with Facebook's PHP Client Library.
The issue:
I am using the following mobile url to allow users to log in using the mobile devices:
http://m.facebook.com/tos.php?api_key=APIKEY&v=1.0&next=http%3A%2F%2Ftweelay.net%2Fm.php&cancel=http%3A%2F%2Ftweelay.net%2Fm.php
APIKEY being my app's actual Facebook API key.
In the url I am telling Facebook to redirect the user back to http://tweelay.net/m.php when the user signs in or clicks cancel on the log in screen. I am pulling my hair trying to figure out why it keeps sending the user to http://m.tweelay.net/m.php which is currently an invalid end point.
I have gone through all of my app's settings on Facebook and I cant find any that reference http://m.tweelay.net and going through all of my source code I cant find any that reference the m. sub-domain either.
Any ideas? Is there a setting I'm missing? Maybe a Flag in the library?
I've seen Facebook do this when detecting the mobile browser type and also sometimes randomly through Firefox (it can also happen when trying to get to facebook.com). I've managed to reset it sometimes, but it's not a guaranteed fix.
If you want to be sure the user makes it to your correct site I suggest creating the subdomain and redirecting traffic to your usual site, it's what I did and now I don't worry about it reverting back.