I'm trying to make something like this:
Basically, I have one site (the main site) where people authenticate and create accounts. Their data is sent to a MySQL database.
On the other side, there’s another site. That site needs the users username (because I’d like to show it) and if they are not logged into their account on the first site, I want the second site to redirect them to the first site where they eventually create and account or login.
I’m also going to give an example where this is used. Let’s take Microsoft, they have their Microsoft accounts and a login page, and other services such as azure and office. They all use Microsoft’s original login without them needing to login each time they open that service, nor even the first time if they are already logged into their Microsoft account.
(I have the main site coded in PHP)
Could you maybe help?
You can use session variable.
In your main site you can save login in a variable like $_SESSION['user_auth_ok']
In every page of both websites you can use:
<?php
session_start();
if (!isset($_SESSION['user_auth_ok'])) {
header("Location: main-site/login.php");
}
So, everytime a not authenticate user try to access a reserved page will redirect to main site login page.
Related
Brace yourselves, this can get a little confusing. I have a wordpress website which currently directs users after logging in to their user dashboard. That functions exactly as we want it too on desktop and mobile/tablet devices.
Our website consists of different sections of course, to list a few examples we have 'Celeb News', 'Videos', 'Images', etc. Our website does not require logging in for any reason other than to 'Submit' content and have a 'Profile'.
Here's the DILEMMA. We have a Android app that is a wrapper of our website. In our APP we would like to force people to login in order to use the APP. We have limited functions in the platform we are creating this app with.
Here is how our URL structure is setup:
/wp-login.php
/wp-login.php?action=register
We want to be able to setup approx 5 different URLS that will direct the user to the desired page after logging in. I'm not a coder and the code I'm about to place below is wrong but I'm doing it for visual reasons for everyone to understand me better. We are looking for something like this:
https://example.com/wp-login.php?action=redirect_to"/index.php"
https://example.com/wp-login.php?action=redirect_to"/category/hottest/"
So we can place these links direclty on the buttons. When a user wants to access these sections on the app, they are asked to login. Once they login they are directed to the specified page or section. We also have cookies enabled in our login plugin so that if a user has logged in it will remember, we have our app setup so it can save these cookies to the devices. So we want the links to redirect the user to the desired page via the url if they are already logged in as well as the links on the buttons will be permanent.
Any help would be great!
All righty, so why not use the already built-in WordPress redirect, then?
If you build your login urls with the "redirect_to" parameter, the user should be automatically redirected once they have logged-in:
https://example.com/wp-login.php?redirect_to=%2Findex%2Ephp
Notice that you will have to url-encode the redirect value. How you do that, exactly, will depend on the language you are using, etc...
But basically, as soon as the user successfully logs in, in this case, she will be redirected to /index.php
Hope that helps!
I created a web app that allows users to connect their google calendar using OAuth2. And so far everything is working the way I've wanted it to be. Now my concern is, when a user clicks the link to authenticate his account, I want it to forcefully redirect to the google login page. Right now, when he clicks the link and his google account has an on-going session in that specific browser, the login page no longer appears. Is there a way to do that? Thanks.
If you set the parameter approval_prompt to force, you should be able to forcefully show the auth screen every time. More details about this parameter are documented here.
the only way to do that is to force a full logout from that client (browser, app, etc). You can do that by using:
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue= and add the redirect as "continue" parameter.
This will logout from everywhere so the user might not be happy if he/she didn't do that on purpose.
I would go with asking for permissions again if you want to make the users "feel" like they are actually login into your app again (i assume that why you want this approach).
Google also has a "switch user" option, but I haven't use it and it's really hard to know if the user will be asked for user and pass or the user will be automatically authenticated because he/she is already logged in another tab in the browser.
I have a wordpress site, and I want to put a link on that site so that users are redirected to another PHP site.
But here the problem is that the other php site uses authentication, i.e. users need to give username and password before they can enter.
I want to develop a link that users can simply click on and get to the other site directly.
I can give the username and password for the php site, but the requirement is that the user users are not asked for username and password.
you have to make a new php file(in the 'php site') that assign the session variable to the linked users, and then it redirect them to the main page of the 'php site'
U have to write an authentication function on the other php site.. when the user clicks on the link of the wordpress site redirect him to that authentication function, along with his credentials, where the users will get logged in automatically and get redirected to your php site.
if i get you right, i think the best way is to generate the link in wordpress site with a parameter : http://www.linktophpsite.com/?autologin=true
Then at php site you could get the element and if it is set to true, you can log the user to your site. If you want single sign-on on both sites, that's totally different. I recommend you to read articles about single sgn-on on php
If you have no control over the target site, then your options are very limited. You can't just provide access to material that requires login credentials without providing those login credentials.
Your best, and most secure, bet is to include the target site's login fields directly from their site in an iframe. The user logs into the other site, you track the iframe onload event to see that it changed, and then redirect the user to the page in question. This is better because it keeps you from handling the login details directly on your site.
I cannot guarantee that this works as simple as that, I haven't tried it and this page seems to indicate that at least some of the possibilities with cross-domain iframes are no longer relevant with modern browsers (I didn't read the page in detail, just trying to give a starting point).
I developed a login form (in php and also .net) to authenticate a user against a centralized database. I passed this form to several customers, to have it included in their respective sites. Upon correct authentication, the user is redirected, based in the customer that had the form installed. All is working good, however I have a concern: How can I prevent the customers that installed my form, to modify it to capture the users' credentials? The customer can simply insert a javascript function that store the credentials, and then continue with the auth flow. In other words: what measures can I use to assure that the customers never know what are the user's login/pass? (The form must reside in each customers' site, it's impossible to me to host it anywhere)
Thanks for suggestions.
One idea is to have your script redirect the users to your site and have them login there. Once logged in, you redirect the user back to your script install on your customers site. When you do the redirect back, you will include a token as a GET param. Your script on the customers site then uses that token you to call a web page/service in your system to get the user details.
This will allow the script on your customers side to have no knowledge of any kind of password, user or database.
There is a portal that a company's users are familiar with, and we will put a link to login to a different portal on a different machine. This process would not require username/password check, just hitting the link will log them in.
How can this two delivered in secured way? We don't want that anyone with the link to be able to log in, how can we make this to work between the two platforms?
I'm presuming the two portals aren't able to share sessions/cookies. If they are you can just use those to keep track of who is logged in where.
In the situation where that's not possible, you could use an authentication API, which you could query to see if a given user_id is logged in on that portal. This could be a very simple API which returns a yes or no, or you could develop it to be more complex.
Additionally keep in mind that there are Open Source choices out there. Open ID is a system that stackoverflow uses, for example.
Easiest method would be script on main site, that waits for session ID in POST/GET input, if session exists, it outputs user name. The new site server, when user comes in, reads in cookie with session ID, sends a request to main site server script and asks if session ID exists, if exists, uses that user name, for new site server.