I have built the the bridge between my system and smf which is working. It sets the cookie using the smf api then allows the user to login. But when the users goes back to my site which is a custom built site using standard sessions the user is logged out.
I am using the smf_1-1_api.php include to accomplish this.
with this code
smf_setLoginCookie(21600, $user['login'], $passwd, true);
smf_authenticateUser();
Thanks in advanced for your help
I thought I might build a bridge back to my site which logins me back in?
This was from the session name was the same on both applications. I simply change the session name in my app and it no longer logged me out.
Related
I am already logged in the front end of my joomla site with admin credentials. But when I try to login into the backend or admin panel it ask me to renter credentials. I want that when a user is logged in the front end and if he has the access capabilities to login into admin panel then he should be directly logged into admin panel without asking for credentials.
This is not possible by default in Joomla like WordPress. Back-end and Front-end are separated in Joomla. So you need to login separately in both section for security. However you can use third party extensions. Try the following extensions
http://extensions.joomla.org/extensions/extension/access-a-security/site-security/login-one
http://extensions.joomla.org/extension/ev-front-end-admin-navigation
Before start using them, read the reviews and ratings. Also make sure, you don't have security issues in your site by using these extensions.
There are two plugins in JED that can help you:
1. http://extensions.joomla.org/extension/ev-front-end-admin-navigation
http://extensions.joomla.org/extensions/extension/access-a-security/site-access/auto-front-end-login
Basically when admin logs in frontend it simultaneously creates a backend session. Not difficult and can be easily done through a plugin.
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I have a codeigniter application built using benedmunds authentication model. I'm currently setting up piwik however I was hoping to create a link in the admin panel which opens up piwik.
I'm not worried about piwik getting login details from codeigniter db. I'm also happy to add identical users into piwik, however when a user logs into codeigniter, it needs to automatically be logged into piwik. I don't want a user to have to login twice.
Any suggestions?
Thanks
You can look at the PiWik source and see how it authenticates. Most likely you can then just replicate the logic to create the needed session data.
That can then be put into an Ion Auth hook to be called after a successful login.
I have a wordpress site, and a iphone app for the same.Both have a common database with different user tables.
1> mysite.com >> wp_user
2> iPhone app >> app_user
what i want that, i want to make able app user login to the WordPress site. means
1> site user can only able to login into site
2> app user can login into site + iPhone app
how can i make app user able to login into site.
i have tried by debugging WP-login script, but can't find correct way
i need help from you guys.
thanks.
The required functionality looks a bit tricky, there might be more methods possible but the one I will recommend is:
Create a custom login form in wordpress site
Retrieve the username and password and first check if they exists on your site or not. If they do exist then simply login (these are site users) wp_signon method can be used here.
If they are not wordpress users then check if they are mobile app user by using MySQL and looking into the mobile app table, if they do exists then retrieve their information and register them into WordPress site wp_create_user can be used for it, you can add custom meta data so that you know these are app users. After registering, create login session using wp_signon.
I will recommend you to build a plugin for this task in wordpress.
Happy coding !
You could use extend the WordPress XML-RPC API to authenticate your iphone user to wordpress. Detailed explanation and basic working code can be found at Extending the WordPress XML-RPC API (http://www.skyverge.com/blog/extending-the-wordpress-xml-rpc-api/).
I would recommend a custom login plugin to accomplish this.
You can use wp-rename login plugin as a start up point for this.
In this plugin the WP credentials validation part is handled In the file rwl-login.php at line 449.
Similarly you have to add code to validate the mobile credentials as well in this switch case.
If you have built your code adhering to WP mobile app standards you can just include login validation file as it is done for WP regular validation in line 450
if not do your own validation and redirect properly in that case You may also have your native app register the handler of that custom url so that it can catch and handle the redirect appropriately
Make 2 user groups namely:
Site User
App User
When the user tries to login, check the user group it belongs to and accordingly provide the access or display an error message.
For making changes to the login system user the filter hook "authenticate" or even better use wp_authenticate
Thinking out loud - first a confirmation of the core problem:
You need a user to be able to log into the iOS app and grant access to the WP site.
Current consideration : On the iOS app and wordpress create a hash of user ID + password + salt (or something of that ilk). Use that hash, sent via the iOS app to WP, to confirm a user.
Yes, there are security issues regarding this info going over the air, just as your username and PW would go over the air.
With a matching hash (use a look up table in WP, super easy), there are methods in WP to force a user log-in (done that, could dig out code helpers from my archives).
Issue : Need to hook PW change to hash generation / update. There are user change hooks in WP, very solvable.
Good to know : Almost every aspect of user management, including permission and groups, are available via the WP API/framework. It is possible (although not easy) to put a change PW on the iOS app that will update WP and much more.
Hope I helped you along, the messages are a little confusing.
I am writing an application in CodeIgniter and I have concluded that it's best to write two applications. One for back office and one for client use.
I would like to have just one login screen. It will be in the back office application but if a client user logs in then I want to redirect to the client app and create a session there. The database user table stores the user type i.e. client or admin.
I have come up with the following solution. As I want to this the correct way I said i'd run it by you guys to see what ye think.
User logs into admin CI app.
Admin CI app verifies user and determines type. If admin then go ahead and create session etc.
If the user is a client then MD5(user_ip+timestamp OR make a secure token some other way) and store in a token field (user_table) in DB.
redirect the user to the client admin via a login page. The paramters would be the token and username. The login function would then go to that user in the database and verify the token.
On successful authorization of token the CI client app would start a session and let the user in.
This seems like a very long winded method. Ideally there would be a way to start a session for one CI app from another?
Any ideas?
Thanks.
Once you've verified admin or client, I would use the CodeIgniter session class with the ci_sessions table in your database.
http://codeigniter.com/user_guide/libraries/sessions.html
Then to distinguish users from client or employee add a variable to the session.
$this->session->set_userdata('user_type', 'client');
Then just use that if ever you need it.
I would go about making 2 applications under HMVC (Hierarchical-Model-View-Controller) framework.
HMVC CodeIgniter Tutorial
Then you can go about using same sessions under multiple applications, as well as use the same models for user management, etc..
HMVC helps you modularize your applications, thus if you want to add more applications in the future, you can easily do that, passing over same sessions and such.
I answered your question in a bigger scope, one central login with 2 apps, best should be done with HMVC.
:)
Might wanna check out BackEndPro for CodeIgniter, could save you a lot of time.
Includes:
User Authentication with registration & account activation
User Permissions by using ACL (Access Control Lists)
Admin GUI backend for editing Site-wide Preferences
Built on Matchbox (for Modular development)
Asset Library (optimize, cache, and load JS & CSS)
ReCAPTCHA
Status messages (info/success/warning/error messages for the user)