I have a codeigniter application built using benedmunds authentication model. I'm currently setting up piwik however I was hoping to create a link in the admin panel which opens up piwik.
I'm not worried about piwik getting login details from codeigniter db. I'm also happy to add identical users into piwik, however when a user logs into codeigniter, it needs to automatically be logged into piwik. I don't want a user to have to login twice.
Any suggestions?
Thanks
You can look at the PiWik source and see how it authenticates. Most likely you can then just replicate the logic to create the needed session data.
That can then be put into an Ion Auth hook to be called after a successful login.
Related
I am using flexi auth codeigniter library in my one project. I have dont integration part. Now when I logined in user account from one browser and using same user credential I did logged in on another browser. When I logged in from another browser it logged me out from first browser. I dont know why it is happening. Please help me out to find the solution. I want to login from multiple browser with same user credentials.
I don't use Flexi Auth but there is a config option $config['security']['validate_login_onload'] set this to false and your problem is gone :D
I use personally CodeIgniter-Aauth.
I have a page developed in Wordpress and to enter to this page you have to register and then login into the same.
Now I have to develop another system and I have to use the same session in my new page that was logged in Wordpress.
In the Wordpress page there is a link that brings to Symfony 2 page. Clicking in that link, the user must be the same.
I am using the same database for both applications, so the wp_users table from Wordpress is used by the new Symfony2 page.
For example the user logged in Wordpress page has to fill certain form developed in the new Symfony2 page.
I found this bundle but I don't know how to use it. It seems very useful.
My questions are:
Is there a way to save the session in a cookie and use this cookie in my Symfony2 app?
Is there a way to send a token in the link in the Wordpress page and use this token in my Symfony2 page? This token should contains the user logged info.
Daniel, what you are asking for is possible but is some pretty technical stuff. Your best bet is to try and follow the instructions for the bundle you linked to get the user auth working. Baring that if you wanted to roll your own solution, assuming you are on symfony 2.8 or later you would need to implement a custom user provider and a guard.
http://symfony.com/doc/current/cookbook/security/guard-authentication.html
Basically the idea would be to read the session cookie created by wordpress, use doctrine to look up that session again in wordpress db, get the user ID associated with that. Use that User ID to load the custom user entity you created for the custom user provider.
Someone providing that solution on here likely wont happen with just how much effort would be involved.
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I have a wordpress site, and a iphone app for the same.Both have a common database with different user tables.
1> mysite.com >> wp_user
2> iPhone app >> app_user
what i want that, i want to make able app user login to the WordPress site. means
1> site user can only able to login into site
2> app user can login into site + iPhone app
how can i make app user able to login into site.
i have tried by debugging WP-login script, but can't find correct way
i need help from you guys.
thanks.
The required functionality looks a bit tricky, there might be more methods possible but the one I will recommend is:
Create a custom login form in wordpress site
Retrieve the username and password and first check if they exists on your site or not. If they do exist then simply login (these are site users) wp_signon method can be used here.
If they are not wordpress users then check if they are mobile app user by using MySQL and looking into the mobile app table, if they do exists then retrieve their information and register them into WordPress site wp_create_user can be used for it, you can add custom meta data so that you know these are app users. After registering, create login session using wp_signon.
I will recommend you to build a plugin for this task in wordpress.
Happy coding !
You could use extend the WordPress XML-RPC API to authenticate your iphone user to wordpress. Detailed explanation and basic working code can be found at Extending the WordPress XML-RPC API (http://www.skyverge.com/blog/extending-the-wordpress-xml-rpc-api/).
I would recommend a custom login plugin to accomplish this.
You can use wp-rename login plugin as a start up point for this.
In this plugin the WP credentials validation part is handled In the file rwl-login.php at line 449.
Similarly you have to add code to validate the mobile credentials as well in this switch case.
If you have built your code adhering to WP mobile app standards you can just include login validation file as it is done for WP regular validation in line 450
if not do your own validation and redirect properly in that case You may also have your native app register the handler of that custom url so that it can catch and handle the redirect appropriately
Make 2 user groups namely:
Site User
App User
When the user tries to login, check the user group it belongs to and accordingly provide the access or display an error message.
For making changes to the login system user the filter hook "authenticate" or even better use wp_authenticate
Thinking out loud - first a confirmation of the core problem:
You need a user to be able to log into the iOS app and grant access to the WP site.
Current consideration : On the iOS app and wordpress create a hash of user ID + password + salt (or something of that ilk). Use that hash, sent via the iOS app to WP, to confirm a user.
Yes, there are security issues regarding this info going over the air, just as your username and PW would go over the air.
With a matching hash (use a look up table in WP, super easy), there are methods in WP to force a user log-in (done that, could dig out code helpers from my archives).
Issue : Need to hook PW change to hash generation / update. There are user change hooks in WP, very solvable.
Good to know : Almost every aspect of user management, including permission and groups, are available via the WP API/framework. It is possible (although not easy) to put a change PW on the iOS app that will update WP and much more.
Hope I helped you along, the messages are a little confusing.
I am writing an application in CodeIgniter and I have concluded that it's best to write two applications. One for back office and one for client use.
I would like to have just one login screen. It will be in the back office application but if a client user logs in then I want to redirect to the client app and create a session there. The database user table stores the user type i.e. client or admin.
I have come up with the following solution. As I want to this the correct way I said i'd run it by you guys to see what ye think.
User logs into admin CI app.
Admin CI app verifies user and determines type. If admin then go ahead and create session etc.
If the user is a client then MD5(user_ip+timestamp OR make a secure token some other way) and store in a token field (user_table) in DB.
redirect the user to the client admin via a login page. The paramters would be the token and username. The login function would then go to that user in the database and verify the token.
On successful authorization of token the CI client app would start a session and let the user in.
This seems like a very long winded method. Ideally there would be a way to start a session for one CI app from another?
Any ideas?
Thanks.
Once you've verified admin or client, I would use the CodeIgniter session class with the ci_sessions table in your database.
http://codeigniter.com/user_guide/libraries/sessions.html
Then to distinguish users from client or employee add a variable to the session.
$this->session->set_userdata('user_type', 'client');
Then just use that if ever you need it.
I would go about making 2 applications under HMVC (Hierarchical-Model-View-Controller) framework.
HMVC CodeIgniter Tutorial
Then you can go about using same sessions under multiple applications, as well as use the same models for user management, etc..
HMVC helps you modularize your applications, thus if you want to add more applications in the future, you can easily do that, passing over same sessions and such.
I answered your question in a bigger scope, one central login with 2 apps, best should be done with HMVC.
:)
Might wanna check out BackEndPro for CodeIgniter, could save you a lot of time.
Includes:
User Authentication with registration & account activation
User Permissions by using ACL (Access Control Lists)
Admin GUI backend for editing Site-wide Preferences
Built on Matchbox (for Modular development)
Asset Library (optimize, cache, and load JS & CSS)
ReCAPTCHA
Status messages (info/success/warning/error messages for the user)