View topic: How to: Simple (SSO) Login Hack?

To	× pt	For
temp1024	80	Sup…
curtisbrew	50	Hel…
Fletch	500	Sup…
Fletch	100	The…
Duck	200	Pro…
Fletch	100	The…
Chris Graham	100	Hel…
Fletch	100	The…
Fletch	100	The…
Duck	100	Rea…

Rishi Saravanan	44,540
BobS	24,825
Fletch	24,348
Jean	19,312
amichan	16,801

Home » Forum home » Developing » View topic

Login / Search

Posted 03 February 2011, 12:46 PM

Rating:

#66216 (In Topic #14152)

Can.do

Fan in action

How to do a Simple Login Hack w/ ocPortal?

These 'examples' are not plugins, just simple .php pages. I don't have all the details with me, so I hope the idea will still get through:

MyBB 'example'
<?php

define('IN_MYBB', 1);
require_once './global.php';

// User verified externally, secure token passed through SSL… begin simple login

{insert code to login user_id '1'}
?>

Drupal 'example'
<?php

//require the bootstrap include
require_once './includes/bootstrap.inc';
//Load Drupal
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

// User verified externally, secure token passed through SSL… begin simple login

$username= "Can.do;
global $user;

// !! This function (these exact details) might be outdated, whatever….
$account = user_load( array('name' => $username) );
$account = user_external_login( $account );

…redirect…
?>

Can you please tell me a similar way, if possible, to include a minimal amout of files, and "force" a simple login to OCP?
Thank you very much.

Posted 03 February 2011, 12:56 PM

Rating:

#66218

Chris Graham

ocStaff (admin)

Good question.

Code


<?php
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='TODO'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

$member=get_member();
$username=$GLOBALS['FORUM_DRIVER']->get_username($member);

When you get this working I'd appreciate it if you could post it over on our community documentation, I think it's worth sharing in a better place too.

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.

Posted 03 February 2011, 1:50 PM

Rating:

#66219

Can.do

Fan in action

Yes, will post later today…
Great to see, thanks Chris.

Posted 03 February 2011, 2:52 PM

Rating:

#66221

Can.do

Fan in action

Not sure what I'm missing:

<?php

global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/var/www/html/example.com/ahome'; // Hard-code this to the base path
$RELATIVE_PATH='/'; // ocPortal will think the request is for the root zone, permission-wise

global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Tried three ways, passing ' ?member=Tester ' through the (SSL) URL…
$member=get_member();
// Pass username ' inside get_member() ' i.e….
$member=get_member("Tester");
// third try "set the var" just to check.. $member= "Tester";
$username=$GLOBALS['FORUM_DRIVER']->get_username($member);

?>

Result = Login form / Message '“Guest” does not have access to the zone /. '

$result = one step closer :)

Posted 03 February 2011, 2:59 PM

Rating:

#66223

Chris Graham

ocStaff (admin)

RELATIVE_PATH should be blank. It is telling ocPortal it's zone name. In the standard code it is auto-detected as the subdirectory (i.e. zone) the script is running in, but you need to hard set it bank.

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 1:33 AM

Rating:

#66238

Can.do

Fan in action

For testing I've been putting ' sso.php ' in the OCP root, and also tried domain root.

"RELATIVE_PATH should be blank."
^^^
With RELATIVE_PATH blank I get a blank page (no error message)

Thanks, for the fast answers this morning, but so far this is not working for me.

Posted 04 February 2011, 10:45 AM

Rating:

#66246

Chris Graham

ocStaff (admin)

Hi,

I think I misunderstood what you're trying to do. My code works to provide access to ocPortal's API. But after re-reading your post I see you're trying to log in a user (sorry missed that!). I'm not sure what you're trying to do once the user is logged in though. I am going to post some new code that auto-signs in a specific user, and shows the front page, but set to wide_high so that the menus etc aren't there.

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 10:56 AM

Rating:

#66247

Chris Graham

ocStaff (admin)

Working on this code. One note though, you'll need to turn the 'httpauth_is_enabled' option on ("HTTP-Auth is enabled").

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 11:13 AM

Rating:

#66248

Chris Graham

ocStaff (admin)

Ignore my last post, that tactic didn't work, so I did something different.
ocPortal wasn't really designed for this, but it does actually work well with the right tricks. Here is my code…

Code



<?php

// Fake some environment parameters
$_GET['wide_high']='1';
$_GET['page']='start';
$_POST['no_seo_redirect']='1';

// Fake an HTTP-auth request         Actually, only works if HTTP authentication is enabled and the user name is an account used only for it
//$_GET['keep_force_htaccess']='1';
//$_SERVER['REMOTE_USER']='test'; // Set to what you want

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$GLOBALS['MEMBER_CACHED']=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);

// Load up a page, as specified by $_GET parameters
require_code('site');
do_site();

// Unset the parameters we set, to return environment back to normal
unset($_GET['wide_high']);
unset($_GET['page']);

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 11:15 AM

Rating:

#66249

Chris Graham

ocStaff (admin)

Or if you just want the page as an HTML snippet…

Code



<?php

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$GLOBALS['MEMBER_CACHED']=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);

// Load up a page
require_code('site');
$page_wanted='start';
$page=request_page($page_wanted,true,$RELATIVE_PATH,NULL,true);
$page->evaluate_echo();

// Unset the parameters we set, to return environment back to normal
unset($_GET['wide_high']);
unset($_GET['page']);

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 11:53 AM

Rating:

#66251

Can.do

Fan in action

Ok, great working now, thanks again Chris.
Now that it's working I'll post on the community documentation later today.

Glad to get this informaion.

Posted 04 February 2011, 1:24 PM

Rating:

#66257

Can.do

Fan in action

I should have looked closer. The page has "Welcome back, My_Username.", and links to admin functions, so I thought I was logged in. Navigating to a regular page, shows not logged in.

"ocPortal wasn't really designed for this…"

That's OK, low priority (if at all)
Time to get off-line now; I still have a mountian of snow in 50% of my driveway. O_o

I'll check ocasionally for any SSO-related updates, but no big hurry.
Thank you.

Posted 04 February 2011, 1:32 PM

Rating:

#66258

Chris Graham

ocStaff (admin)

Hi,

It'll help a bit if you can explain more about what you're trying to achieve. Are you trying to embed the whole ocPortal into another system, rather than just a single page?
If that's the case you'd need to do something more complex, like replacing all the links with links into your SSO file.

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 3:32 PM

Rating:

#66262

Can.do

Fan in action

Just a way to login without a password, that's all, then redirect to a $return URL.

Posted 04 February 2011, 3:42 PM

Rating:

#66263

Chris Graham

ocStaff (admin)

Ah, now all is clear…

Code



<?php

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$member_id=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);
require_code('users_active_actions');
$GLOBALS['FORUM_DRIVER']->forum_create_cookie($member_id,$username,'');

header('Location: '.get_base_url());

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 3:44 PM

Rating:

#66264

Chris Graham

ocStaff (admin)

So now we have loads of scripts people can use.
In order:

Get ocPortal's login ID from another script
Show an ocPortal page using a certain desired login ID (full HTML)
Show an ocPortal page using a certain desired login ID (HTML snippet)
Force open an ocPortal session to a given login ID and redirect to the front page

Become a fan of ocPortal on Facebook or add me as a friend.

Was I helpful?

If not, please let us know how we can do better (please make suggestions that are economically viable and scalable, not just requests to do more for free).
If so, please let others know about ocPortal whenever you see the opportunity.

Follow me on Twitter

This information has not loaded yet. It will be generated in the background, please come back later.

Posted 04 February 2011, 4:25 PM

Rating:

#66265

Can.do

Fan in action

Chris Graham said

Ah, now all is…
(codebox…)

Will test soon, back out to shovel more snow…

Chris Graham said

So now we have loads of scripts people can use.
In order:

    * Get ocPortal's login ID from another script
    * Show an ocPortal page using a certain desired login ID (full HTML)
    * Show an ocPortal page using a certain desired login ID (HTML snippet)
    * Force open an ocPortal session to a given login ID and redirect to the front page

You have been very helpful, thank you again Chris.

&&&

"Ah, now all is clear…"

I had already written this before seeing your last answer:

FYI (To anyone/ everyone)
Open-Source and SSO

With most Open-Source products true SSO (Single-Sign-On) is either rather difficult, or full of "additional complications."
jFusion (for example) does NOT support username changes, but does make SSO and user-sync pretty easy for non-programmers.
The "no username changes" is a 'deal-breaker' for me.

MyBB and Drupal, (EDIT: Plus now ocPortal

) are the easiest that I've found, so far, for a 'true' SSO login without needing a password; FYI: in these cases user-sync is a separate topic.

Moodle, Wordpress, Elgg, Semantic Scuttle, and Joomla can all be modified for 'auto-login'; So far I'm counting on SSL (for encryption), and needing to use the passwords, for SSO to work.
Moodle*, Wordpress, Elgg, etc. can probably support secure SSO (token-based / no additional password entry needed), especially if you make, or modify, authentication plugins.

*Moodle also has an mNet which works across different domains, and is secure even without SSL over Https, (but there are issues with not being flexible enough)

Being able to add ocPortal to the list of "SSO capable" is a big plus, thanks.