HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


How to: Simple (SSO) Login Hack?

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#66216 (In Topic #14152)
Avatar

Fan in action

How to do a Simple Login Hack w/ ocPortal?

These 'examples' are not plugins, just simple .php pages. I don't have all the details with me, so I hope the idea will still get through:

MyBB 'example'
<?php

define('IN_MYBB', 1);
require_once './global.php';

// User verified externally, secure token passed through SSL… begin simple login

{insert code to login user_id '1'}
?>


Drupal 'example'
<?php

//require the bootstrap include
require_once './includes/bootstrap.inc';
//Load Drupal
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

// User verified externally, secure token passed through SSL… begin simple login

$username= "Can.do;
global $user;

// !! This function (these exact details) might be outdated, whatever….
$account  = user_load( array('name' => $username) );
 $account = user_external_login( $account );

…redirect…
?>

Can you please tell me a similar way, if possible, to include a minimal amout of files, and "force" a simple login to OCP?
Thank you very much.
Back to the top
 
Posted
Rating:
#66218
Avatar

Good question.

Code

<?php
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='TODO'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

$member=get_member();
$username=$GLOBALS['FORUM_DRIVER']->get_username($member);

When you get this working I'd appreciate it if you could post it over on our community documentation, I think it's worth sharing in a better place too.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66219
Avatar

Fan in action

Yes, will post later today…
Great to see, thanks Chris.
Back to the top
 
Posted
Rating:
#66221
Avatar

Fan in action

Not sure what I'm missing:

<?php

global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/var/www/html/example.com/ahome'; // Hard-code this to the base path
$RELATIVE_PATH='/'; // ocPortal will think the request is for the root zone, permission-wise

global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
 require($FILE_BASE.'/sources/global.php');

 // Tried three ways, passing ' ?member=Tester ' through the (SSL) URL…
 $member=get_member();
 // Pass username ' inside get_member() '  i.e….
$member=get_member("Tester");
 // third try "set the var" just to check..     $member= "Tester";
$username=$GLOBALS['FORUM_DRIVER']->get_username($member);

?>

Result = Login form  / Message  '“Guest” does not have access to the zone /. '

$result = one step closer  :)
Back to the top
 
Posted
Rating:
#66223
Avatar

RELATIVE_PATH should be blank. It is telling ocPortal it's zone name. In the standard code it is auto-detected as the subdirectory (i.e. zone) the script is running in, but you need to hard set it bank.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66238
Avatar

Fan in action

For testing I've been putting ' sso.php ' in the OCP root, and also tried domain root.

"RELATIVE_PATH should be blank."
^^^
With RELATIVE_PATH blank I get a blank page (no error message)

Thanks, for the fast answers this morning, but so far this is not working for me.
Back to the top
 
Posted
Rating:
#66246
Avatar

Hi,

I think I misunderstood what you're trying to do. My code works to provide access to ocPortal's API. But after re-reading your post I see you're trying to log in a user (sorry missed that!). I'm not sure what you're trying to do once the user is logged in though. I am going to post some new code that auto-signs in a specific user, and shows the front page, but set to wide_high so that the menus etc aren't there.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66247
Avatar

Working on this code. One note though, you'll need to turn the 'httpauth_is_enabled' option on ("HTTP-Auth is enabled").


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66248
Avatar

Ignore my last post, that tactic didn't work, so I did something different.
ocPortal wasn't really designed for this, but it does actually work well with the right tricks. Here is my code…

Code


<?php

// Fake some environment parameters
$_GET['wide_high']='1';
$_GET['page']='start';
$_POST['no_seo_redirect']='1';

// Fake an HTTP-auth request         Actually, only works if HTTP authentication is enabled and the user name is an account used only for it
//$_GET['keep_force_htaccess']='1';
//$_SERVER['REMOTE_USER']='test'; // Set to what you want

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$GLOBALS['MEMBER_CACHED']=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);

// Load up a page, as specified by $_GET parameters
require_code('site');
do_site();

// Unset the parameters we set, to return environment back to normal
unset($_GET['wide_high']);
unset($_GET['page']);


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66249
Avatar

Or if you just want the page as an HTML snippet…

Code


<?php

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$GLOBALS['MEMBER_CACHED']=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);

// Load up a page
require_code('site');
$page_wanted='start';
$page=request_page($page_wanted,true,$RELATIVE_PATH,NULL,true);
$page->evaluate_echo();

// Unset the parameters we set, to return environment back to normal
unset($_GET['wide_high']);
unset($_GET['page']);


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66251
Avatar

Fan in action

Ok, great working now, thanks again Chris.
Now that it's working I'll post on the community documentation later today.

Glad to get this informaion.   :)
Back to the top
 
Posted
Rating:
#66257
Avatar

Fan in action

I should have looked closer. The page has "Welcome back, My_Username.", and links to admin functions, so I thought I was logged in. Navigating to a regular page, shows not logged in.

"ocPortal wasn't really designed for this…"

That's OK, low priority (if at all)
Time to get off-line now; I still have a mountian of snow in 50% of my driveway.  O_o

I'll check ocasionally for any SSO-related updates, but no big hurry.
Thank you.
Back to the top
 
Posted
Rating:
#66258
Avatar

Hi,

It'll help a bit if you can explain more about what you're trying to achieve. Are you trying to embed the whole ocPortal into another system, rather than just a single page?
If that's the case you'd need to do something more complex, like replacing all the links with links into your SSO file.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66262
Avatar

Fan in action

Just a way to login without a password, that's all, then redirect to a $return URL.
Back to the top
 
Posted
Rating:
#66263
Avatar

Ah, now all is clear…

Code


<?php

// Simple ocPortal initialisation
global $FILE_BASE,$RELATIVE_PATH;
$FILE_BASE='/Library/WebServer/Documents/svn/code/4.2.x'; // Hard-code this to the base path, e.g. /home/foo/public_html/ocp_site
$RELATIVE_PATH=''; // ocPortal will think the request is for the root zone, permission/page-wise
global $NON_PAGE_SCRIPT;
$NON_PAGE_SCRIPT=1;
require($FILE_BASE.'/sources/global.php');

// Force login to specific user
$username='test';
$member_id=$GLOBALS['FORUM_DRIVER']->get_member_from_username($username);
require_code('users_active_actions');
$GLOBALS['FORUM_DRIVER']->forum_create_cookie($member_id,$username,'');

header('Location: '.get_base_url());


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66264
Avatar

So now we have loads of scripts people can use.
In order:
  • Get ocPortal's login ID from another script
  • Show an ocPortal page using a certain desired login ID (full HTML)
  • Show an ocPortal page using a certain desired login ID (HTML snippet)
  • Force open an ocPortal session to a given login ID and redirect to the front page


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#66265
Avatar

Fan in action

Chris Graham said

Ah, now all is…
(codebox…)
Will test soon, back out to shovel more snow…

Chris Graham said

So now we have loads of scripts people can use.
In order:

    * Get ocPortal's login ID from another script
    * Show an ocPortal page using a certain desired login ID (full HTML)
    * Show an ocPortal page using a certain desired login ID (HTML snippet)
    * Force open an ocPortal session to a given login ID and redirect to the front page

You have been very helpful, thank you again Chris.


&&&

"Ah, now all is clear…"

I had already written this before seeing your last answer:

FYI (To anyone/ everyone)
Open-Source and SSO

With most Open-Source products true SSO (Single-Sign-On) is either rather difficult, or full of "additional complications."
jFusion (for example) does NOT support username changes, but does make SSO and user-sync pretty easy for non-programmers.
The "no username changes" is a 'deal-breaker' for me.

MyBB and Drupal, (EDIT: Plus now ocPortal :))  are the easiest that I've found, so far, for a 'true' SSO login without needing a password; FYI: in these cases user-sync is a separate topic.

Moodle, Wordpress, Elgg, Semantic Scuttle, and Joomla can all be modified for 'auto-login'; So far I'm counting on SSL (for encryption), and needing to use the passwords, for SSO to work.
Moodle*, Wordpress, Elgg, etc. can probably support secure SSO (token-based / no additional password entry needed), especially if you make, or modify, authentication plugins.

*Moodle also has an mNet which works across different domains, and is secure even without SSL over Https, (but there are issues with not being flexible enough)

Being able to add ocPortal to the list of "SSO capable" is a big plus, thanks.
Back to the top
 
Posted
Rating:
#66282
Avatar

Fan in action

(As requested) Various Custom Pages, Including 'Simple SSO'
Posted in:
Miscellaneous features and usage


Last edit: by Can.do
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: