Jump to content


Photo
- - - - -

Remote Login


  • Please log in to reply
9 replies to this topic

#1 Nils

Nils

    Advanced Member

  • +Clients
  • 258 posts

Posted 08 May 2012 - 08:17 AM

I would like to allow my users to log into an external site using their IPB account details. What is the best way to validate IP.Board logins (username + password) remotely?

I would have expected there to be an XML-RPC method or something like that, but I can't find anything in the documentation. Does no such method exist or is it just not documented?


(I already posted this in technical support forums, but this forum may be more appropriate)

#2 Mark

Mark

    I dropped the "iggy"

  • IPS Staff
  • 8,384 posts

Posted 09 May 2012 - 02:49 AM

The way I would do it is create a php page somewhere on your server which returns XML or JSON.

Something like:

<?php

/* Variables */
$email		= $_GET['email'];
$md5Pass	= $_GET['md5pass'];

/* Init IPB */
define( 'IPS_ENFORCE_ACCESS', TRUE );
define( 'IPB_THIS_SCRIPT', 'public' );
require_once( './initdata.php' );/*noLibHook*/
require_once( IPS_ROOT_PATH . 'sources/base/ipsRegistry.php' );/*noLibHook*/
require_once( IPS_ROOT_PATH . 'sources/base/ipsController.php' );/*noLibHook*/
$registry = ipsRegistry::instance();
$registry->init();

/* Get Member */
$member = IPSMember::load( $email, 'none', 'email' );
if ( !$member['member_id'] )
{
	echo json_encode( array( 'success' => FALSE, 'message' => 'NO_MEMBER' ) );
	exit;
}

/* Authenticate */
if ( IPSMember::authenticateMember( $member['member_id'], $md5Pass ) )
{
	echo json_encode( array( 'success' => TRUE, 'message' => '' ) );
}
else
{
	echo json_encode( array( 'success' => FALSE, 'message' => 'BAD_PASS' ) );
}

  • Marcher Technologies likes this

Mark Wade
Developer

zce-php5-3-logo.gif php5-zce-logo-new.gif


#3 Nils

Nils

    Advanced Member

  • +Clients
  • 258 posts

Posted 09 May 2012 - 06:11 PM

Thanks, I am using a slightly adapted version of that now.

One question though - does IP.Board hash the raw password or the version with entities? E.g. if my password is "<>", what exactly does IP.Board use as the md5 hash? Is it md5('<>') or md5('&lt;&gt;')?

This would make things quite a bit more complicated, since I'd have to do some otherwise unnecessary postprocessing of the string before hashing it...

#4 bfarber

bfarber

    RBT-KS

  • IPS Management
  • 28,676 posts

Posted 09 May 2012 - 07:39 PM

Funny enough, we have documentation for that. ;)

http://community.inv...in-ipboard-r501

This article describes the characters in the password that are converted, in the event you need to do the same on your end for comparison

http://community.inv...ogin-modules-r7

Brandon Farber
Development Manager / Senior Support

If it sounds like fun, it's not allowed on the bus!

php5_zce_logo_new.gif     

Invision Power Services, Inc.


#5 Christophe Stevens

Christophe Stevens

    IPB Newbie

  • Previous Members
  • Pip
  • 20 posts

Posted 22 March 2013 - 09:49 AM

bfarber, that link doesnt work anymore. Can someone provide a updated link on that?



#6 Ryan Ashbrook

Ryan Ashbrook

    Needs Serious Help

  • IPS Staff
  • 1,108 posts

Posted 22 March 2013 - 10:32 AM

http://www.invisionp...gin-modules-r42


Ryan Ashbrook - @ryanashbrook
Invision Power Services, Inc.
Saving the world. One IP.Board at a time.

Please do not PM for support, but feel free to use our Client Area for questions.


#7 skizzerz

skizzerz

    IPB Member

  • +Clients
  • 52 posts

Posted 22 March 2013 - 10:41 AM

Sure,

 

https://www.invision...in-ipboard-r130

and

http://www.invisionp...gin-modules-r42

 

Also, you may wish to either utilize IPB's built-in brute force prevention (see admin/sources/loginauth/login_core.php, starting around line 287 -- you might be able to make use of it without duplicating code by instantiating the internal login class and calling authenticate() on that) or restrict access to your script so that only the IP of your other application can access it. This way people cannot brute force your user's passwords, which is probably a Good Thing™.

 

EDIT: Ninja'd by Ryan Ashbrook, but I'll keep this here anyway since it includes some information I feel is important and not covered above.


Edited by skizzerz, 22 March 2013 - 10:43 AM.

  • Ryan Ashbrook and BomAle like this

#8 BomAle

BomAle

    Spam Happy

  • +Clients
  • 618 posts

Posted 21 August 2013 - 09:25 PM

but the documentation does not say how am I supposed to log in a user also into system, not only a "verify" using form html/php

What is missing into file attached to allow a user to keep connected?

Attached Files

  • Attached File  conn.php   1.38KB   69 downloads

I Follow: invisionita.it - nodownloadzoneforum.net

 

Sorry for my English


#9 Ryan Ashbrook

Ryan Ashbrook

    Needs Serious Help

  • IPS Staff
  • 1,108 posts

Posted 21 August 2013 - 10:29 PM

If you're looking to authenticate a user against a remote system, then it would be worth looking into SSO, provided the two systems are on the same domain.

 

http://www.invisionp...ign-on-sso-r209

 

Otherwise - a new Login Method or utilizing IPS Connect would be your best bet. I would recommend, however, posting in the customization forums if you need assistance with your custom code.

 

http://community.inv...-modifications/


Ryan Ashbrook - @ryanashbrook
Invision Power Services, Inc.
Saving the world. One IP.Board at a time.

Please do not PM for support, but feel free to use our Client Area for questions.


#10 BomAle

BomAle

    Spam Happy

  • +Clients
  • 618 posts

Posted 22 August 2013 - 09:49 AM

I have used another resources, these files allow to guest to login into system

 

Attached File  metodo.php   2.14KB   157 downloads

this file contain class and functions to login or logout

 

Attached File  login.php   1.27KB   159 downloads

this file contain form html and php to allow it to connected into system (is available logout but I left it in the comments //)


I Follow: invisionita.it - nodownloadzoneforum.net

 

Sorry for my English





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users