Sign in to follow this  
Followers 0

Remote Login

10 posts in this topic

Posted

I would like to allow my users to log into an external site using their IPB account details. What is the best way to validate IP.Board logins (username + password) remotely?

I would have expected there to be an XML-RPC method or something like that, but I can't find anything in the documentation. Does no such method exist or is it just not documented?


(I already posted this in technical support forums, but this forum may be more appropriate)

halep likes this

Share this post


Link to post
Share on other sites

Posted

The way I would do it is create a php page somewhere on your server which returns XML or JSON.

Something like:

<?php /* Variables */ $email = $_GET['email']; $md5Pass = $_GET['md5pass']; /* Init IPB */ define( 'IPS_ENFORCE_ACCESS', TRUE ); define( 'IPB_THIS_SCRIPT', 'public' ); require_once( './initdata.php' );/*noLibHook*/ require_once( IPS_ROOT_PATH . 'sources/base/ipsRegistry.php' );/*noLibHook*/ require_once( IPS_ROOT_PATH . 'sources/base/ipsController.php' );/*noLibHook*/ $registry = ipsRegistry::instance(); $registry->init(); /* Get Member */ $member = IPSMember::load( $email, 'none', 'email' ); if ( !$member['member_id'] ) { echo json_encode( array( 'success' => FALSE, 'message' => 'NO_MEMBER' ) ); exit; } /* Authenticate */ if ( IPSMember::authenticateMember( $member['member_id'], $md5Pass ) ) { echo json_encode( array( 'success' => TRUE, 'message' => '' ) ); } else { echo json_encode( array( 'success' => FALSE, 'message' => 'BAD_PASS' ) ); }
















Share this post


Link to post
Share on other sites

Posted

Thanks, I am using a slightly adapted version of that now.

One question though - does IP.Board hash the raw password or the version with entities? E.g. if my password is "<>", what exactly does IP.Board use as the md5 hash? Is it md5('<>') or md5('&lt;&gt;')?

This would make things quite a bit more complicated, since I'd have to do some otherwise unnecessary postprocessing of the string before hashing it...

Share this post


Link to post
Share on other sites

Posted

Funny enough, we have documentation for that. ;)

http://community.invisionpower.com/resources/documentation/index.html/_/developer-resources/miscellaneous-articles/passwords-in-ipboard-r501

This article describes the characters in the password that are converted, in the event you need to do the same on your end for comparison

http://community.invisionpower.com/resources/documentation/index.html/_/developer-resources/miscellaneous-articles/login-modules-r7

Share this post


Link to post
Share on other sites

Posted

bfarber, that link doesnt work anymore. Can someone provide a updated link on that?

Share this post


Link to post
Share on other sites

Posted (edited)

Sure,

 

https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130

and

http://www.invisionpower.com/support/guides/_/advanced-and-developers/integration/login-modules-r42

 

Also, you may wish to either utilize IPB's built-in brute force prevention (see admin/sources/loginauth/login_core.php, starting around line 287 -- you might be able to make use of it without duplicating code by instantiating the internal login class and calling authenticate() on that) or restrict access to your script so that only the IP of your other application can access it. This way people cannot brute force your user's passwords, which is probably a Good Thing™.

 

EDIT: Ninja'd by Ryan Ashbrook, but I'll keep this here anyway since it includes some information I feel is important and not covered above.

Edited by skizzerz
Ryan Ashbrook and BomAle like this

Share this post


Link to post
Share on other sites

Posted

but the documentation does not say how am I supposed to log in a user also into system, not only a "verify" using form html/php

What is missing into file attached to allow a user to keep connected?

Share this post


Link to post
Share on other sites

Posted

If you're looking to authenticate a user against a remote system, then it would be worth looking into SSO, provided the two systems are on the same domain.

 

http://www.invisionpower.com/support/guides/_/advanced-and-developers/integration/single-sign-on-sso-r209

 

Otherwise - a new Login Method or utilizing IPS Connect would be your best bet. I would recommend, however, posting in the customization forums if you need assistance with your custom code.

 

http://community.invisionpower.com/forum/310-product-modifications/

Share this post


Link to post
Share on other sites

Posted

I have used another resources, these files allow to guest to login into system

 

metodo.php

this file contain class and functions to login or logout

 

login.php

this file contain form html and php to allow it to connected into system (is available logout but I left it in the comments //)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Who's Browsing   0 members

    No registered users viewing this page.