I am interested in modification to allow a direct login to ChurchInfo (CI) from a link on an external site:
Click link on site
Log in directly to CI, bypassing login page.
Some CI config specs:
The external site has members logging in securely. I simply wish to send them directly into CI.
CI is being served locally to the church, and access from the 'net is allowed.
Local users and users logging in from the 'net have to submit creds on login page.
External CI address is Dynamic thru noIP.
Questions:
Can I send account info in from the link using something similar to www.my.churchinfo.site?user="user".
Can I modify CI to recognize the link coming in, and bypass login screen?
Any words of wisdom are appreciated.
Thanks for you consideration.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ChurchInfo starts the PHP session in Include/LoadConfigs.php and the code to check the password is in Default.php. When the password authentication is successfully it populates the session variables and redirects to Menu.php.
It you have another way to figure out which user is logged in and authorized to use ChurchInfo you could modify the logic in Default.php. I don't think just allowing the user name to be passed as a URL argument would be secure unless you have another way to verify the user.
The built-in session timer is implemented in Include/Functions.php. It should redirect back to the login page if it notices that the last action was long ago. There may be some sequences that don't reload and go through this logic. It is also possible that the web server destroys the session which may result in odd behavior. If you have a specific sequence that doesn't go back to the login page feel free to post a bug report explaining how to reproduce the problem.
Mike
Michael Wilt
ChurchInfo Team Leader
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all!
I am interested in modification to allow a direct login to ChurchInfo (CI) from a link on an external site:
Click link on site
Log in directly to CI, bypassing login page.
Some CI config specs:
The external site has members logging in securely. I simply wish to send them directly into CI.
CI is being served locally to the church, and access from the 'net is allowed.
Local users and users logging in from the 'net have to submit creds on login page.
External CI address is Dynamic thru noIP.
Questions:
Can I send account info in from the link using something similar to www.my.churchinfo.site?user="user".
Can I modify CI to recognize the link coming in, and bypass login screen?
Any words of wisdom are appreciated.
Thanks for you consideration.
Can I tack on to this question could we a) make the time out longer, b) if timed out go back to the login screen rather than the empty path screen.
ChurchInfo starts the PHP session in Include/LoadConfigs.php and the code to check the password is in Default.php. When the password authentication is successfully it populates the session variables and redirects to Menu.php.
It you have another way to figure out which user is logged in and authorized to use ChurchInfo you could modify the logic in Default.php. I don't think just allowing the user name to be passed as a URL argument would be secure unless you have another way to verify the user.
The built-in session timer is implemented in Include/Functions.php. It should redirect back to the login page if it notices that the last action was long ago. There may be some sequences that don't reload and go through this logic. It is also possible that the web server destroys the session which may result in odd behavior. If you have a specific sequence that doesn't go back to the login page feel free to post a bug report explaining how to reproduce the problem.
Mike
Michael Wilt
ChurchInfo Team Leader