Re: [MRBS-general] using third-party login (avoiding the need to separately sign into MRBS)
Brought to you by:
jberanek
From: Diego Z. <die...@un...> - 2014-05-13 06:44:43
|
Il 12/05/2014 15:57, RC Z ha scritto: > I'm trying to avoid the need for users to sign in twice: is it possible > to use third-party authentication and then check against a session > variable to automatically sign a user into MRBS? Yup. Already doing that :) > For example, John Smith has username john.smith and successfully logs > into the non-MRBS system. $_SESSION['username'] is set to "john.smith". > When he goes to MRBS, I want to be able to check for the username > session variable and if it's set, check the value (john.smith) and log > him in automatically. Remember that $_SESSION can be different in different web apps on even the same vhost. It depends on session_name() . > I feel like this is probably easy to do, but I can't figure it out and > thought it would probably be best to just ask. Any help would be > appreciated! You have to write your own session handler. Mine is: <?php /*****************************************************************************\ * * * File name session_difa.inc * * * * Description Use PHP built-in sessions handling * * * * Notes To use this authentication scheme, set in * * config.inc.php: * * $auth["session"] = "difa"; * * * * * * History * * 2013/01/18 NdK changed it for a sort-of SSO * * 2003/11/09 JFL Created this file * * Remaining history in ChangeLog and CVS logs * * * \*****************************************************************************/ // $Id: session_php.inc 2558 2012-11-05 16:51:11Z cimorrison $ global $PHP_SELF; // Get non-standard form variables $Action = get_form_var('Action', 'string'); $NewUserName = get_form_var('NewUserName', 'string'); $NewUserPassword = get_form_var('NewUserPassword', 'string'); $TargetURL = get_form_var('TargetURL', 'string'); $returl = get_form_var('returl', 'string'); if (isset($cookie_path_override)) { $cookie_path = $cookie_path_override; } else { $cookie_path = $PHP_SELF; // Strip off everything after the last '/' in $PHP_SELF $cookie_path = preg_replace('/[^\/]*$/', '', $cookie_path); } global $auth; if (!isset($auth["session_php"]["session_expire_time"])) { // Default to the behaviour of previous versions of MRBS, use only // session cookies - no persistent cookie. $auth["session_php"]["session_expire_time"] = 0; } session_name("DIFA_APPS"); // call before session_set_cookie_params() - see PHP manual //session_set_cookie_params($auth["session_php"]["session_expire_time"], // $cookie_path); session_start(); /* Display the login form. Used by two routines below. Will eventually return to $TargetURL. */ function printLoginForm($TargetURL) { echo "<p>Il sistema di prenotazione aule ora utilizza il <a href='/login'>login centralizzato</a></p>\n"; // Print footer and exit print_footer(TRUE); } /* authGet() * * Request the user name/password * * Returns: Nothing */ function authGet() { global $PHP_SELF, $QUERY_STRING; print_header(0, 0, 0, 0, ""); echo "<p>".get_vocab("norights")."</p>\n"; $TargetURL = basename($PHP_SELF); if (isset($QUERY_STRING)) { $TargetURL = $TargetURL . "?" . $QUERY_STRING; } printLoginForm($TargetURL); exit(); } function getUserName() { if (isset($_SESSION) && isset($_SESSION["user"]) && ($_SESSION["user"] !== '')) { return $_SESSION["user"]; } else { global $HTTP_SESSION_VARS; if (isset($HTTP_SESSION_VARS["user"]) && ($HTTP_SESSION_VARS["user"] !== '')) { return $HTTP_SESSION_VARS["user"]; } } } // Print the logon entry on the top banner. function PrintLogonBox() { global $PHP_SELF, $QUERY_STRING, $user_list_link, $day, $month, $year; $TargetURL = basename($PHP_SELF); if (isset($url_base) && ($url_base !== '')) { $TargetURL = $url_base . '/' . $TargetURL; } if (isset($QUERY_STRING)) { $TargetURL = $TargetURL . "?" . $QUERY_STRING; } $user=getUserName(); if (isset($user)) { // words 'you are xxxx' becomes a link to the // report page with only entries created by xxx. Past entries are not // displayed but this can be changed $search_string = "report.php?from_day=$day&from_month=$month&". "from_year=$year&to_day=1&to_month=12&to_year=2030&areamatch=&". "roommatch=&namematch=&descrmatch=&summarize=1&sortby=r&display=d&". "sumby=d&creatormatch=".urlencode($user); ?> <a href="<?php echo "$search_string\" title=\"" . get_vocab('show_my_entries') . "\">" . get_vocab('you_are')." " . htmlspecialchars($user) ?></a> <?php } else { ?> <a href=""><?php echo get_vocab('unknown_user'); ?></a> <?php } if (isset($user_list_link)) { print "<a id=\"user_list_link\" href=\"$user_list_link\">" . get_vocab('user_list') . "</a>\n"; } } ?> Should be quite easy to modify it to suit your needs. Then save it in session/session_YOURNAME.inc and activate it using $auth['session']='YOURNAME'; in config file. Slightly harder to import a different PHP session. A skeleton class for importing a different session on the same vhost, if using 'files' as backend and *not* using Suhosin patch (or at least having it configured to *not* encrypt session data), is: class ImportSession { function __construct($sessName) { if(empty($sessName)) { $this->data=array(); } else { $ts=$_SESSION; // Save current $_SESSION $_SESSION=array(); // Avoid troubles when imported session is empty //@@@ TODO: sanitize against session hijacking and arbitrary file reads! $ss=@file_get_contents(session_save_path() .'/sess_'.$_COOKIE[$sessName]); if(!session_decode($ss)) { // Overwrites $_SESSION //trigger_error('Session decode failed!'); } $this->data=$_SESSION; $_SESSION=$ts; // Restore previous $_SESSION } } // Retrieves a single value from data // returns '' (empty string) if given key is not found function get($var) { if(array_key_exists($var, $this->data)) return $this->data[$var]; return ''; } } PS for Campbell: as usual, if something can be useful, use it freely! -- Diego Zuccato Servizi Informatici Dip. di Fisica e Astronomia (DIFA) - Università di Bologna V.le Berti-Pichat 6/2 - 40127 Bologna - Italy tel.: +39 051 20 95786 mail: die...@un... |