Free External login PHP guide - Page 2

Sheep · 05:37 PM

I got it to work (i got bored at work this afternoon

). All i said is working.

I still have to finish some little things and it'll be full done.

I'll release the "sessionshare guide" as soon as it's done (maybe tomorrow?)
-note- the guide will be a sessionshare working with the site below

Here is the main website using logins (put this file at the ROOT of your support folder and name it "mysite.php"):
-note- you have to create the table in the same database as kayako (take a look at the comments)

PHP Code:

  <?php
/*********
DATABASE INFORMATIONS:
 
CREATE TABLE `sitesessiontest` (
`id` INT( 8 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`login` VARCHAR( 32 ) NOT NULL ,
`pass` VARCHAR( 32 ) NOT NULL ,
`mail` VARCHAR( 64 ) NOT NULL 
);
 
INSERT INTO `sitesessiontest` ( `id` , `login` , `pass` , `mail` ) 
VALUES (
'1', 'test', 'testpass', 'test@mydomaintest.net'
);
*/
session_start();
if (isset($_GET['login'])  && isset($_GET['password']) )
{
    //someone wants to log in
    //lets check the user in the database
    include_once("config/config.php");
    $database = mysql_connect($_DB["hostname"],$_DB["username"],$_DB["password"]) or die("Unable to link with database");
    mysql_select_db("eonakayako");
    $result = mysql_query("SELECT * FROM sitesessiontest WHERE login='$_GET[login]' AND pass='$_GET[password]'") or die("Query failed".mysql_error());
    if (mysql_num_rows($result) > 0)
    {
         //User match!
         //Lets log him
         $_SESSION['mysitelogin']=$_GET['login'];
         echo "Sucessfully loged in<br/><br/>";
    }
    else
        echo "Access denied<br/>";
}
if (isset($_GET['logout']))
{
    echo "Logout successfull<br/>";
    unset($_SESSION['mysitelogin']);
    session_destroy();
}
if (isset($_SESSION['mysitelogin'])) {
    echo "Welcome $_SESSION[mysitelogin] timestamp is: ".time()."<br/>";
    echo "<a href='mysite.php'>reload</a><br/>";  
    echo "<a href='mysite.php?logout=true'>LOGOUT</a>";
} else {
    echo "You're not logged in: ";
    echo '<form name="Blah" method="GET" action="mysite.php">
    Login: <input type="text" name="login"/>
    Password: <input type="text" name="password"/>
    <input type="submit" value="submit">
    </form>';
}
 
?>

With this basic site, you'll see (soon) how we can get a support zone with supportsuite without needing to log in again.

Siora · 14-06-2007, 05:36 PM

Thanks Sheep, I will forward this thread to Bhavesh.

Sheep · 30-09-2007, 02:07 PM

Hello guys,

someone pinged me that i didn't released the second part of what i did... that's true.

I don't remember why and i don't remember if the file i found is still working but from what i see it -should- work (it was working but i don't remember if i changed anything afterward)

PHP Code:

  <?php
//=======================================
//###################################
//
// Source Copyright 2007-2008 Antoine BERMON
// Unauthorized reproduction is not allowed
// License Number: $%LICENSE%$
// $Author: Sheep $ ($Date: 2007/06/14 16:38:12 $)
// $RCSfile: website.sessionshare.php,v $ : $Revision: 1.0 $ 
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//                  Original work by kayako.com
//###################################
//=======================================

if (!defined("INSWIFT")) {
    trigger_error("Unable to process $PHP_SELF", E_USER_ERROR);
}
/**
* Initialization function. You can connect to your database etc over here.
*/
function loginShareInit()
{
    global $loginshare;
    $loginshare->moduleloaded = true;
}
/**
* Authorize a user based on email and password
*/
function loginShareAuthorize($username, $password)
{
    global $dbCore, $_SWIFT, $loginshare, $settings;
    //$_loginshare = $settings->getSection("loginshare");
    //$dbLoginShare = new dbCore($_loginshare["phpbbhostname"], $_loginshare["phpbbdbuser"], $_loginshare["phpbbdbpass"], $_loginshare["phpbbdbname"], "mysql", false);
    $_user = $dbCore->queryFetch("SELECT * FROM sitesessiontest WHERE `username` = '". $dbCore->escape($username) ."';");
    if (empty($_user["user_id"]))
    {
        return false;
    }
    if ($_user["pass"] == $password && !empty($_user["pass"]))
    {        
        // We have a match, Seems like a valid user.. now see if he is registered..
        $userid = getLoginShareUser(LOGINAPI_SESSIONSHARE, $_user["user_id"]);
        if (!$userid)
        {
            // Not registered, Register him
            $userid = insertUser(true, $_user["mail"], md5($password), $_SWIFT["tgroup"]["regusergroupid"], LOGINAPI_SESSIONSHARE, $_user["id"], $username, $_SWIFT["tgroup"]["languageid"], 0, false, 1, true);
        }
        if (!$userid)
        {
            return false;
        }
        $_swiftuser = $loginshare->loadSWIFTUser($userid);
        if (!$_swiftuser)
        {
            return false;
        }
        $_SWIFT["user"] = $_swiftuser;
        return $_swiftuser["userid"];
    }
    return false;
}
/**
* Return the Unique User ID of the current user
*/
function loginShareUserID()
{
    global $_SWIFT;
    if (empty($_SWIFT["user"]["userid"]))
    {
        return false;
    } else {
        return $_SWIFT["user"]["userid"];
    }
}
/**
* Logout the current user
*/
function loginShareLogout()
{
    global $session, $_SWIFT;
    $session->updateSession($_SWIFT["session"]["sessionid"], 0);
    return true;
}
/**
* Load the user credentials into current workspace. The following variables should be declared for proper working:
* userid - User id that is set in the "users" table
* fullname
* email - Array
* password (MD5 Hashed)
* usergroupid - If this is not set, then it will use the default registered user group for this template group
*/
function loginShareLoadUser()
{
    global $dbCore, $_SWIFT, $loginshare;
     @session_start();
  
  // Does a session from main site exists?
    if (!isset($_SESSION['mysitelogin']))
    {
        echo "NO SESSION FOUND"; 
        $_SWIFT["user"]["loggedin"] = false;
        return false;
        
    }
    echo "SESSION OK";
   
   //lets get his site informations
   // email & password
   $infos = $dbCore->queryFetch("SELECT * FROM sitesessiontest WHERE `login` = '". $dbCore->escape($_SESSION['mysitelogin']) ."';");
   
   if (empty($infos))
   {
        //DEBUG: echo "COULD NOT FIND USER INFORMATIONS"; 
        $_SWIFT["user"]["loggedin"] = false;
        return false; 
   }
   loginShareAuthorize($infos['mail'], $infos['pass']);
   echo "plein";
   exit();
     
    
    $_user = $loginshare->loadSWIFTUser($_SWIFT["session"]["typeid"]);
    if (!$_user)
    {
        $_SWIFT["user"]["loggedin"] = false;
        return false;
    }
    $_SWIFT["user"] = $_user;
    return true;
}
/**
* Render Login Share
*/
function renderLoginShareForm()
{
    return array();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
  <meta name="generator" content=
  "HTML Tidy for Windows (vers 14 February 2006), see www.w3.org">
  <title></title>
</head>
<body>
</body>
</html>

So this is my SESSIONSHARE (it's more than a logginshare) principes.

WARNING: DO NOT USE THIS "AS IT" ON YOUR WEBSITE
THIS IS A PROOF OF CONCEPT (THE MAIN SITE DEMO IS FULL OF SECURITY HOLES)
YOU'LL HAVE TO CHANGE THIS FILE, USE THE COMMENTS AS A GUIDE
SOME KAYAKO'S FEATURES MIGHT BE ALTERED YOU'LL HAVE TO CHECK/TEST BY YOURSELF

Also please note that i won't provide further help for this (sorry

but maybe just a bit of help to the people i know here

)

Jamie, you should move this to the devellopers forum if it's still -interesting- (i'm completely out of what as been done in 2 months).

Damn... school begins again monday (last year of study)

Greetings
Antoine

supportskins · 01-10-2007, 01:35 PM

Thank You for sharing, this is really helpful!

gauravdc · **Help Please -** 22-12-2007, 06:23 PM

Hi All,
I modified my loginshare so that i can use the logins from my main site. Looking at this post i tried to modify it further to allow session loggins based on cookies.
I have been struggling with this from the last 2 days and would really appreciate it if anyone could help me solve the problem.

Unfortunately all that i get in the output is 'SESSION OK' and the standard Kayako support page, but the target user is Not logged in.

ANY AND ALL HELP WILL BE GREATLY APPRECIATED!

Thanks

PHP Code:

  <?php
if (!defined("INSWIFT")) {
    trigger_error("Unable to process $PHP_SELF", E_USER_ERROR);
}

/**
* Initialization function. You can connect to your database etc over here.
*/
function loginShareInit()
{
    global $loginshare;

    $loginshare->moduleloaded = true;
}

/**
* Authorize a user based on email and password
*/
function loginShareAuthorize($username, $password)
{

    global $dbCore, $_SWIFT, $loginshare, $settings;

    $_loginshare = $settings->getSection("loginshare");
    
    $dbLoginShare = new dbCore($_loginshare["gd_hostname"], $_loginshare["gd_dbuser"], $_loginshare["gd_dbpass"], $_loginshare["gd_dbname"], "mysql", false);

    $_user = $dbLoginShare->queryFetch("SELECT * FROM `". $_loginshare["gd_dbprefix"] ."users` WHERE `user_email` = '". $dbCore->escape($username) ."';");
    
    

    if (empty($_user["id"]))
    {
    
        return false;
    }

    $userpassword = md5($password);//conv stored pass to md5
    
    //g-e
    //echo "GDiz DB Pass:".$_user["user_password"]."<br>Base4Decode GDiz DB Pass:".base64_decode($_user["user_password"])."<br>MD5.Userpassword--".$userpassword."<br>Password--".$password."---";
    
    
//    echo "everything upto here is ok!";
    
    
    $regpassword = substr(buildHash(),0,8);

    //if ($_user["user_password"] == $userpassword && !empty($_user["user_password"]))
     $_user["user_password"] = base64_decode($_user["user_password"]);
//     $_user["user_password"] =  md5($_user["user_password"]); 
//echo $_user["user_password"]."<br>";
     

     
      if (md5($_user["user_password"]) == $userpassword && !empty($_user["user_password"]))
    {        
        // We have a match, Seems like a valid user.. now see if he is registered..
        $userid = getLoginShareUser(LOGINAPI_GDIZ, $_user["id"]);
        if (!$userid)
        {
            // Not registered, Register him
            $userid = insertUser(true, $_user["user_email"], $regpassword, $_SWIFT["tgroup"]["regusergroupid"], LOGINAPI_GDIZ, $_user["id"], $_user["username"]." ".$_user["lname"], $_SWIFT["tgroup"]["languageid"], 0, false, 1, true);
        }

        if (!$userid)
        {
            return false;
        }

        $_swiftuser = $loginshare->loadSWIFTUser($userid);
        if (!$_swiftuser)
        {
            return false;
        }

        $_SWIFT["user"] = $_swiftuser;

        return $_swiftuser["userid"];
    }

    return false;
}

/**
* Return the Unique User ID of the current user
*/
function loginShareUserID()
{
    global $_SWIFT;

    if (empty($_SWIFT["user"]["userid"]))
    {
        return false;
    } else {
        return $_SWIFT["user"]["userid"];
    }
}

/**
* Logout the current user
*/
function loginShareLogout()
{
    global $session, $_SWIFT;

    $session->updateSession($_SWIFT["session"]["sessionid"], 0);

    return true;
}

/**
* Load the user credentials into current workspace. The following variables should be declared for proper working:
* userid - User id that is set in the "users" table
* fullname
* email - Array
* password (MD5 Hashed)
* usergroupid - If this is not set, then it will use the default registered user group for this template group
*/
function loginShareLoadUser()
{
    global $dbCore, $_SWIFT, $loginshare,$settings;
/*
    if (!isset($_COOKIE['user_id']) && empty($_SWIFT["session"]["typeid"]))
    {
        $_SWIFT["user"]["loggedin"] = false;
        return false;
    }
    */
    

  // Does a session from main site exists?
    if (!isset($_COOKIE['user_id']))
    {
        echo "NO SESSION FOUND"; 
        $_SWIFT["user"]["loggedin"] = false;
        return false;
        
    }
    echo "SESSION OK";






            $_loginshare = $settings->getSection("loginshare");
            
            $dbLoginShare = new dbCore($_loginshare["gd_hostname"], $_loginshare["gd_dbuser"], $_loginshare["gd_dbpass"], $_loginshare["gd_dbname"], "mysql", false);
        
        
        $infos = $dbLoginShare->queryFetch("SELECT * FROM `users` WHERE `id` = '". $dbCore->escape($_COOKIE['user_id']) ."';");
        
//$_user = $dbLoginShare->queryFetch("SELECT * FROM `". $_loginshare["gd_dbprefix"] ."users` WHERE `user_email` = '". $dbCore->escape($username) ."';");
        
           
           if (empty($infos))
           {
                echo "COULD NOT FIND USER INFORMATIONS"; //DEBUG: 
                $_SWIFT["user"]["loggedin"] = false;
                return false; 
           }
    //Passwords in my db are stored using base64
           
    $infos['user_password'] = base64_decode($infos["user_password"]);
    $infos['user_password'] = md5($infos["user_password"]);    
           
           
           
           loginShareAuthorize($infos['user_email'], $infos['user_password']);
           

   exit();
   
   
   
   
   
    $_user = $loginshare->loadSWIFTUser($_SWIFT["session"]["typeid"]);
    
    
    if (!$_user)
    {
        $_SWIFT["user"]["loggedin"] = false;
        return false;
    }
    
    $_SWIFT["user"] = $_user;
    return true;
}

/**
* Renders the Login Share Form
*/
function renderLoginShareForm()
{
    global $_SWIFT;

    $forms = array();

    $forms[0]["title"] = $_SWIFT["language"]["hostname"];
    $forms[0]["name"] = "gd_hostname";
    $forms[1]["title"] = $_SWIFT["language"]["dbname"];
    $forms[1]["name"] = "gd_dbname";
    $forms[2]["title"] = $_SWIFT["language"]["dbuser"];
    $forms[2]["name"] = "gd_dbuser";
    $forms[3]["title"] = $_SWIFT["language"]["dbpass"];
    $forms[3]["name"] = "gd_dbpass";
    $forms[4]["title"] = "DB Table Prefix";
    $forms[4]["name"] = "gd_dbprefix";

    return $forms;

}
?>

Sheep · 23-12-2007, 12:19 AM

Eh, just got an email

Hi gauravdc,

there seems to be an evil exit() in the code:

PHP Code:

             loginShareAuthorize($infos['user_email'], $infos['user_password']);
 
 
   exit();
 
 
    $_user = $loginshare->loadSWIFTUser($_SWIFT["session"]["typeid"]);

Try to remove it (and remove all the echos as well, they're here for debug purpose).

It's also in mine, so it seems like that i was doing something before the "final release" but i don't remember what. Be carefull

I hope this will be of any help

Greetings,
Sheep

**Jamie Edwards** · 23-12-2007, 12:28 AM

Hi Antoine,

Thanks for getting back to gauravdc - happy holidays

gauravdc · 03-01-2008, 08:09 PM

Hi,
Thanks for your response.

Unfortunately removing the exit() didnt work. I made a few changes and now when doing a "loginShareAuthorize()" the script auto checks if the cookie is present and then logs the user in by pulling in the info from my sites db using your code in conjunction.

The only problem is that the login function is NOT invoked automatically and I have to first initiate the login via a manual link

http://xyz.com/index.php?loginemail=...=core&_a=login

Is there a way to initiate the login automatically whenever a visitor visits the site? Also i am using the mostly encrypted version of the code so all i have access to is the myname.login.php file

Many thanks in advance,
G

Sheep · 05:28 AM

strange...

PHP Code:

    $_user = $loginshare->loadSWIFTUser($_SWIFT["session"]["typeid"]);

Is the trick supposed to load the user. You should check what this function is actually returning because there might be a problem somewhere here.

The logginshare file should be enougth

I'm on holyday (until tuesday) and i have plenty of free time atm so i can help you "live" if you want. Contact me via msn: <edit: REMOVED>. That would be nice if we can get it to work

I'll end up asking kayako a free licence for myself (i don't even know what i could use it for)

Greetings
Sheep

Sheep · 28-01-2008, 04:46 PM

Hey guyz, i forgot to tell that gauravdc got the sessionshare working a few weeks ago. If i remember well, it was just a domain-limited cookie that was the problem.

Greetings, Antoine

webawere · 10:14 PM

I do understand this solution and it is a nice one. I have one problem and that is that my main sites are on differtent servers and domains then where Kayako is installed so the session solution is not gonna work.

So that is why gauravdc is using cookies I guess ? Did you succeed gauravdc ?
And is it a safe solution ?

EDIT: I Looked into it and it is not that simple if not impossible to have a single login between multiple sites/servers. Using the Database for passing the data looks like the only safe way to do ?

Sheep · 12:10 AM

Hello michel,

cookies can't be shared on different domains (only subdomains).
what gauravdc did is just to move the support site on the main domain.

Now, lets go on the main topic:

"Welcome to the world of SSO (single sign on)"
To answer to your Edit: no it's not impossible.
This is a subject that is still hard to play with. I've never tried so i can't help you much.

The only ressources i know that could help you:
(old trick) PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

(better concept) SAML:
Take a look at this (SimpleSAML): simpleSAMLphp | Feide RnD
and OpenSSO ( a SAML implementation) https://opensso.dev.java.net
the php version of openSSO was called lightlub now it's part of the main extensions https://opensso.dev.java.net/public/extensions/

Good luck with your SSO,
Antoine

webawere · 11-02-2008, 07:28 AM

Thx Antoine. I have some interfaces running using xml (XML-RPC Library). Perhaps I should always notify the remote system (where kayako is) when a user loggs-in.

On the other hand; I do have the possibility to move the sites to one server, even within the same domain if I want to. That would solve my problems I guess. I do need to buy extra domain licenses for each templategroup(because 2 different sites/domains use kayako) then but that is no real problem.

Single login is something I have to break before taking kayako into production. I think it should be addressed as more important within kayako then it is now...

Siora Offline Member Posts: 1,283 Join Date: Apr 2007 Location: Toronto Canada	14-06-2007, 05:36 PM Thanks Sheep, I will forward this thread to Bhavesh. Siora Solutions Inc. www.sioraIT.com

supportskins Offline Senior Member Posts: 3,858 Join Date: Aug 2006 Location: Mumbai, India	01-10-2007, 01:35 PM Thank You for sharing, this is really helpful! Professional and Affordable Kayako Skins - Specialists in Kayako Skinning & Customization - Professional Paid Support Our Skins and Services - http://www.supportskins.com/store/ SupportSkins.com - http://www.supportskins.com/

Sheep Offline Member Posts: 350 Join Date: Feb 2007 Location: Lyon, France	28-01-2008, 04:46 PM Hey guyz, i forgot to tell that gauravdc got the sessionshare working a few weeks ago. If i remember well, it was just a domain-limited cookie that was the problem. Greetings, Antoine Antoine "Sheep" BERMON -- Lurking around there --