Forum Moderators: coopster
I've got 'foo1.com' where users log in by using PHP sessions. I store login and password hash into the session, and each time one user access a webpage, I check them.
'foo1.com' and 'foo2.com' are on different machines, and that the 'users' table (which contains user+pass info) is placed on 'foo1.com'
But I've created 'foo2.com' and want users not to log in again on another login point, but using the 'foo1.com' login. I mean, if you are logged in 'foo1.com' you are also logged in 'foo2.com'.
'foo1.com' and 'foo2.com' are on different machines, and the 'users' table (which contains user+pass info) is placed on 'foo1.com'
How to manage it? Must I create a webservice or something similar? Is there any standar API?
Thank you very much.
1) create check_login.php on example1.com
this php script would run example2.com/check_login.php which would say if user is logged in on example2.com. If user is logged in then automatically create hashed data in session of example1.com
2) create check_login.php on example2.com
this php script would run example1.com/check_login.php which would say if user is logged in on example1.com. If user is logged in then automatically create hashed data in session of example2.com
You will only need to do external check if user is not logged in on current server.
Suppose I use option 2 and I create 'example2.com/check_login.php' which runs 'example1.com/check_login.php'.
How is 'example1.com/check_login.php' to return 'true' ('ok, this user is right')? I must pass two parameters (user+pass) to 'example1.com/check_login.php', right? But this info might be encrypted, right?
if (!isset($_SESSION[$username])) {
$res = file_get_contents("http://example1.com/check_login.php?user={$username}");
if ($res == "Y") {
// user logged in, create session variable
$_SESSION[$username] = something;
}
else {
// user is not logged in on example1.com
}
}
?>
sample example1.com/check_login.php
---------------
<?php
$the_user = $_REQUEST['the_user'];
// escape it here, etc.
// and return result
echo isset($_SESSION[$the_user])? "Y" : "N";
?>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$hash = file_get_contents("http://example1.com/process_login.php?user={$username}&password={$password}");
if (!empty($hash)) {
// $_SESSION[$username] = $hash;
}
else {
// incorrect user / password
}
?>
example1.com/process_login.php
---------------------------------
<?php
1. get username / password.
2. check them against database.
3. return "" if error
4. return password hash (of anything you want) if ok
?>
Please note: i provided file_get_contents just to make it more clear. It would be more secure to use fsockopen or cURL to achieve the same functionality.
