2008-07-31, 10:27 AM
Hi
I've found a couple of similar topics but none contained really usefull information =(
I'm going to use some external SSO (single sign on) system to authenticate users for MyBB.
The workflow would be:
1. user opens mybb
2. user is not logged in into mybb
3. user is redirected to sso.mydomain
4. user enters valid credentials
5. user is redirected to mybb?ticket=####&userid=###
6. code checks the ticket/userid against a shared DB and finds it valid
7. user is logged into mybb using mybb user info (if it's a first time this user accesses mybb appropriate account is created)
8. user is redirected to mybb
So my question is how do I best do the following:
- #2: I'd like to find that out as soon as possible, like in the top of global.php to redirect user before any headers are sent
- #7/1: how to programatically log a user in
- #7/2: how to programatically create and activate a user
Thanks a lot for your help!
Ilya.
Ok, I did it - was simplier that I could imagine ...
Could some take a look if I missed smth huge (all changes in global.php, insert after line 43):
I've found a couple of similar topics but none contained really usefull information =(
I'm going to use some external SSO (single sign on) system to authenticate users for MyBB.
The workflow would be:
1. user opens mybb
2. user is not logged in into mybb
3. user is redirected to sso.mydomain
4. user enters valid credentials
5. user is redirected to mybb?ticket=####&userid=###
6. code checks the ticket/userid against a shared DB and finds it valid
7. user is logged into mybb using mybb user info (if it's a first time this user accesses mybb appropriate account is created)
8. user is redirected to mybb
So my question is how do I best do the following:
- #2: I'd like to find that out as soon as possible, like in the top of global.php to redirect user before any headers are sent
- #7/1: how to programatically log a user in
- #7/2: how to programatically create and activate a user
Thanks a lot for your help!
Ilya.
Ok, I did it - was simplier that I could imagine ...
Could some take a look if I missed smth huge (all changes in global.php, insert after line 43):
/* ------------------- sso integration ----------------------- */
// check if user is not logged in to mybb
if ($session->uid == 0) {
chdir('../../sso');
require_once('./config.php');
$includePath = '.'.$config['INCL_DELIM'].$config['lib_path'].$config['INCL_DELIM'].$config['lib_path']."extlib/pear/";
ini_set('include_path', $includePath);
require_once('fw/dbProvider.php');
require_once('fw/user.php');
require_once("fw/userClass.php");
// try to login via sso, if not successfull - fail
$ticket = $_REQUEST['ticket'];
if ($ticket != null) {
$userId = $_REQUEST['user_id'];
$user = new userClass();
$res = $user->authViaTicket($userId, $ticket);
if ($res == true) {
// auth user in mybb
$username = $user->get('Login');
$password = $user->get('Pass');
$email = trim($user->get('Email')));
if ($email == '') $email = '[email protected]';
require_once MYBB_ROOT."inc/functions_user.php";
if (!username_exists($username)) {
//we shud create a new user in mybb based on sso info
// Set up user handler.
require_once MYBB_ROOT."inc/datahandlers/user.php";
$userhandler = new UserDataHandler('insert');
// Set the data for the new user.
$user = array(
"username" => $username,
"password" => $password,
"password2" => $password,
"email" => $email,
"email2" => $email,
"usergroup" => 2,
"additionalgroups" => '',
"displaygroup" => 0,
"usertitle" => $user->getName(),
"referrer" => '',
"timezone" => 3,
"language" => '',
"profile_fields" => '',
"profile_fields_editable" => true,
"regip" => '127.0.0.1',
"avatar" => '',
"website" => '',
"icq" => '',
"aim" => '',
"yahoo" => '',
"msn" => '',
"style" => 0,
"signature" => ''
);
$user['birthday'] = array(
"day" => 0,
"month" => 0,
"year" => 0
);
$user['options'] = array(
"allownotices" => 'yes',
"hideemail" => 'yes',
"emailnotify" => 'yes',
"receivepms" => 'yes',
"pmpopup" => 'yes',
"pmnotify" => 'yes',
"invisible" => 'no',
"dst" => 'no'
);
// Set the data of the user in the datahandler.
$userhandler->set_data($user);
$errors = '';
// Validate the user and get any errors that might have occurred.
if(!$userhandler->validate_user())
{
$errors = $userhandler->get_friendly_errors();
}
// If there are errors, show them now.
if(is_array($errors))
{
var_dump($errors);
die();
}
else
{
$user_info = $userhandler->insert_user();
}
}
$user = validate_password_from_username($username, $password);
if ($user === false) {
header('Location: http://sso.domain.ru/badUser.htm');
}
my_setcookie('loginattempts', 1);
$db->delete_query(TABLE_PREFIX."sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'");
$newsession = array(
"uid" => $user['uid'],
"loginattempts" => 1,
);
$db->update_query(TABLE_PREFIX."sessions", $newsession, "sid='".$session->sid."'");
// Temporarily set the cookie remember option for the login cookies
$mybb->user['remember'] = $user['remember'];
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
header('Location: http://app.domain.ru/forum/');
} else {
// redirect to no_auth_page
header('Location: http://sso.domain.ru/badUser.htm');
}
} else {
$url = 'http://app.domain.ru/forum/';
header('Location: http://sso.domain.ru/index.php?return=' . $url);
}
}
/* ------------------- /sso integration ----------------------- */