Write a script on server 1 to accept "username" and "password" parameters. If successful, it echoes "1", if not, it echoes "0".
On server 2, you do something like this:
$s = file("http://server1?login.php?username=$username&password=$password";);
if ($s[0])
{
# User is logged in.
}You can also write the script on server1 so that it only returns 1 if the request came from server2.
Disclaimer: I know this scheme isn't airtight, but it beats relying on the referer.
cheers,
Travis
[EMAIL PROTECTED] wrote:
To recap...
We have two servers:
1. USA - holds most of our databases, and E-mail. but specifically, the usernames and passwords, or all our users (Lotus Domino Server)
2. UK - Runs our website. (Unix Server)
We wanted to be able to allow people to login on on server 1, and getr authenticated etc, and then get redirected to server 2.
Using http_referer we would confirm that they came from server 1
However, as I discovered, that is not possible. So what we did was this:
On the login form on server 1, the referering URL to server 2, contains a varibale called 'secure'
we asign that variable that value of '4654376534' and divide it by the day (eg: if it's the 12th of may, we divide by 12.. 7th of June, we divide by 7)
I know that this is crackable, but it's just a stop gap measure...
My problem today is this:
It's not confirming the values?
See my code below....
================
session_start();
$today_day = date("d");
$code1 = ($today_day+1) * $secure;
$code2 = $today_day * $secure;
$code3 = ($today_day-1) * $secure;
$master_code = 4654376534;
if (($code1 == $master_code) || ($code2 == $master_code) || ($code3 == $master_code)) {
$_SESSION[logged] = 'true';
$login_info = "You are now <b>Logged in</b>";
} else if ($_SESSION[logged] == 'true') {
$login_info = "You are still <b>Logged in</b>";
}
=================
I start by getting the date $today_day
As we're in two time zones, I don't wanna get caught out by the time difference, so I've created a +/- 1 each side ($code1-3)
and fianlly, asigned the master input variable (the decoder)
Now it all works great..! (all variables echo what they should) however, I'm not getting logged in?
I'm really stumped...
any ideas?
Tris...
*********************************************************************
The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.
***********************************************************************
-- Travis Low <mailto:[EMAIL PROTECTED]> <http://www.dawnstar.com>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
