| Author |
 Topic  |
|
|
rory
Starting Member
12 Posts |
 Posted - 27 July 2004 : 21:21:14
|
(previously posted elsewhere, but I think maybe it was a dead thread - sorry for the re-post)
I've searched throughout the forums, and using an existing member database seems like a common enough need, but there doesn't seem to be an easy fix. Complex SQL triggers and table views just seem way to complicated, and error-prone. I'm also using Access.
Last night I came up with a possible workaround, and wondered if anyone can help me find 1) what's wrong with this approach, since it seems so simple, and 2) a more efficient and elegant way of achieving this. Seems like this would be useful to quite a few people.
A) Creating new members. I have an existing member approval/creation system using PayPal IPN that works. I don't want my members to have to register again for the forums. I included inc_sha256.asp. In my member creation script I added the following query:
strSql = "INSERT INTO FORUM_MEMBERS (M_NAME, M_PASSWORD, M_EMAIL) VALUES ('" & memberid & "', '" & strEncodedPassword & "', '" & memberemail & "')"
Works like a charm - I now have a fully functional member pre-setup in my forums.
B) Auto-login: I looked at the universal_login mod, but that's not what I need. I don't want users to have to log into forums at all, since they already authenticated to my portal. My kludgey workaround is to have an invisible form on my main member homepage, that's automatically submitted by the body onLoad event. This simply sends their userid/password to forum/default.asp and logs them in. This works via either GET or POST. They are then redirected back to my member homepage and can continue to browse the site. When the time comes to access the forum, they're already logged in.
Here are the immediate problems I see:
A: This user creation process bypasses the normal checks for existing userid/email. (I was able to create 2 identical users). Not a major problem, because I'm already checking those things at my existing member creation steps.
B: Obviously a problem as the userid/password is sent in cleartext. Does anyone know of a way of doing this via an ASP/SQL query, so I can do it invisibly without the need to send the form? Maybe some way of doing a "POST" programatically to forum/default.asp? I know I have an XML object on my XP system since that's how PayPal IPN works, but I don't know much about it.
Thanks,
Rory
btw: I'm using Speedball cause I love CSS. And Access db.
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 28 July 2004 : 05:40:27
|
Just on the login aspect of things; if you set your forums cookies to website and then renamed the cookie that is created when members log in to the main area of your site to match the cookie the forum uses. This way the forums will pick your users up without the need for any other sort of login, automated or otherwise. Have a look at the doCookies() sub in inc_func_common.asp to see how your forum sets cookies.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
 |
|
|
Jezmeister
Senior Member
United Kingdom
1141 Posts |
Posted - 28 July 2004 : 17:31:54
|
| I'm not entirely sure about A or B but surely (assuming you have access to the database) you could simply add the neccessary extras eg homepage, signature etc to the existing tables?! |
|
|
|
nearbuyguy
Starting Member
1 Posts |
Posted - 02 August 2004 : 01:01:11
|
The strSQL solution looks ideal for my site. Can you explain how strEncodedPassword works? If I include inc_sha256.asp, isn't there some function I need to call to encript the password? That's the part I'm still confused about.
I haven't looked at the cookie yet. Hopefully the same function would give me the encripted password to store in the cookie??
Thanks.  |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 03 August 2004 : 08:05:20
|
Yes, you will need to include inc_sha256.asp in the files you want to encrypt the password. You call the encryption function like so: sha256(string). The doCookies function in inc_func_common.asp does not encrypt the password, you will need to create a variable called strEncodedPassword to haold the encrypted password before calling the function.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
| |
Topic |
|
Topic Locked
