Force user login?

L

loopforever

Verified User
Joined
May 30, 2003
Messages
298
Location
/home/admin
Hey everyone,

I know there's a script on this forum that supposedly allows you to log a user into DA once they enter their details. I made my own version of this script to suit my own needs and I've run into a problem.

I'm able to log a user in based on their user + pass (which is input through a form on my site) and send a request to the DA login script via my script. The problem is that the session is not maintained, so that if I log the user in via my script and then redirect them to DA on whatever server they're hosted on, the session is useless (since it's initiated through the server, not through the users computer). Does anyone know a way around this? I'm nearing the end of a very big project and this is the one thing I'm having a ton of trouble with.

Thanks for your help :)!
 
Hello,

You'll need to send them the "session" cookie which is returned after the login. I think the easiest way to do the login, is just have a form which POST to DA instead of your own script... might save you some troubles. Other than that, the next easiest thing would be to redirect all the raw header info to the client after DA returns the result so that they'll get the correct redirect and cookie.

John
 
Unfortunately I can't submit the login data directly to DA because my new control panel/customer management setup does this:

- Accepts user/pass
- Verifies based on data stored in my database
- If correct: starts a session for my customer management system
- Sends login details to DA and redirects them to the DA user index

With regards to the header info, do you mean parse the header that DA returns to my script after a successful login and re-send it to the user via my script? If so, wouldn't that set the session cookie from my domain, and not the DA domain? If that happens DA won't be able to read the cookie, since browsers (for security reasons) only allow read-access to cookies created by specific domains.
 
Hello,

Yes, if you set the cookie from your script, you might run into problems where the browser is storing the cookie from the wrong place.

What if you created a dynamic page that had the hidden values and instantly submitted when the page was done?.... ie:
PHP: 
<form name=loginform action="domain.com:2222/CMD_LOGIN" method="POST">
<input type=hidden name=username value="username">
<input type=hidden name=password value="secret">
</form>
<script language=javascript>
//some javascript code to submit the form.
</script>

John
 
You must log in or register to reply here.
Back
Top