Integrating into a custom auth system

straw-man · 04-27-2005, 02:11 PM

I've written my own 'authentication' system for my administration site that gives users permissions based on group memeberships with a user control panel that will allow the user to reset their password. Most of the site I've written by hand (and of course that integration was easy!), with the exception of a few scripts that I'm implementing that are not my own, with EasyPHP Cal being one of them.

For all the others (photo gallery script, mailing list script), I've been able to modify the administration portions of those scripts to use my system - basically taking the authentication completely out and then inserting my own.

Is this possible with ESCal? It seems to be a bit of a behemoth to find where that kind of thing takes place (plus it's ion encoded..will that change once I input a new serial number - just waiting for it to get emailed)?

My goal is for the user to have one login and one password for the entire site and then I will manage what they have access to. I looked at the tables it created, and it doesn't appear that the events admin accounts are stored in the db (although the setup admin is). I don't necessarily need to change the setup admin - I just need access for event admin.

Thanks,

Chad

**Brian** · 04-27-2005, 08:21 PM

You can pass the user name and password via the URL to the event manager.

Click the Details link at the top of this page and look at the link for the event manager login.

You would need to store their login information in the config.inc.php file using the existing variables.

straw-man · 04-28-2005, 09:25 AM

Brian,

This works great! Thanks for the reply. I was able to create a PHP page that requires authorization and then once you're authenticated it will redirect to the URL with user and pass. For a little added security I MD5'd the password.

Thanks again!

neimien · 12-30-2005, 12:52 PM

Hi Chad,

I am bypassing the login page too and I was wondering if you can share how you included a MD5'ed password in the script?

obviously
events/index.php?user=user&pwd=myreallylongencryptedmd5pa ssword
will not work.

what else do I need to do to allow my server to recognize the MD5 password ?

Please shed some light. Thanks!

sh

straw-man · 01-03-2006, 11:05 AM

Quote:

Originally Posted by neimien

Hi Chad,

I am bypassing the login page too and I was wondering if you can share how you included a MD5'ed password in the script?

obviously
events/index.php?user=user&pwd=myreallylongencryptedmd5pa ssword
will not work.

what else do I need to do to allow my server to recognize the MD5 password ?

Please shed some light. Thanks!

sh

Neimien,

I beleieve the way I set it up was this (it was a while ago...)

in your config.inc.php file take the user you want to be used for the auto-log in and set the $userpass to be md5(yourchosenpassword) instead of "password".

Then, when calling it from the administration page, I set up a blank page that redirects to the events admin once the user has authenticated. In case you don't know how to do PHP redirection here's a sample of what I'm talking about:

PHP Code:


			
<?

//Your Authentication code goes here//

$URL="/calendar/events/index.php?dataMode=s&name=youruser&pwd=".md5(yourchosenpassword);

header ("Location: $URL");
?>

Chad

neimien · 01-12-2006, 06:34 PM

Thanks for the help!