Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Auto-Login in Vanilla by use of Parameter in URL

Hello,

i have now further questions to integrate Vanilla Forum in an external CMS-Script that i use.

With these Link: "http://www.mydomain.de/forum/?ID=232" i hand over the Parameter "ID" from my CMS to Vanilla Forum.
Vanilla Forum recognises ID=232 and the user IDs are the same in both (CMS and Vanilla Forum). I want to use a simple if/else Construction in order to log-in the user automatically in vanilla and let to disappear the loginbox on lefthandside of Vanilla when he clicks the above mentioned link.

My question is, what have i should to do that the user will be automatically logged in in Vanilla. My idea is to modify database, but if found no entry, that shows loggedin or not-loggedin users. Can it be that these operation is driven by use of cookies.

In which Script can i modify the loginbox at the lefthandside of Vanilla.

Has anybody a idea or a simple hint/tipp.

** Thank You **
Regards and best wishes
Thomas

Comments

  • businessdadbusinessdad Stealth contributor MVP

    Vanilla does indeed use cookies to keep track of sessions and determine if a User is logged in. To implement Single Sign On, you should use ProxyConnect or JsConnect, which are both plugins that you can find in the Addons section.

    Please make sure that you read the Documentation about them, it explains how to set them up properly.

    Note: perhaps I misunderstood what you would like to do, but logging in a User by just passing his ID and nothing else is a huge security issue. Anyone could simply pass a random id to the site and get automatically logged in.

  • Dear businessdad,

    vanillaforum is not visible to public (hidden in the Dolphin Framework) because it ist integrated in the boonex framwork. By use of function (Dolpin-Framwork)

    if( $logged['member'] ) {}

    will be allowed to access to Vanilla, that works now as part of Dolphin. I dont know if ProxyConnect or JSConnect here is working, because Vanilla and Dolphin uses different hash-algorithms/methods. My Idea is the following:
    I hand over the ID as part of the Url, from Dolphin to Vanilla, that will be in Dolpin and Vanilla always the same.

    When the user reaches the Vanilla, the Loginbox will be dissappear and the user is logged in automaticly.

    My final questions are:
    1. I need the session that i must track to put a query in order to compare Dolphin and Vanilla Userdatabase
    2. How can i disable / delete the login/join box on the righthand side of Vanilla global for all Vanilla pages.

    thank you in advantage
    Greets Thomas

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited April 2013

    2.How can i disable / delete the login/join box on the righthand side of Vanilla global for all Vanilla pages.

    that would be the guest module / signin module.

    you could add this to your theme's default.master.php in the head section

    <?php 
    $this->RemoveModule('SignedInModule');
    $this->RemoveModule('GuestModule');?>
    
  • businessdadbusinessdad Stealth contributor MVP

    @thomasp said:
    I dont know if ProxyConnect or JSConnect here is working, because Vanilla and Dolphin uses different hash-algorithms/methods.

    That is precisely the point: the hashed data is not passed by one framework to the other, each one handles it independently. What ProxyConnect and JsConnect do is implementing a method for Vanilla to retrieve unencrypted User data from the main framework. Then, Vanilla hashes and handles it internally. The two frameworks don't know, and don't need to know, what the other is doing.

    I still believe that using just an ID is not the best approach. Just having the forum not visible to the public is not secure enough, as it's mere security through obscurity.

    My final questions are:
    1. I need the session that i must track to put a query in order to compare Dolphin and Vanilla Userdatabase

    With the above solutions, you don't need to query Vanilla databases (and you should not do it anyway). This avoids you messing with data structures (which may change without notice) and with security, which is handled internally by the frameworks.

  • Hi businessdad, thanks for reply. I will try it with Proxyconnect. May i go right that Proxyconnect also asks only the password for the first time? This will be no problem for me, but a problem is the "Create Account" function sidewide. It will be very helpful for me to know, where i can modify the Target URL of these button, to the joinform of my community. Thanks in advantage Thomas

  • businessdadbusinessdad Stealth contributor MVP

    I may be wrong, but ProxyConnect should not ask for any password at all. I haven't used it, though, therefore mine is just a bit more than a speculation.

    Regarding the Create Account, I would suggest to hide the Vanilla registration buttons by going to Dashboard->Registration and choosing "Connect". Then, simply place your own link on the forum, and make it point to the main site.

Sign In or Register to comment.