NYCPHP Meetup

NYPHP.org

[nycphp-talk] Cross domain Logins

Mark Withington mwithington at PLMresearch.com
Thu Nov 20 08:52:19 EST 2003 

Wish I could say that I was smart enough to write the code ;-)   It was
generated by the fellow who owns http://www.daum.net <http://www.daum.net> 
<?php

$id = "xxxx";

$pw = "xxxx";

$LOGINURL = "<http://login.daum.net/Mail-bin/login.cgi>";

$GETURL = "<http://www.daum.net/Mail-bin/mail_list>";

$POSTFIELDS = "id=$id&pw=$pw";

function AUTH_SITE_COOKIE_STORE($LOGINURL,$POSTFIELDS)

{

$parseURL = parse_url($LOGINURL);

$ch = curl_init();

curl_setopt($ch, CURLOPT_COOKIEJAR, "$parseURL[host].cookie");

curl_setopt($ch, CURLOPT_URL,"$LOGINURL");

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, "$POSTFIELDS");

ob_start();

curl_exec ($ch);

ob_end_clean();

curl_close ($ch);

return "$parseURL[host].cookie";

}

function AUTH_SITE_GET($GETURL,$cookieFile)

{

$parseURL = parse_url($GETURL);

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch, CURLOPT_COOKIEFILE, "$cookieFile");

curl_setopt($ch, CURLOPT_URL,"$GETURL");

$result = curl_exec ($ch);

curl_close ($ch);

$fp = fopen ("$parseURL[host].html", "w");

fwrite($fp,$result);

fclose ($fp);

return $result;

}

$cookieFile = AUTH_SITE_COOKIE_STORE($LOGINURL,$POSTFIELDS);

echo $result = AUTH_SITE_GET($GETURL,$cookieFile);

?> 

 

--------------------------
Mark L. Withington
PLMresearch
"eBusiness for the Midsize Enterprise"
PO Box 1354
Plymouth, MA  02362
o: 800-310-3992
f: 508-746-4973
v: 508-746-2383
m: 508-801-0181
http://www.PLMresearch.com <http://www.plmresearch.com/> 
Netscape/AOL/MSN IM: PLMresearch
mwithington at plmresearch.com
Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc
<http://www.plmresearch.com/html/MLW_public_key.asc> 
Calendar: http://www.plmresearch.com/calendar.php
<http://www.plmresearch.com/calendar.php> 


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On
Behalf Of Mark Armendariz
Sent: Thursday, November 20, 2003 8:48 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Cross domain Logins


definitely a good idea... mind if i take a gander? (if you can find it)
 
thanks!!

  _____  

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Mark Withington
Sent: Thursday, November 20, 2003 8:04 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Cross domain Logins


Not sure, but I think this might be a good job for cURL login script.  I've
got one kicking around if you need it.  Let me know and I can rummage
through my sock drawer and find it.
 
 

--------------------------
Mark L. Withington
PLMresearch
"eBusiness for the Midsize Enterprise"
PO Box 1354
Plymouth, MA  02362
o: 800-310-3992
f: 508-746-4973
v: 508-746-2383
m: 508-801-0181
http://www.PLMresearch.com <http://www.plmresearch.com/> 
Netscape/AOL/MSN IM: PLMresearch
mwithington at plmresearch.com
Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc
<http://www.plmresearch.com/html/MLW_public_key.asc> 
Calendar: http://www.plmresearch.com/calendar.php
<http://www.plmresearch.com/calendar.php> 



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Mark Armendariz
Sent: Thursday, November 20, 2003 3:14 AM
To: 'NYPHP Talk'
Subject: [nycphp-talk] Cross domain Logins


Anyone here ever create a cross-domain login system?  I'm still waiting for
details to see if the domains will have access to the same db or same
server.  I figure one way to do it would be to somehow transfer session info
form one domain to the other, but it seems like there's plenty of security
issues in doing so.  I thought maybe passing an md5 encrypted string with
the username, password form one site to the next might work as well, but I'm
still not too sure of the security issues, especially considering the issues
pointed out a couple weeks back regarding auto-logins.
 
Anyone have experience with this?
 
Thanks!
 
Mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20031120/142739ad/attachment.html>

More information about the talk mailing list