login from external site

[mraza]

Hi my new experience begins,  Now what i am trying to do is i make three pages, login.php logout.php index.php . Now if i will not give correct detail i can not see the index.php ,all working perfect . So now what i wants to do is in my login.php currently i am using local mysql to connect and find user then proceed to index.php NOW what i want is for example if these files are on domainone.com it will login from domaintwo.com then will proceed to index.php means second domain has only login processing nothing else to do. So Sir/Mam how can i accomplish this project, any ideas much appreciated 

 

without phpfreaks i was nothing  Thanks for all support .

[JonnoTheDev]

Just simply post the login data to domain1.com from a form on domain2.com. If the login is invalid redirect the user back to domain2.com

[mraza]

hi thanks for reply but i dont get it how will i do that currently i am doing like this , i simple set username and pass in variables. not from mysql in this script;

 

$username = USERNAME;
$password = PASSWORD;

if(isset($_COOKIE['ID']) && isset($_COOKIE['Key']))
{
$username = $_COOKIE['ID'];
$pass = $_COOKIE['Key'];
if ($pass != $password)
{
}
else
{
header("Location: index.php");
}
}
if (isset($_POST['submit'])) { 
if (($_POST['pass'] != $password) || ($_POST['username'] != $username)) {
die('Incorrect pass or username Try again.');
}else
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID, $_POST['username'], $hour);
setcookie(Key, $_POST['pass'], $hour);
header("Location: index.php");
}
}
else { ?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
UserName:
<input type="text" name="username" maxlength="40"  />
<br />
Pass:
<input type="password" name="pass" maxlength="50" />
<br />
<input type="submit" name="submit" value="Login">
</form>
<?php } ?>

I cant get that how i will pass to domain2.com from domain1.com  Thanks for support

[mraza]

bump  :'(

[JonnoTheDev]

example if these files are on domainone.com it will login from domaintwo.com then will proceed to index.php

Do you see the following form action that you already have. It is submitting to the current page.

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

Lets take your 2 domains:

domainone.com

domaintwo.com

 

I am on domaintwo.com and I want to login so I can access resources on domainone.com. OK, domaintwo.com will not do any login processing. All this website displays is a form so the user can enter their details. However, the form will submit to domainone.com/login.php where the details will be checked against the database. If the details are incorrect you simply throw the user back to domaintwo.com with an error. All you need to do is change the action of the form on domaintwo.com. It cannot be much simpler to explain:

<form action="http://www.domainone.com/login.php" method="post">

[mraza]

Thanks sir i get that point but actually what i want is all the process will be on domaintwo.com so if i do this

action="http://www.domainone.com/login.php"

it will take the user to other domain and then return back in browser, is not there any way it will just stay on the same domain and send variables to other domain without changing the URL in browser. like if i do like this

action="http://www.domaintwo.com/prcessing.php"

it will goto processing.php file and send data to domainone and i have made it to refresh after 5 seconds so if user login detail were correct and then move to index.php not so back to login.php.

[JonnoTheDev]

Why would you even create a process like that?

Anyhow, if that is what you want then you need to create a service on the domain that checks the login data i.e domaintwo.com. A REST service. Essentially you will send the login data over from domainone.com to domaintwo.com and domaintwo.com will return a response. You could make it send back an xml response after it has looked up the details from your database. domainone.com will parse the response and then decide if the user session can be set i.e

 

This is a pure example, the code is not literal

<?php
// form has been submitted
if($_POST['submit']) {
// send the data over to form processing
$x = new loginProcess('http://domaintwo.com/loginapi.php');
$result = $x->validate($_POST['username'], $_POST['password']);
// parse the response
$response = parseResponse($result);
if($response == true) {
  // successful login
}
else {
  // failed login
} 
}
?>

 

The code on domaintwo.com will receive the request and return the response i.e

<?php
if($_POST['username'] && $_POST['password']) {
// check against database
mysql_query();
// return XML response
}
?>

 

To make it much simpler why not just grant access to the database on server1 from server2 and do all the validation on the same website?

[mraza]

Q. Why would you even create a process like that?

A. Sir i am learning at my own so whatever comes in my mind i try to make that, i have make many things like that and specially get support from here.

 

and i see in your example you are using OOP methods as i am not so familiar with those methods yet and also xml response  are not there some essential codes i feel that all complex codes ae saying me to -> 

 

[JonnoTheDev]

You are creating a process that has complexities.

The code I have posted is purely hypothetical even though it uses objects. You can use whatever coding standard you like.

 

I suggest you follow this tutorial on making a REST call to a service on another domain. Then you will get the idea of how to make calls to services and read the responses. In your case the service will be checking a database to see if the user data sent to the service is valid.

 

http://www.sematopia.com/2006/10/how-to-making-a-php-rest-client-to-call-rest-resources/

[mraza]

Thank sir i looked through the tutorial and tried something as i am not so familiar with OOP it looks strange yet. so here is what i did , domainone.com from there i need to send request to domaintwo.com, on domainone.com i have resetclient.php and  login.php as below:

<?php
if($_POST['submit']) {
require_once "RESTclient.php";

$rest = new RESTclient();

$inputs = array();
$inputs["username"] = $_POST['username'];
$inputs["password"] = $_POST['pass'];

$url = "http://www.domaintwo.com/apilogin.php";
$rest->createRequest("$url","POST",$inputs);
$rest->sendRequest();
$output = $rest->getResponse();
if($output == true) {
header("Location: index.php")
} else {
die('Incorrect pass or username Try again.');
}
} else {
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
UserName:
<input type="text" name="username" maxlength="40"  />
<br />
Pass:
<input type="password" name="pass" maxlength="50" />
<br />
<input type="submit" name="submit" value="Login">
</form>
<?php } ?>

 

and on domaintwo.com i have apilogin.php as below:

<?php
if($_POST['username'] && $_POST['password']) {
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("Database_Name") or die(mysql_error());
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
return false;
}
$info = mysql_fetch_array( $check );
$info['pass'] = $_POST['password'];
$info['username'] = $_POST['username'];
if ($_POST['password'] != $info['password']) {
return false;
}
}

 

so here are things missing first i don't get what to return next in RESTclient.php class is required  HTTP/Request.php which i not found on the site above.

 

Regards

[JonnoTheDev]

OK, you are going wrong with the code on domain 2 that is processing the data and checking the database. You have used the syntax 'return true' and 'return false'. This is incorrect. return is used in functions. This is not what you want. You need to produce output that the script making the request can read. i.e produce output in xml or simply print text to the screen

if ($check2 == 0) print "invalid";

 

Then on the script making the call you can check the output from the response

i.e

if(strstr($output, "invalid")) {
// login invalid
}

[mraza]

Thanks sir as i mention before i was not able to find the file request.php at the link above

 

Warning: require_once(HTTP/Request.php) [function.require-once]: failed to open stream: No such file or directory

[JonnoTheDev]

It is a PEAR library. You must install it on your server

http://pear.php.net/package/HTTP_Request/

[mraza]

well i will try that sir to install but the next thing is more important what if somebody don't have pear install on there server and i will give my files to use them. like i make a script and give to some client and evertime when i will give to a client i need to tell them to install pear on there server. 

[JonnoTheDev]

You dont have to use the pear library. You could use the following:

fopen

fputs

curl

Look at these functions in the php manual

[mraza]

Tried this way but no working i can't figure out these stuff yet , sir please can you show me a working example  Thanks

<?php
if($_POST['submit']) {
$fields = $_POST['username'] . "&" . $_POST['password'];

$url = "http://www.domaintwo.com/loginapi.php";
$ch = curl_init();   
curl_setopt($ch, CURLOPT_URL,$url); 
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, 3); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); 
$result = curl_exec($ch); 
curl_close($ch); 

if (strstr ($result, "invalid")) {
header("Location: index.php");
} else {
die('Incorrect pass or username Try again.');
}
} else {
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
UserName:
<input type="text" name="username" maxlength="40"  />
<br />
Pass:
<input type="password" name="pass" maxlength="50" />
<br />
<input type="submit" name="submit" value="Login">
</form>
<?php } ?>

[mraza]

can anyone help me plz  :'(

[mraza]

bmp  :'(

 

 

sir cags , Alex, neil plz help me

[mraza]

bump plz help plz

[mraza]

oh Finally got it solved after a lot of headache  here is the solution:

login.php

<?php ob_start();
if($_POST['submit']) {
$user = $_POST['username']; 
$pass =  $_POST['password'];

$URL="http://www.domaintwo.com/loginapi.php";
$ch = curl_init($URL);   
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "submit=submit&username=$user&password=$pass");
$result = curl_exec ($ch); 

?>
<pre> 
<?php 
// this is only to test if there went something wrong ohlala
print_r(curl_getinfo($ch)); 
echo "\n\ncURL error number:" .curl_errno($ch); 
echo "\n\ncURL error:" . curl_error($ch); 
?>
</pre>
  <?php   
curl_close ($ch);


if (strstr ($result, "invalid")) {
die('Incorrect pass or username Try again.');
} else {
header("Location: index.php");
}
} else {
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
UserName:
<input type="text" name="username" maxlength="40"  />
<br />
Pass:
<input type="password" name="password" maxlength="50" />
<br />
<input type="submit" name="submit" value="Login">
</form>
<?php } 
ob_flush();
?>

and here is loginapi.php on domaintwo

<?php
if($_POST['username'] && $_POST['password']) {
mysql_connect("localhost", "usernam", "pass") or die(mysql_error());
mysql_select_db("databasname") or die(mysql_error());
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
$info = mysql_fetch_array( $check );
if (($_POST['password'] != $info['password']) || ($_POST['username'] != $info['username'])) {
print "invalid";
}
}
?>

Thanks for support