Jump to content
Froxlor Forum
  • 0

Single Login Point for multiple Froxlor Installations with PHP/Curl, kinda SSO


Guest

Question

Hello,

just trying to build a php script which allows a single point of login for multiple froxlor hosts.

so for example i have 3 hosts running froxlor, and have a single central url for the webinterface login.

 

https://ccp.mydomain.com (central login page)

 

---------------> https://s1.ccp.mydomain.com/froxlor (froxlor host #1) - customer naming schema c0xxx)

---------------> https://s2.ccp.mydomain.com/froxlor (froxlor host #2) - customer naming schema c1xxx)

---------------> https://s3.ccp.mydomain.com/froxlor (froxlor host #3) - customer naming schema c2xxx)

 

 

so when customer c1001 for example tries to login, the script via curl checks to login on all of the servers.

if a login succed, the script saves the cookie and sets it to the client browser session. after that, the customer gets redirected and logged in to the right control panel.

 

 

thanks

 

 

Updates:

-------------

27.05. - fixed internet explorer css - v1.1

 

 

Download:

-------------

froxlor-centralized-loginpage-v1.1.zip

 

 

u need php-curl enabled on the host.

i'm may going to make a clean and more optimized version soon.

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

I can't get this working. I've got https://froxlor1.domain.tld with user user1 and https://froxlor2.domain.tld with user user2. Trying to use this script to login as user2 finishes in an error from https://froxlor1.domain.tld saying wrong user or password. 'php5-curl' ist installed, what I doing wrong?

 

I'm not expert in PHP, so I used some 'echo' statements to see whats happen : in inc.login.php it never reaches the $wrongpw = 1; code because curl_getinfo($ch, ... includes no "showmessage=" part.

 

regards Ronny

Link to comment
Share on other sites

I'd rather check for the username via javascript/jquery and change the form-action-value to the according froxlor-hostname. i'm unsure if that will work with Froxlor's http headers but you could try

Link to comment
Share on other sites

thanks d00p.

yea i thought about that, would be the easiest soultion.. unfortunally i like to check against all hosts..

i put togehter some dirty code.. the authentification check basically works, but i'm somehow stuck with the redirection if the login succeeds and headers / sid.

 

thanks.

Link to comment
Share on other sites

okay, first, you got a typo at the top, $forx_hosts[0] should be $frox_hosts[0] i guess.

And secondly, a header-redirect using exit(header('Location: '.$url.'?s='.$sid[1].'')); probably won't work, instead try:

 

header('Location: '.$url.'?s='.$sid[1]);
exit;

Link to comment
Share on other sites

okay, first, you got a typo at the top, $forx_hosts[0] should be $frox_hosts[0] i guess.

And secondly, a header-redirect using exit(header('Location: '.$url.'?s='.$sid[1].'')); probably won't work, instead try:

 

header('Location: '.$url.'?s='.$sid[1]);
exit;

 

Thanks so far.

i also forget to reset the $wrongpw, $locked1 and $locked2 on each element of the array.

 

the redirect seems to work now, the customer gets redirected to https://sx.ccp.mydomain.com/froxlor/index.php?sid=SID , but the login form will be shown instead of the customer index page...

Link to comment
Share on other sites

let the login-page output the $_POST data to see if it receives everything necessary using var_dump($_POST) for example

 

when i try to login as c1005 on s2 with valid pass

it redirects me to

 

Location: https://s2.ccp.mydomain.com/froxlor/customer_index.php?s=[sid]

 

so i guess curl is able to get the valid session id, but somehow the header manipulation to redirect the user into the session fails.

 

 

im gonna read more about php headers and curl, since im not very experienced with those so far.

Link to comment
Share on other sites

hi again,

ok from what i've gathered from lib/init.php this can't work without modifying froxlor.

i guess the problem is the froxlor session management which would have to be adjusted such as the query where it queries the session tbale for ipadress and useragent .. the user agent is not a big deal, cuz. can manipulate the uer agent with curl to use the fake the client's user agent, but the ipaddress thing is kinda tricky..

 

    $query.= 'WHERE `s`.`hash`="' . $db->escape($s) . '" AND `s`.`ipaddress`="' . $db->escape($remote_addr) . '" AND `s`.`useragent`="' . $db->escape($http_user_agent) . '" AND `s`.`lastactivity` > "' . (int)$timediff . '" AND `s`.`adminsession` = "' . $db->escape($adminsession) . '"';
   $userinfo = $db->query_first($query);

Link to comment
Share on other sites

i've got it working now.. it may not be the best and most clean solution, but it works..

see the first post of this thread for download.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...