Jump to content

Log a user in, without their password.

mindfulhacker

By mindfulhacker
in Development Help

 Share

Recommended Posts

mindfulhacker Newbie

mindfulhacker

Posted
Posted

I'm currently creating a script that works with my other systems on the server. I have got a page, which when a user logs in successfully, returns the CID, First Name and Last Name from database.

I'd like to make it, so when my page renders, it logs the user into phpVMS.

Except, I won't have a password, just CID and name.

I can get the userID from the database, using MySQL, but apart from that, I can't see any logical way of doing this.

Any ideas?

Link to comment
Share on other sites
magicflyer Newbie

magicflyer

Posted
Posted

I'm currently creating a script that works with my other systems on the server. I have got a page, which when a user logs in successfully, returns the CID, First Name and Last Name from database.

I'd like to make it, so when my page renders, it logs the user into phpVMS.

Except, I won't have a password, just CID and name.

I can get the userID from the database, using MySQL, but apart from that, I can't see any logical way of doing this.

Any ideas?

That's very very unsecure. Anyone could get everyone's email address, sensitive profile information, change passwords(Think about logging in to smartCARS), and a few other things I can't think of. VERY VERY unsecure, and a breach of a user's privacy policy.

I apologize if I am misunderstanding your intent.

Link to comment
Share on other sites
mindfulhacker Newbie

mindfulhacker

Posted
  • Author
Posted

That's very very unsecure. Anyone could get everyone's email address, sensitive profile information, change passwords(Think about logging in to smartCARS), and a few other things I can't think of. VERY VERY unsecure, and a breach of a user's privacy policy.

I apologize if I am misunderstanding your intent.

Basically, rather than using phpVMS's login system, I want to use my own, which is implemented with all the other things I run (VA Forums etc).

In the login template, I redirect the user to my own system, and the user then logs in there. If the credentials are correct, the login system (should) log the user into phpVMS.

But, the system only returns the CID, PilotID and name, therefore I have no password to check with phpVMS's login system.

So, I was wondering if there was a way using sessions etc / rewriting the login function, so the password would not be needed,

Since the function would be called by the login system, only once the user has authenticated themselves, I can't see why this wouldn't be secure.

Link to comment
Share on other sites
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...