mindfulhacker Posted July 24, 2015 Report Posted July 24, 2015 I'm currently creating a script that works with my other systems on the server. I have got a page, which when a user logs in successfully, returns the CID, First Name and Last Name from database. I'd like to make it, so when my page renders, it logs the user into phpVMS. Except, I won't have a password, just CID and name. I can get the userID from the database, using MySQL, but apart from that, I can't see any logical way of doing this. Any ideas? Quote
magicflyer Posted July 25, 2015 Report Posted July 25, 2015 I'm currently creating a script that works with my other systems on the server. I have got a page, which when a user logs in successfully, returns the CID, First Name and Last Name from database. I'd like to make it, so when my page renders, it logs the user into phpVMS. Except, I won't have a password, just CID and name. I can get the userID from the database, using MySQL, but apart from that, I can't see any logical way of doing this. Any ideas? That's very very unsecure. Anyone could get everyone's email address, sensitive profile information, change passwords(Think about logging in to smartCARS), and a few other things I can't think of. VERY VERY unsecure, and a breach of a user's privacy policy. I apologize if I am misunderstanding your intent. Quote
mindfulhacker Posted July 25, 2015 Author Report Posted July 25, 2015 That's very very unsecure. Anyone could get everyone's email address, sensitive profile information, change passwords(Think about logging in to smartCARS), and a few other things I can't think of. VERY VERY unsecure, and a breach of a user's privacy policy. I apologize if I am misunderstanding your intent. Basically, rather than using phpVMS's login system, I want to use my own, which is implemented with all the other things I run (VA Forums etc). In the login template, I redirect the user to my own system, and the user then logs in there. If the credentials are correct, the login system (should) log the user into phpVMS. But, the system only returns the CID, PilotID and name, therefore I have no password to check with phpVMS's login system. So, I was wondering if there was a way using sessions etc / rewriting the login function, so the password would not be needed, Since the function would be called by the login system, only once the user has authenticated themselves, I can't see why this wouldn't be secure. Quote
mindfulhacker Posted August 9, 2015 Author Report Posted August 9, 2015 Sorry for the *bump*.... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.