[Xerte] Toolkits authentication from another service

[Patrick Lockley]

Hello all,
 
I've just emailed this to some one off list, but I thought it made sense
to share.
 
Demo.php (demo.txt) was originally written to be an password free
alternative to main login page which could be hosted within other
services.
 
Looking at demo.php, all toolkits needs is $_SESSION['login_ldap'],
which is the user's login name (username).
 
So to modify demo.php to work with another service you could (note this
is untested as I haven't anything to test against) :-
 
Lines 17 - 23 can be removed 
 
Then on line 31 
 
replace $_SESSION['login_ldap'] = ...... with your username variable.
 
In doing it this way you'd lose some functionality - the sharing feature
wants to know people's names, and the password play feature needs LDAP
again.
 
However, if you posted in / "getted" (sp?) in the surname and username
you could set those on the $_SESSION variables on lines 17 and 23 as
well. You'd need to send them in every time though.
 
I'd recommend (but can't really offer any guidance) that you took some
steps to make sure this service was made more secure.
 
Hope this helps.
 
Pat
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20081202/c9d0a497/attachment.html