GeorgeK
|
| Posted: 05/25/2005, 2:17 AM |
|
We've got a CodeCharge Studio application running on a client site. However, they now want to link it to a web portal. As the user has already logged into the web portal they don't want to log in again, but rather pass on the login name and password from the portal. The portal is automatically submitting the login form (generated from the CCS authentication Wizard) and supplying the login and password parameters, but is immediately returned to the Login page.
Logging on interactively with the same login and pwd is fine. Is there another hidden parameter that must be submitted or is there some check built in to prevent access such automated logins from other applications?
Any help would be much appreciated.
Thanks
George
|
|
|
 |
peterr
Posts: 5971
|
| Posted: 05/25/2005, 2:36 AM |
|
There is nothing to prevent such access but you may need to use form action = "Login.php?ccsForm=Login".
Please take a look at the HTML source of the login page, like: http://examples.codecharge.com/TaskManager/Login.php
I'm not sure about this, but that's the only thing that I see in that HTML in addition to the Login and Password fields, plus the DoLogin button (you may try submitting the value of that button as well).
Though the easiest way may be not to submit anything to the Login form, but just create the 3 session variables that indicate that the user is logged in: UserID, Login, GroupID
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
GeorgeK
|
| Posted: 05/25/2005, 5:24 AM |
|
Thanks Peter. Have tried passing form action just as you suggest. Also tried passing value of the DoLogin button but again to no avail.
Wasn't sure whether it was something to do with the referrer in request header not being the CCS application when called from the portal (as this is the only difference we could spot).
However, I think your suggestion of bypassing the login page and creating the session variables independently may be the simplest answer.
|
|
|
|
Nicole
Posts: 586
|
| Posted: 05/25/2005, 6:41 AM |
|
George,
What web server are you using?
If it is IIS then PHP is most probably running as ISAPI module. In this case getenv() and $_SERVER["REQUEST_URI"] don't work and that is the reason of the problem. You can try to run PHP as CGI or consider installing Apache web server.
_________________
Regards,
Nicole |
|
|
|
GeorgeK
|
| Posted: 05/26/2005, 1:09 AM |
|
I'll check this out. The server is definitely IIS but our CCS application was installed by the customer. Our installer program installs PHP as CGI but if PHP was already installed as an ISAPI module they would probably have skipped this step.
Thanks for the advice
|
|
|
|
GeorgeK
|
| Posted: 05/26/2005, 8:53 AM |
|
Still waiting to hear from the customer as to whether PHP is running as an ISAPI module. However, tried to replicate the problem myself. As a quick and dirty test I switched the Login.php line that controls how the login and password params are read so they are picked up as GET rather than POST values and typed the following line into my browser address bar:
http://localhost/webview/login.php?ccsForm=Login&Button...word=mypassword
This logged me straight in so it may well be a configuration problem. Either that or the ccsForm parameter is being submitted as login rather than Login (which does cause it to fail)!
|
|
|
|
Nicole
Posts: 586
|
| Posted: 05/27/2005, 1:52 AM |
|
I recommend you to contact YesSoftware support regarding this issue too
_________________
Regards,
Nicole |
|
|
|
GeorgeK
|
| Posted: 05/27/2005, 4:33 AM |
|
Problem solved. Turned out to be simple in the end. The portal application was submitting ccForm=Login as a POST parameter along with login, password and the DoLogin button value. However, to work the ccForm=Login parameter needs to be sent as part of the URL (Login.php?ccsForm=Login).
|
|
|
|
