[dionak]

Just curious, what perl script?

Quote:

Originally Posted by wcm

Has anyone tried the Perl solution with 3.6? It looks like a very neat way to do this.

I am a little bit curious on how the final perl script looks.

This is really validating. I used a similar approach in a recent site. It's cgi-perl as opposed to mod_perl, mostly b/c when I started to build...I didn't know if I would have mod_perl on the destination server.

Orbita, I really like your approach. It's really clean (and would reduce my code a lot!).

I recently did a single sign-on for a site which included the site, vbulletin and mediawiki. Mediawiki uses PHP sessions, as opposed to cookies. I'm still puzzling how to tell if the user is logged into the site, vbulletin and mediawiki without checking every request (which I'm not doing, it would be extreme overhead).

I guess since the scenario described in your post only involves cookies, it's easy to set them all to expire at the same time so you don't have the session vs. cookie expiry synch issue I'm experienceing. Any ideas on that?

I had a lot of issue with the sessions in the VB integration which is why I chose the same method of using LWP::UserAgent to post to the registration and login scripts in VB.

To do registration, I created a form and corresponding script that processes the form and posts to the registration scripts for vbulletin and mediawiki using LWP::UserAgent. Same as login. It's a challenge though, because 3.6.4 changed the registration logic slightly and now I need to figure out how to accomodate the new logic. It looks like VB registration is now looking for a MD5 hash in the post to register.

Upon registration, the last bit of my custom code creates what I'm calling an 'application username' and 'application password'. The values are whatever the user registers with. These are used for the login, no matter how many times the user might change their password.

So when a user registers, their password is hashed into the 'password' and 'app_password' columns in my custom users table. When the user logs in, I check the submitted password against the 'password' column, then the 'app_password' is retrieved and used for the login request.

To handle the user profile information in vbulletin, I created a plugin that redirects the user to the site account page if they try to update their username or password. Updating both my app's users table and the vb_users table seemed both troublesome and a lot of work for this critical component.

Mediawiki turned out to be a lot easier once I wrapped my head around it. It has 'hooks', so I was able to write an Authentication plugin (called Authplugin in MW) that was a lot simplier. I set up a php script to read my site cookie and set a variable. If the variable is empty (the user isn't logged in) it authenticates the user using the site cookie.

It would be a heck of a lot easier to integrate Vbulletin if it had an authentication hook like this. Or maybe there is a way to do it that I haven't yet realized? There is the global_start for plugins.

Diona