How to transfer registration information and automatically register on another site when a user clicks on a link?
I have site 2, these two sites use the same database to populate data. for example: users - the table has login details, both website users can access their login through this table.
Now I want to do this:
They need to be signed in before accessing both websites.
My "site A" has a "More" link, when a user clicks on it, that user should be redirected to "Site B". Now I want to skip the "Login" process from website B (because this user is already registered with A). How to do it,
I figured out this option, but less security:
- The website reads more links
B_website / username = abc &? Password = 123 & page = 12
I think this is not a good option, what are the ways I can do this while maintaining high security?
source to share
No no no - don't miss the username + password in plain text in the URL!
I would recommend taking a look at how you know the user is registered on site A. Is there some flag in your database to indicate this user when logged in? Could site B know this flag in some way? Since your two sites are using a database, this is definitely possible.
Consider the following scenario:
- The user registers on the site A.
- A unique "login token" is generated, stored in your database, and sent to the client as well.
- The user is sent to site B.
- The user submits the "login token" that they previously received on the server.
If the login token submitted by the user matches the entry in the database, you can skip the authentication phase and mark that user registered with Site B.
source to share
Server sessions are mostly handcrafted to address this issue. If your websites already have access to the same database, you can use the built-in PHP function, which is to create a session_handler that opens a database connection and stores your session in a database table.
I am personally a big fan of Symfony HttpFoundation (see below). However, you can do it yourself without relying on any external libraries.
Start by creating a table (it's a MySQL table, but it's pretty easy to adapt it:
CREATE TABLE sessions (
sess_id VARBINARY(128) NOT NULL,
data BLOB NOT NULL,
sess_expires int(11) UNSIGNED NOT NULL
) COLLATE utf8_bin, Engine=InnoDB;
Then create a session handler session_set_save_handler()
as per PHP Documentation . Create callable functions and assign each function like this:
Open
Create a database connection.
Close
Closes the connection to the database.
Read
Gets a session from the database.
Write a message
Saves the session to the database.
Destroy
Destroys the session.
Clean
Cleans up old session data based on your system settings.
Here are some different implementations. They should all work in a way that you find the most attractive, which you can use as a base. Once you get your style set, you simply copy the code on each of your client sites and it will pull out the shared session!
Chris Shiflett's tutorial is probably the simplest and most accessible if you're not familiar with how it will work.
DevShed has an object oriented approach that can probably be copied and pasted for the most part. They also do a good job of explaining how to use the session elsewhere.
HttpFoundation - Uses locking and other mechanisms and pretty much gets it up and running. If you follow object oriented programming and are familiar or interested in Composer, this is an absolute breeze to tweak.
source to share
If you are storing the login via an inline PHP session and both websites are using the same session_save_path
, then this is easy enough. Just pass the session id as a SID parameter inside the url. The session from website A must then be picked up by website B, and since the overall user base is split, the session can simply continue on to another website.
The link to the following link should be generated something like this:
<a href="B_website/?page=12&SID=<?php echo session_id() ?>">Read more...</a>
If you manually store some session ID in a cookie, you have different options. Alternatively, you always set cookies for the domains of both websites when you log in. This way, the user is automatically logged into both sites, regardless of which of the two they are logged in from.
setcookie("SESSIONID", $session_id, time() + 86400, "/", $domain_A);
setcookie("SESSIONID", $session_id, time() + 86400, "/", $domain_B);
Another way would be to make a link on website A to a dedicated page on website A, which will then set the required login cookie to website B and then redirect (via header 302) to website B The link will be look like this:
A_website/redirect_B.php?page=12
redirect_B.php will do the following job:
setcookie("SESSIONID", $session_id, time() + 86400, "/", $domain_B);
header("Location: B_website/?page=12", true, 302);
The best way to transfer the session to another server depends on how you logged in. More detail on how you manage your login sessions could be given a more accurate answer.
source to share
You have to use token-based security, i.e. when the user enters their credentials on website A, then website A returns an access token, and then using that token, you can verify the user on both sites, i.e. send an access token with every request.
Basically, the way social site accounting works, they also provide an access token and this is called the auth protocol.
source to share
You can send via AJAX the authentication data from website "A" to Internet "B" when you click the "Read more" button: after that, you check the correctness of these data. If so redirect to page "B" (you can do it with ajax response)
$.ajax({
type: 'post',
url: 'b.php',
data: userauth,
error: function(errors) {
console.error(errors);
},
complete: function(data) {
if(data=="correct"){ /*redirect*/ }else{ /*nothing*/ }
}
});
I think it would be an option ...
Hello!
source to share
The best way I would like to suggest:
1: every time the user logs into the view id, now the user is generated below the table structure
uname | password | seesion id | user ip address |isloogenid
a pwd1 sessionidcreated user looged in ip
- all parameters are the same login in the user, otherwise no
$seesionifdromdb
$ipfromdb
$userloggedinfromdb
$currentipwheresiteisopened
$valeofphpsessionif
if(($seesionifdromdb == $valeofphpsessionif) && ($ipfromdb == $currentipwheresiteisopened) && ($userloggedinfromdb==1)){
// here start session neede to make user logged in
}
source to share
As per your situation allows you to have a logical view. sites: "Site A", "Site B"
Let's have a common input stream. If a user visits Site A or Site B, then a session will be created for that user with some session id and some custom session variables that you configure to have the user logged in throughout the entire website.
eg: $_SESSION['user_id'] = {some id from database};
$_SESSION['prefered_language_code']='eng';
$_SESSION['user_name'] = 'abc';
Then you biapasing the login process until these variables are available in the session
eg:function checkSession(){
if($_SESSION['user_id']!=''){
return true;}
else{return false;}
}
on the other pages of both website
if(checkSession()){
return true;
}else{
//send to login page of website A or Website B respectively;
}
Something like this function that you use to check user access for the rest of the web pages. When it logs out, you have to destroy this session variable.
So now the answer to your question is: 1) Since you are managing two websites and according to your comment, that is, "Now I want to skip the 'Login' process from website B (since this user is already registered with A)" , this means that in both cases the login credentials must be the same.Now the solution is to achieve the desired situation, you must follow the same login process with the same session variables (only those used to check the login status user) and the login to login to the website, that is, "site A and website B".
They then appear to be two different websites, but logically work as one since they use a login session variable. This means that if a user visits one site, then logically he goes through the process of logging into another website.
2) You can set the type of login field in the database to keep track of user login
eg:loggin_token; comment some uniquely generated key or login_key
and sets them with some session variable
You can now check the session for the session variable to keep the login check on both sites
Hope this helps as this is the easiest way to manage these
source to share
Ignore any recommendation to send a password.
Lix's answer with a one-time token is a valid approach. If you don't want to worry about implementation, you might be interested in existing one-shot deployments .
source to share
You must use methods like SAML or Open ID for this.
source to share