Auto Login from 3rd party site

**redwax** · 06/13/2012, 15:46

I've had a look back through the forum posts and it appears there are a few people that have asked similar questions... The closest I found was this:

http://www.contao-community.org/view...t=login#p11169

Basically, non-contao system of some form where users log in and I want to be able to log those users into Contao automatically, once they've logged into the other system (or at some point whilst they are on it) so that when the click the link to the protected contao page, they are not prompted to log in again. The sites will appear as 1 site to the end user.

I came accross this:

Code:

function do_post_request($url, $data, $optional_headers = null)
{
  $params = array('http' => array(
              'method' => 'POST',
              'content' => $data
            ));
  if ($optional_headers !== null) {
    $params['http']['header'] = $optional_headers;
  }
  $ctx = stream_context_create($params);
  $fp = @fopen($url, 'rb', false, $ctx);
  if (!$fp) {
    throw new Exception("Problem with $url, $php_errormsg");
  }
  $response = @stream_get_contents($fp);
  if ($response === false) {
    throw new Exception("Problem reading data from $url, $php_errormsg");
  }
  return $response;
}

at :

http://wezfurlong.org/blog/2006/nov/...-without-curl/

But I cannot get this to work - I get issues with the request token (it is set in the form that gets opened, if I output the response) but no login happens and if I then use that outputted form, I get a token verification error.

Does anyone have any ideas?

**winanscreative** · 07/15/2012, 15:33

Here's a thought:

Try to tap into a TL_HOOK as far upstream as you can. If the user is not logged into Contao yet, you are going to need to check their login status in the other system. I am assuming that you could do this via a cookie or via the session ID. You will also need to retrieve the username and password from the other system and set that to the post values using Input->setPost(). Then call User->login(), and tap into the $GLOBALS['TL_HOOKS']['importUser'] Hook to manually load the User in User->login() if they do not exist in the tl_member table yet, set some things like User->loginCount so that it does not trip the "too many attempts" error, (see checkAccountStatus()), and then use the $GLOBALS['TL_HOOKS']['checkCredentials'] Hook to authenticate the user.

I am guessing that you will need to have some sort of username data-sync between the tl_member table and the user table in the other system to make this work effectively, but it sounds like it could be done. Also, depending on where you tap into the original Hook you may need to reload after you authenticate.

Now, I haven't actually tried this, but that's where i would start.

**redwax** · 07/17/2012, 16:34

Originally Posted by winanscreative

Here's a thought:

Try to tap into a TL_HOOK as far upstream as you can. If the user is not logged into Contao yet, you are going to need to check their login status in the other system. I am assuming that you could do this via a cookie or via the session ID. You will also need to retrieve the username and password from the other system and set that to the post values using Input->setPost(). Then call User->login(), and tap into the $GLOBALS['TL_HOOKS']['importUser'] Hook to manually load the User in User->login() if they do not exist in the tl_member table yet, set some things like User->loginCount so that it does not trip the "too many attempts" error, (see checkAccountStatus()), and then use the $GLOBALS['TL_HOOKS']['checkCredentials'] Hook to authenticate the user..

Thanks for your thoughs on this Blair - I'll get back to this project shortly, so if I have success with this I'll post an update here.

redfeilds18 · 08/01/2012, 19:14

We have a web form where accountants can fill in requests and that part is taken care of. But after their login we redirect them to a third-party website where we need more information from them. The process is crazy right now since we have to give our account login info to all people filing with us. So is there a way in PHP or any other solution where we can after that form on our website auto login with our information to that third party website in a way that our credentials are not visible to the users using the service?