MartynJ
Sun 22nd Sep '02, 1:42pm
OK, this is likely to be a long story and one that's probably got a simple solution just using some code that I am not familiar with. Basically, it goes something like this:
There are two sites. Site A is a vB forum. Site B is a Conventional website which also uses PHP/SQL for its content. What I am trying to acheive is to have the user database from the forums accessible on Site B, but of course, the owner of Site A isn't about to just hand over full access to their database. What I was thinking of doing was having two scripts. One on Site A (forums) and one on Site B. The script on Site A (forums) will be edited by the owner of Site A after I send it to them so as to allow access to their database. The script on Site B will take a username and pass from a visitor and then make a request like
http://www.sitea-forums.com/compare.php?user=user&pass=pass
(though in POST, not GET). These variables will be inserted into an SQL Query by the script on Site A which will check against the vB database. If they match, then that script will make a request like
http://www.siteb-website.com/logincheck.php?user=user&login=true/false
And depending on the outcome, the user will be logged in or out.
Now, the questions. Is it workable? What security issues are there? How can I get around any security issues? And would any kind souls offer up some example code? :)
There are two sites. Site A is a vB forum. Site B is a Conventional website which also uses PHP/SQL for its content. What I am trying to acheive is to have the user database from the forums accessible on Site B, but of course, the owner of Site A isn't about to just hand over full access to their database. What I was thinking of doing was having two scripts. One on Site A (forums) and one on Site B. The script on Site A (forums) will be edited by the owner of Site A after I send it to them so as to allow access to their database. The script on Site B will take a username and pass from a visitor and then make a request like
http://www.sitea-forums.com/compare.php?user=user&pass=pass
(though in POST, not GET). These variables will be inserted into an SQL Query by the script on Site A which will check against the vB database. If they match, then that script will make a request like
http://www.siteb-website.com/logincheck.php?user=user&login=true/false
And depending on the outcome, the user will be logged in or out.
Now, the questions. Is it workable? What security issues are there? How can I get around any security issues? And would any kind souls offer up some example code? :)