Thread

Is it possible to make a php code or something similar which auto logs in a user into a EE page?

Lets say I create user “joe” and I want some pages only to be displayed to Joe.

As far as I see, I need to log Joe into the system, but since I need to authenticate him from another system, I would like to auto log in directly to the page which is not available to the public.

Thanks

Hi Nibb,

Just to clarify, you have 2 different websites running EE and when a user logs into one EE site you want him to auto login to the second EE site is this correct? Then once logged in to the second EE site “Joe” would only be able to see certain pages is that correct?

Mike

Hi Nibb,

Just to clarify, you have 2 different websites running EE and when a user logs into one EE site you want him to auto login to the second EE site is this correct? Then once logged in to the second EE site “Joe” would only be able to see certain pages is that correct?

Mike

Not really, I just have a few pages made with EE.

I want to have a hardcoded PHP that has a username/password on it, when executed basically logs in that users into EE, so he can view the EE page.

I can set up EE to require basic auth, and actually pass the username/pass in the url, but this is not supported anymore by Internet Explorer.

Yes, you can do that. What I would do is use AJAX to auto login the user with the “joe” account right at the beginning when they hit your site. Then the user will have access to your EE pages any time they want to access them. I hope that helps.

Mike

But that would be insecure, as opposed to hard coding the logins in PHP itself in the page which cannot be seeing in the source code as opposed to Javascript/Ajax

There isn’t ´any sensitive in the pages, but I just like you to restrict it per public view.

First of all, how do users actually log into a EE page, without using the Apache auth, or using the Expression Engine administrator console itsel?

Is there a login form you can make for this? If yes, then the next step is to transform as auto filled when they hit the page, with the harcoded logins.

I tried the login form in the manual, but Expression Engine says there is an error with it. So I guess the documentation is pretty much outdated.

How do make a login form for EE members log in?

Sorry, I meant you can use AJAX to call your PHP script without having to pass the username/password info. They would be hard coded in your PHP script. But yes, there is a login module for EE which you can find here. I myself don’t like using the built in EE login module cause of the ugly “You are now logged in..” screen. So I use Authenticate which allows you to control where you want the user to land after they successfully login. I hope that helps.

Mike

Sorry, I meant you can use AJAX to call your PHP script without having to pass the username/password info. They would be hard coded in your PHP script. But yes, there is a login module for EE which you can find here. I myself don’t like using the built in EE login module cause of the ugly “You are now logged in..” screen. So I use Authenticate which allows you to control where you want the user to land after they successfully login. I hope that helps.

Mike

Thanks Mike, that was more or less my question, if its possible to authenticate users without using exactly the logging from EE, that means the example in their documentation, or the admin interface, which I think you could also use for members correct? But I would consider it more a security risk to expose your admin access just for members.

So the the link you posted for “authenticate” works with current EE members correct? I prefer not use external modules for member management, just what EE provides as what I need is very simple.

I guess if the answer is yes, I would need to see how I can use that on a EE page with hard coded logins. Where you just press enter to log in, or better, when the page is hit.

Yes the login module is specifically for member login not the CP. The authenticate extension is again just for member login not CP.

In your case you wouldn’t really need either of these you just need the PHP code that will allow you to log the user in. You can use something like this:

$this->EE->load->library('auth');

//login by email address
$auth_id = "[email protected]";
$auth_pass = "mysecretpassword";
$return = $this->EE->auth->authenticate_email($auth_id, $auth_pass);

//login by username
$auth_id = "myusername";
$auth_pass = "mysecretpassword";
$return = $this->EE->auth->authenticate_username($auth_id, $auth_pass);

Sorry I haven’t tested any of this but you get the idea. Now all you have to do is put this in your PHP script and call it using AJAX to auto login. I hope that helps.

Mike

This is way harder that what I imagined.

I tried an auto submit login button with Javascript, absolutely everything did not work. I tried CURL with PHP examples. Nothing.

So I got the post data from the basic EE login form when its submitted to see if I can just make a simple PHP directly call to the url that has the username&password; in it, but that does not work either,  because it seems the EE login form generated a unique value XID on each load.

The only thing I could do so far was:
Hide all values as hidden and just the “submit” button is displayed, but this is very ugly. Now I need to instruct a visitor to click the submit button, which then logs in to the page. You can look the username/pass in the source code, but I don´t care as the user is temporary and restricted to only that page so I don´t consider this a security bug either but it would be so much better if I could just load the page (which logs in the behind the user) and then just redirects to the logged in page.

Even better of course would be not be able to see the login in the source code. But sadly im not a developer and something this basic looks very hard to do on my side.

Is there someone I could maybe pay for this? I think this would be very easy to do correct?

What I want is basically:
1. Put the username and password on the page.
When its loaded, it basically uses this data to log in.

2. Same as 1, but the username/pass hiding as EE variables or PHP, basically that it does not show in the page source code.

All I need is send some users to a page on EE which is only available for them, not to the public. This seems rather hard to do without giving users real logins/pass which would be a real pain to do for every visitor.

PM me if you want me to have a look at this for you.

Cheers,

Mike

PM me if you want me to have a look at this for you.

Cheers,

Mike

I did 😊

Looks like someone already has an auto login plugin made called LogMeIn. Try it out and let me know how it works for you.

Cheers,

Mike

Looks like someone already has an auto login plugin made called LogMeIn. Try it out and let me know how it works for you.

Cheers,

Mike

Oh God, I feel so stupid. Did you know that I actually searched that site for login modules and I did read that one in particular as well but I closed the page because most where Facebook, etc, and I imagined this one was for the service “LogMeIn” which is a remote support service.

I cannot believe it. This is exactly what I was looking, so simple, one tag and works perfectly. Thank you 100 times for pointing me back into the right direction.

No problem. I was about to start making this plugin when I thought let me check the devot-ee.com site just in case 😉

I’m glad it works for you. All the best.

Mike