Gossamer Forum
Home : Products : DBMan : Customization :

using userid/pwd for multiple logons

Quote Reply
using userid/pwd for multiple logons
Hi all,

I am using dbman with the userfriendly html file and secure pwd lookup mod. I was wondering if it is possible to to use the userid/password from the dbman for another site too.

Allow me to elaborate. I have an alumni site that has a small list of users. I wanted to give email IDs to users who have registered and provided their detailed info. My question was - would it be possible that when a user logs in to the database he may simultaneously be logged in to the email also so that along with the other links in the footer I may also be able to add the link "check email". I am not sure if this makes sense or not.

One possible procedure that I thought off was that if the userid and the password are the same on both locations then when the user clicks on "check email" the userid/pwd can be read off the password file and passed on to the other site. The email application is provided free by oemmail.com.

I would appreciate any help or suggestion in this regard. Thanks in advance

FHN
Quote Reply
Re: [fhnaqvi] using userid/pwd for multiple logons In reply to
Shouldn't be a problem. Their form is:

Code:
<form method="post" action="login_email.ghc">
<td width="750" align="right" valign="middle"> <font face="Verdana" size=1 color="003366"><b>Email
Address</b></font>
<input type="text" name="email" value="" size=7 maxlength=50 required="yes" message="Please enter email address.">
<font face="Verdana" size=1 color="003366"><b>Password</b></font>
<input type="password" name="password" size=7 maxlength=20 required="yes" message="Please enter your account password.">
&nbsp;&nbsp;
<input type="image" border=0 src="http://graphics.themail.com/images/oemmail/login2.jpg" alt="Login" width="42" height="20" name="image">
&nbsp;&nbsp;</td>
</form>

In your footer, you could do something like:

Code:
<form method="post" action="http://oemmail.com/login_email.ghc">
<input type="hidden" name="email" value="$rec{'Email'}">
<input type="hidden" name="password" value="$rec{'OEMPW'}>
<input type="image" border=0 src="/img/your_graphic_that_says_Check_Email.jpg" name="image">
</form>

Only problem is that DBman stores user passwords as MD5 hashes (a good thing!), meaning that there is no way to embed the same password in the form above. One solution would be to create a new field specifically for the OEMpassword, which I refer to as OEMPW above. Hoep that helps...
Quote Reply
Re: [oldmoney] using userid/pwd for multiple logons In reply to
Hi Oldmoney,

Thanks for your reply. I am what you may call "technologically challenged" to some extent. I need a little more detailed instructions if it is possible for doing this. I used the code that you had suggested but the password field remains empty while the userid field does get populated. How can I get the password field populated so that the form submission is complete. I did notice that you had used the "oempw" field but where do I get/put that. Is the suggested solution going to make the db easy to break into? There is no sensitive data but if someone can break in then he may mess around which could be quite a headache.

Thanks again for your help.

FHN
Quote Reply
Re: [fhnaqvi] using userid/pwd for multiple logons In reply to
bah!

I had just about finished the code for this and then hit escape, wiping it out.

bah!!! <let me cool down, and I'll type it out again>
Quote Reply
Re: [oldmoney] using userid/pwd for multiple logons In reply to
OK, here goes again...

First, I wanted to warn you about investing too much time in integrating
with a service you do not "control". I don't know OEMmail, but you
could probably duplicate the features on your own server with a CGI-
based system. Check out http://cgi.resourceindex.com/...rl/Web_Based_E_Mail/ for examples.

The primary advantage would be that you control it, and won't be subjected
to the whims of OEMmail (whether it be advertising or even discontinuation
of free service).

Second, there is a big potential integration problem you might encounter,
and that is once you assign an email account to a user, they can change
their password on the OEMmail site and effectively break any integration you
create with DBman. There is no way to prevent this, and no way to determine
what the new password is.

With that said Tongue, here's how I'd integrate the two:

1) create a new field in DBman called oempw, make it admin only (-1 permission)

2) manually create the OEMmail account (you could potentially automate this using LWP, but like I said before, I wouldn't invest that much time in integration)

3) edit the DBman user record, carefully copying the password you used to create the DBman account into the oempw field. Note that the oempw is not related to the DBman password and thus not a security issue. Each user should also have a unique oempw to minimize security breaches.

4) for the footer link, use:
Code:
if ($rec{'oempw'}) { print qq|<A HREF="$db_script_link_url&oem_email=1">Check email</A>|; }

5) in db.cgi, after
Code:
elsif ($in{'modify_record'}) { if ($per_mod) { &modify_record; } else { &html_unauth; } }

add
Code:
elsif ($in{'oem_email}) { if ($per_add) { &oem_email; } else { &html_unauth; } }

6) in db.cgi, before sub cgierr

add
Code:
sub oem_email {
# --------------------------------------------------------
# basic login integration with OEMmail by oldmoney
my ($oemURL)="http://oemmail.com/login_email.ghc";
my ($youroemDomain)="yourdomain.com";
# this assumes that your email addresses follow the format userID@yourdomain.com
%rec = &get_record($db_userid);
if ($rec{'oempw'}) {
print "Location: $oemURL?email=$db_userid%40$youroemDomain&password=$rec{'oempw'}\n\n"
}
}

I haven't tested it since I don't have an oemmail account, but I believe it should work.
Quote Reply
Re: [oldmoney] using userid/pwd for multiple logons In reply to
Hi oldmoney,

Thanks for the prompt and very lucidly explained procedure. I fully agree with your point of view of "control" on the services provided by a third party. However I am running a free site so there is basically no revenue generation from this source and as such would like to make use of only free services if possible.

That being the limiting factor can I trouble you for some more information? Can you tell me which of the web based emails as you suggested are good. I mean, I looked at them and they all have a lot of features and a lot of stuff that I dont know if I will even need or not. I dont even know what I should be looking for. I have more than one URLs so I would prefer to have something that can accomadate that too.

I would like to explore this option before I try to integrate the OEMmail thinggy. Thanks again for your help and guidance

FHN
Quote Reply
Re: [fhnaqvi] using userid/pwd for multiple logons In reply to
I actually have no experience with any of the web email scripts. You might post on the Internet Technologies board here and solicit opinions on which are worthy.
Quote Reply
Re: [oldmoney] using userid/pwd for multiple logons In reply to
Thanks! I will do that and see if that makes more sense. Once again thanks for your support.

FHN