login form

Having trouble installing serendipity?
mrw02536
Regular
Posts: 31
Joined: Sat Nov 02, 2013 9:25 pm

Re: login form

Post by mrw02536 »

Ian, Thanks for the help/advice. I'll dig into it.
I did have another thought. Since I know the inner workings of my own website, perhaps it would be easier to use Serendipity as a portal to my home page. How difficult is it to change the Serendipity front end to incorporate my home page?
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: login form

Post by Timbalu »

mrw02536 wrote:I [...] use Serendipity as a portal to my home page. How difficult is it to change the Serendipity front end to incorporate my home page?
That depends on your home page! Serendipity is customizable through different Plugins like Staticpages, Multiusers, etc and uses easy Smarty Templates for the frontend output. With the last you can certainly do all things, which you are able to code manually in HTML/JS and more. Therefore it is quite easy to use it as a CMS, but internally stays to be a racing horse for BLOG systems. If that fits with you perceptions of a home page, it is much better to have one system than two.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
mrw02536
Regular
Posts: 31
Joined: Sat Nov 02, 2013 9:25 pm

Re: login form

Post by mrw02536 »

Ian, this approach seems to work. I modified the 'serendipity_admin.php' file to include my website login validation starting at L24 using the username and password entries from the Serendipity login.
At the start of the file I included the necessary input files from my website.
The result is that by logging in to Serendipity I simultaneously login to my website as well which I can open in a separate window. Of course I will have to work on combining the registration of new users but since both applications use the same database this shouldn't be too difficult.
Here is what the modification looks like:


$username = $serendipity['serendipityUser'];
$password = $serendipity['serendipityPassword'];
if (empty($username) === TRUE || empty($password) === TRUE) {
$errors[] = 'You need to enter a username and password';

} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';


} else if (user_active($username) === false) {
$errors[] = 'You haven\'t activated your account!';

} else if (strlen($password) > 32) {
$errors[] = 'Password too long';
}

$login = login($username, $password);
if ($login === false) {
$errors[] = 'That username/password combination is incorrect';

} else {

$_SESSION['user_id'] = $login;
}

What do you think?
mrw02536
Regular
Posts: 31
Joined: Sat Nov 02, 2013 9:25 pm

Re: login form

Post by mrw02536 »

My modifications worked fine.
I open my home page and link to the Serendipity login page.
I login with Serendipity which simultaneously logs me in to my website
Once logged in a new window opens up to my website home page with the user logged in
I have a link on this page to the blog page where I'm also logged in.
Turned out to be pretty simple solution.

For registering new users I will use my website page for registering new users and enter the username, password and email address into the Serendipity table in my database as well as my own table of users. There will be some redundancy with the two tables but it's not a big deal. I will, however, need to know the specific encryption algorithm for passwords. I use straight md5 so my encrypted passwords will not match up with Serendipity. You can save me some time figuring out the code if you can point me to it. You did mention 'salted hash' but I need to know how the random 'salt' is determined.

I'm really impressed with the coding that went into Serendipity and it will take me months to really work through it.

regards, Rich
mrw02536
Regular
Posts: 31
Joined: Sat Nov 02, 2013 9:25 pm

Re: login form

Post by mrw02536 »

Ian, never mind the password question, I figured it out:

serendipity_hash($password) converts plain text to the encrypted password in Serendipity; I just use
MD5($password). I could change mine to match easily enough.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: login form

Post by Timbalu »

Yeah. And if you need to automate the register process for normal authors just use this.

Code: Select all

include 'serendipity_config.inc.php';
$username   = "John";
$password   = "secret";
$realname   = "John Doe";
$email      = "john@example.com";
serendipity_addAuthor($username, $password, $realname, $email);
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
mrw02536
Regular
Posts: 31
Joined: Sat Nov 02, 2013 9:25 pm

Re: login form

Post by mrw02536 »

Ian, acutally, I wrote my own 'add_author' function with adding include 'serendipity_config.inc.php'; but I can see the benefits to that I'll give it a try. Incidentally, I fixed the password encryption difference by setting the 'hashtype' to 0 in the 'serendipity_authors' table.
Lately I've been working with the style sheet to change the look of the serendipity login page to match my website.

BTW. on the subject of 'salted_hash' for password encryption. I noticed that 'salt key' is not unique for each user with the same clear text password. I thought the idea of 'salted_hash' was that different users with the same password would have different encrypted passwords. To do this the salt key is usually based on something like the time the user was created. In Serendipity, however, the salted_hash password is the same if the clear text password is the same regardless of the user.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: login form

Post by Timbalu »

mrw02536 wrote:Ian, acutally, I wrote my own 'add_author' function with adding include 'serendipity_config.inc.php'; but I can see the benefits to that I'll give it a try. Incidentally, I fixed the password encryption difference by setting the 'hashtype' to 0 in the 'serendipity_authors' table.
Lately I've been working with the style sheet to change the look of the serendipity login page to match my website.
Do not change that much in core or DB, since this may rip sec holes. Using the API and hookin-by as a Plugin is still recommended!
mrw02536 wrote:BTW. on the subject of 'salted_hash' for password encryption. I noticed that 'salt key' is not unique for each user with the same clear text password. I thought the idea of 'salted_hash' was that different users with the same password would have different encrypted passwords. To do this the salt key is usually based on something like the time the user was created. In Serendipity, however, the salted_hash password is the same if the clear text password is the same regardless of the user.
Cannot say. That may be another question for @garvinhicking!
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Post Reply