Author Topic: Security in RSS feature - Take 2  (Read 2390 times)

metabyte

  • Newbie
  • *
  • Posts: 7
    • View Profile
    • Email
Security in RSS feature - Take 2
« on: June 17, 2009, 02:42:59 pm »
Hello,

Using version 1.4.1, it seems that auto-login using the twisted token has been removed. Prior to this, the user could automatically authenticate to the system once he/she got the twisted token.

I would like to restore this functionality (since I will be using OG behind the firewall). How should I proceed?

Thanks

ignacio

  • Hero Member
  • *****
  • Posts: 1703
    • View Profile
Re: Security in RSS feature - Take 2
« Reply #1 on: June 22, 2009, 12:21:06 pm »
What you want is to be able to login with the token? What does the firewall have to do with it?

You can add a new controller that logs you in with the token and user id and access that controller every time you need to login. In that function you would do something like this (assuming you send an 'id' parameter with the user's id and a 'token' parameter with the user's token):
Code: [Select]
$user = Users::findById(array_var($_GET, 'id'));
if (!($user instanceof User)) {
    die('Wrong user');
}

if (!$user->isValidToken(array_var($_GET, 'token'))) {
    die('Wrong token');
}

CompanyWebsite::instance()->setLoggedUser($user);