Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Dawg
RavenNuke(tm) Development Team


Joined: Nov 07, 2003
Posts: 910

PostPosted: Sun Jan 27, 2008 7:19 am Reply with quote

Greetings All,
I have several sites that access another server for weather related data. This data is outside of Nuke and will stay outside of nuke. What I need to do is control access to that data by Groups. I have NSNGroups working.

What I am looking for here is theory for the How to do it. I want to make sure I am going about this correctly before I sit down to code it. (I will have questions there to I am sure...but...that is for a later time)

So my user HAS to be logged to access the services. HE clicks on the link....the data server needs to know who they are.....if they are logged in.....which site they came from....and what group they belong to.

What I am thinking is to pass the userid with the URL.
I assume I can pull the userid and $var it into the url
Have the data server check the db for that userid and....

How do I check which site they came from? (referrers are not relible)
In the past I have used a ping and pong approach.

How do I check IF they are logged in? (This is biggie...casue I have not idea) Will the logic behind "Is user" and "Is loggedin" work?

I assume I can run a query on the db to find out what group userid belongs to so that should be easy.

What do you think of this proposed process? Is there a better way?

Checking which site and if they are logged in is where I get blurrie....Am I going about this the right way?

Thank You for your time!

Dawg
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Mon Jan 28, 2008 12:53 am Reply with quote

First of all, don't use GET. Use POST instead. Next, I would set up a table that cross references the legitimate sites with a special and unique token of some kind. Then pass that with your call to the data server. You could store it is a $_SESSION parameter. Using SSL would make this much more secure, but in the absence of that, I would suggest using cUrl or even a socket connection to handshake and make confirmation.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©