Flag to Indicate Successful Login

[THN]

Hi Sam.

If I've got the sequence of events correct, when this code...

[admin]

Hi Bill,

There isn't a flag as such, but basically if you put code onto your members page, it won't run unless a successful login has been made.

You can also find out WHO has logged in by using the PHP variables:

$username
$fullname
$receipt
$group

They can come in handy when writing membership scripts

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[THN]

Thanks Sam. I think the fact that any of those variables have a value would be a sufficient flag. I guess they'll be null or undeclared if the visitor is logged out?

However I seem to have come to something of an impasse with this project, when I realised something: The way I was heading, if any member logged in then the XML file would exist for all members!

I suppose I could be writing those identifying PHP variables to the XML file, but then it all starts to get messy and complex.

Seems to me that what I really need is a way to pass the value of one (or more) of the PHP variables directly to a file on the local hard disk, without going through a server-side file. That is, write the little XML file to the local disk, as what's on the local drive can only be accessed by the individual user.

But if I understand the "rules" of PHP correctly, writing to a local drive is prohibited.

Then again, maybe I'm seeing complexity where it doesn't exist.

Suggestions from any forum denizens of most welcome.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com

[admin]

Hi Bill,

That's true - you can't save a file to a user's local disk. This would be a massive security issue.

What is it you really wanted to do? What's the end result you're after?

You could try using a cookie perhaps?

But let me know what you're aiming toward, and I'll see what I can come up with

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[THN]

Thanks Sam.

I think I'm on the track of a solution - just need to get my head around a bit of JavaScript/XML stuff that I'm not familiar with. If it doesn't pan out I'll get back to you. There is one thing on the DLGuard side though that would help...

Is it possible to send the login e-mail address and password directly to DLGuard via a query string appended to a URL?

That would be handy for all sorts of interaction with external apps. Something like logging in from a custom application comes to mind.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com

[admin]

Hi Bill,

When you say "send the login e-mail address and password directly to DLGuard via a query string appended to a URL", do you mean you just want to send your customers details to DLGuard, and have DLGuard reply back as to whether or not they're valid?

If so, yes, you can do this!

If you have a look in DLGuard, go to the Help menu and select Developers.

On this page you'll see a couple of options for getting DLGuard to validate your customer's details.

You can use this for customer membership control, or even having your software "call home" to validate a customer really should have access to your software (and also shut it down in case of refund).

Is this what you were after?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[THN]

No Sam, I mean instead of manually logging in like this:

http://hackersnightmare.com/THN-Members/index.php

An external application (or a macro, or a hot-key combo, or whatever) could send this instead:

http://hackersnightmare.com/some_DLG_folder/filename.php?UID=connie@HerDomain.com&pw=herpassword

Whereupon the visitor would be silently logged in without going through the login form.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com

[admin]

Oh sorry about that, missed it completely

You can set up a silent login if you wish, but not via the URL directly like your example. The variables would have to be POSTed to your login form.

This can be done via a HTML form, or via a script using CURL or fsock.

It's a pretty simply thing for a programmer.

In fact, you could have a programmer create a script that will read the login details out of the URL, like in your example, and POST them to the members login form.

To the visitor this would just look like they clicked on a link and then appeared inside the members area.

Does this better answer your question?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[THN]

Hi Sam.

As you know I'm an ASP programmer with little knowledge of PHP, but once you put me on the track with CURL I was able to sort something out. For anyone else who might be interested this is what I came up with. It works fine, but any suggestions for improvement from experienced PHP people most welcome.

Here is the URL that the external application sends to a special page on the target domain; note the appended querystring that contains login credentials:

http://www.DomainName.com/curl.php?uid= member%40MemberEmail.com&pw=somethingtricky

The target of the above URL has the code below placed on a special page. I put it on a page by itself, imaginatively named curl.php, because I think having a special page for it is a good idea for a number of reasons.

[admin]

Hi Bill,

Nicely done!

I don't see any obvious way to improve it - it's best to keep things simple, in my opinion, and your script is nice and simple. And the best part - it works

Personally I'd just run with it!

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[Fretless]

[Fretless]

Actually I just accomplished what I wanted by adding a snippet of javascript to the membership template.

All I've got to do now I know it works is to code the switch so depending on the membership number the user gets pushed to the membership page they need and logged right in. Or I can choose to send the subscriber to the default membership template if I want.

For anyone who's interested, here's what I hacked together so far:

[admin]

Hi Sabrina,

That's brilliant, well done! And thanks for sharing the code!

For future reference:


Paypay IPN Repost:
This will simply repost the IPN data Paypal sends to your own script - so basically it's just like setting up an IPN URL in Paypal. You'll get the raw Paypal sales data.

This allows you to use this data for your own scripts, such as affiliate scripts for example.


Custom URL:
DLGuard will POST sales details to this URL at the point of sale. They're standard sales details that DLGuard has gotten from your customer when they've bought, and they're only posted when the sale is found to be valid.

This is handy for things such as scripts that send passwords, or maybe if you have your own registration system, or even mailing list signup scripts, etc.


cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard