Several people have asked how to extend their eve login to *another* web site -- that is, use the eve login to protect pages that live on a completely separate server.

Try this out. Are you logged in here at Infopop Nation? Then you can go to this other domain:

http://evedev.com/test.php

If you are NOT logged in, you'll be asked to login back here at Infopop Nation.

Here's what you need to try this out.

Download the zip file attached here and follow the directions. You need to upload one "include file" to your web site and paste this code into the top of your php pages.

<?php
include_once('SimpleAuthentication.inc.php');
setEveURL('http://yourevesite.infopop.cc/eve');
setSiteURL('http://yourdomain.com/test.php');
login();

?>

You'll edit this block to point to your own site.

In your eve control panel add the domain you want to allow to authenticate (Master Settings -> Advanced -> Allow requests from these specific Domains).

We're just testing this "widget" now. Please try it out and post your questions here.

SimpleAuthentication_Widget.zip (4 Kb, 119 downloads) Widget

Thanks. Hopefully I can convince some people to deploy this on my community's main site.

Thanks Michael!!! I'll give it a try tonight and over the weekend. If I can mod this script to return the "Display Name" as well, then I will be able to do everything I want! It will allow me to not only authenticate a user via eve but allow me to integrate a single sign-on between eve and a bunch of open source stuff I use.

Actually the display name is available. The script will piggy back any PHP session that is loaded when it is called, or load a new one if there isnt one loaded already. The username and userOID are stored in the session so that the script has access to it.

You can access the display name through:

$_SESSION['eve_display_name']

So you can do things like:

echo "Welcome {$_SESSION['eve_display_name']}<br/>";

to welcome a user to your webpage. Make sense?

Thanks Jonmark! This should work perfectly... Can't wait to get home and try it.. Firewall at works blocks a lot!

Great idea Jonmark. I forgot all about that.

I edited it into http://evedev.com/test.php

as

Welcome! <b><?php echo $_SESSION['eve_display_name'] ?></b>

Ok, first attempt =

http://tools.razorthought.com/thevault/test.php

eve = http://razorthought.com/eve

So I did this...

<?php
include_once('SimpleAuthentication.inc.php');
setEveURL('http://razorthought.com/eve');
setSiteURL('http://tools.razorthought.com/thevault/test.php');
login();

?>

and my results are...

Login Required, please try again later.


I tried closing all instances of the browser.
I tried IE and FIREFOX
I also tried logging out of eve and back into it again.
And I did add the domain to my eve security config.

I'm sure it is something silly...

Have you been working on this? When I click the link I am taken to Groupee to login, and then to your site to register (not a member).

I didn't sign up, but so far it looks correct.

It does prompt you to login but after you enter your Groupee ID an password you get the message "Login Required, please try again later."

I get the same thing.

The error means that when your script did a call back to eve to confirm your security token, it failed. Reasons for this could include blocking any HTTP GET requests from inside the server where you are running things or you may have disabled some of PHP session handling defaults? Possible? Last but not least what version of PHP are you running?

I'll flag this to the attention of the widget author.

This message has been edited. Last edited by: MichaelF,

look like the download count isn't working correctly. still 0 downloads?

Hey guys,

One thing to check is the setting for allowed referrers for the simple authentication API. In your control panel:
Eve -> Master Settings -> Advanced -> Authentication Requests

Select "Allow requests from these specific Domains" and be sure that the IP/domain from which the external script lives is included in the list of domains.

037: We're aware of the download count issue and will be looking into it next week. Thanks for the heads up

The domain is in there. I also tried it by IP. I even tried making sure it was wrong to see what error you get --you get "Invalid Remote IP".

Which means I know the request if getting through. I do have sessions enabled in php, I use them for other programs. PHP 4.3.2

Help me Obie-One Widget creator! Your my only hope!

The script will cache in the session that your login with eve either failed or was invalid by the security check.

My only guess is that this has something to do with the authentication request between the script and Eve behind the scenes after the user is sent back to the script from Eve.

It could be a URL encode or decode problem with the token...

What version of php are you using?

Jonmark

FYI - for any of you having a simular problem. It works now! I had to add the IP of my virtual hosting server to the list of authorized DOMAIN (not ip) in the eve control panel>>master settings>>advanced section.

Found a bug with the widget. It does not return to https:// url's.

include_once('SimpleAuthentication.inc.php');
setEveURL('http://razorthought.com/eve');
setSiteURL(' https://tools.razorthought.com/surfsafe/phproxy-free.php');
login();

This message has been edited. Last edited by: theclam,

Not really a bug but an limitation of the SSL requirements for certificates. Also since the API doesn't pass any secure information, it's not really needed.

I guess my point is that the setSiteURL function will only return to a NON https url. When I put one that is https it redirects back to http.

Does that make sense? It ignores the (' https://tools.razorthought.com/surfsafe/phproxy-free.php'); in the setSiteURL and converts the url to http://tools.razorthought.com/surfsafe/phproxy-free.php

In my case my script needs to run over ssl.

Good catch theClam,

The script was trying to be more clever than it should be. I updated it to just use what it is told and not try to figure it out.

Where would you like me to email the updated script? If you dont mind testing it for me.

This looks extremely useful, but unfortunately the server I would like to use this with is running PHP 4.1.2, so file_get_contents doesn't work. What I know about PHP could be written on the back of a stamp, so forgive what is probably a stupid question - are there any workarounds for this (apart from PEAR which seems a nightmare to set up...)?