Page 1 of 1

Automatic Scripts

Posted: Tue May 04, 2010 10:40 am
by kish27
Hi,
I am maintaining two sites in different servers , In that one i am using phpbb CMS and another one is ecommerce site .
Now i would like to integrate both the sites ie i add a menu to redirect to cms site from ecommerce site . but i would like to maintain common login for both the sites if user login in one site he didnt login to another one and viceversa . both sites are different database servers different .
How can i do this .
please share your ideas.

thanking you in advance

Re: Automatic Scripts

Posted: Wed May 05, 2010 5:48 pm
by mecha_godzilla
I think you might have a problem if one of your sites requires a much higher level of security than the other one.

If the sites relate to different services then they should have separate logins and be entirely self-contained, and if they are both part of the same service then they should be authenticated by the same system (though they do not necessarily need to run on the same server of course). Another problem you've got is that the security of your phpBB logins will undoubtedly be different to those for your ecommerce site (maybe better, maybe worse?) so not only are the security parameters different but you're increasing the amount of attack vectors.

Obviously, there are ways to do what you want but you need to consider how much liability you're exposing yourself (or your client to) if things go wrong. Remember every l33t h4x0r out there knows the following equation:

ecommerce = credit cards and personal information

If someone sees that they can gain access to your ecommerce system via phpBB (for which the source is easily obtained) and also identifies what other modules you're using with it then you're giving yourself a big, big problem. You also need to consider the wider implications - what will your credit card processor/merchant account provider think about the arrangement you're proposing? It also looks like phpBB CMS is quite new and there may be a wide range of exploits waiting to be revealed (or conversely there may not, but it depends on how well the module has been written.) Personally, I stopped using Joomla! for CMS duties because while Joomla! itself is OK-ish security-wise, the wide range of modules, mambots and components developed by third-parties for it may not be and I'm pretty certain that it was a poorly written mambot that lead to one of my sites being compromised.

HTH,

Mecha Godzilla

Re: Automatic Scripts

Posted: Thu May 06, 2010 2:57 am
by kish27
Hi mecha_godzilla , thanks for your reply .
No its not an security issue , As i said i want to maintain the site separately and each other .
i would like to provide a menu for forums in the e commerce site , while user click on that menu site redirects to phpBB ,
here the logic starts if the user already login before clicking the menu the user details want to go with respect to url and have to done auto login on another site and vice versa if user went from phpBB to e commerce same process ,
and would like to maintain a same registration for both the sites .
think it more clear
please assist me .


thanks

Re: Automatic Scripts

Posted: Thu May 06, 2010 3:37 pm
by mecha_godzilla
I'm still not sure I understand what you want to do.

You say that you want to keep the sites separate, but when a user creates a login on one site this can also be used with the other site, and if they log-in on one site they don't have to log-in again on the other. If the same login needs to apply to both sites then they can't be kept separate because they would need to share the same login information (which means that they both need to make a connection to the same database.) Even if they look different, and are run on different servers with different domain names, they are not separate if they share the same resources.

I don't know what ecommerce application you're using but it is very likely that it will store the login profiles in a completely different way to phpBB (so you need to look at your database tables to see if this is the case.) This means that you'll either have to write a new login process from scratch that both applications can connect to or replace the phpBB login scripts with the one used with the ecommerce software.

You need to think carefully about how secure this setup would be - remember that forums are frequently targeted by spammers and every phpBB account that is created also has access to your ecommerce application. I'm still not convinced that you can keep the system secure if someone logs-in on your phpBB forums and is then automatically logged in to the ecommerce application - what information will you be sending from one application to the other, and how secure would this be?

Regards,

M_G