Integrating admin login to existing website

Solutions for other advanced phplisters

Integrating admin login to existing website

Postby tuberb » 3:13pm, Tue 24 Jul, 2007

I am trying to integrate phplist into my client's site so that admins who have already logged in to their admin area (via a custom database-validated login) won't have to log in a second time to phplist. I would like to set things up so that my enclosing script does whatever setup is needed so that phplist considers the user logged in as an admin, without changing the code of the phplist modules themselves, so I don't have issues with new releases.

I have tried setting $_SESSION["adminloggedin"] and $_SESSION["logindetails"] variables in my script (where I am running phplist in an iframe) prior to invoking phplist but am still prompted to log in. I have also tried pointing to an alternate config file which has $require_login set off, but can't seem to make the alternate config file active.

My current fallback is to leave $require_login off, but am concerned about the security implications. I'd be very appreciative of suggestions on how to get there from here.

Thanks,

Barry
tuberb
phpList newbie
 
Posts: 2
Joined: 11:41am, Wed 18 Jul, 2007

Postby Mike_R » 4:20pm, Tue 24 Jul, 2007

If there's no admin logged in, the file /admin/index.php looks for $_REQUEST["login"] and $_REQUEST["password"] via the below line. If they're found then it will process the PHP List login, rather than displaying the login page.
Code: Select all
 if ((!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) && isset($_REQUEST["login"]) && isset($_REQUEST["password"]))

$_REQUEST is a super-global, containing $_POST, $_GET and $_ENV vars, so you can even login using the GET method. For proof of this, visit

http://demo.phplist.com/lists/admin/index.php?login=admin&password=phplist

Which logs you straight into the admin section of the demo site. Hope this helps, otherwise you may need to start looking at a custom authorisation script (if you can't retrieve the correct password from your other app).

PS "index.php" in the above URL is optional, it works just as well with "/admin/?login...."
Mike_R
PL Geek
 
Posts: 88
Joined: 10:34am, Wed 30 May, 2007


Return to Advanced Answers, Howtos, Tips & Tricks

Who is online

Users browsing this forum: No registered users and 1 guest

cron