Search found 6 matches

by hannuko
Sun Sep 07, 2008 5:42 pm
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Re: Certificate login

Please make sure you escape all data from the $_SERVER var correctly to prevent sql injection. You need to call $db->sql_escape on the variable in the query.

Beside that, the query itself should be uppercase (Ofcourse with the correct case for the table names, so lower case) instead of the current ...
by hannuko
Sun Sep 07, 2008 1:44 pm
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Re: Certificate login

Actually, the code was surprisingly simple. I first implemented it in a complicated way before finding out the auth plugin system.

This is what is needed to do: add an autologin for the auth plugin (for exmaple includes/auth/auth_db.php) you want to use. Autologin code is very simple:

function ...
by hannuko
Sat Sep 06, 2008 11:53 am
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Re: Certificate login

I succeeded to modify the source to allow certificate login. You can test it in

http://valita.dy.fi/bbvalita/viewtopic.php?f=48&t=41&p=50

Try it only if you really are interested. I only have a 600Mhz pentium running on the server. It has an old discussion forum in finnish (not very popular ...
by hannuko
Fri Jul 11, 2008 8:56 am
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Re: Certificate login

Actually, I think the apache ssl module handles the most of the login procedure. You just have to add one www-address (for example secure.my.site.com) to your site and require client certificate for that site.
After that, users can see that new www-page only if they have valid certificate. WWW ...
by hannuko
Fri Jul 11, 2008 7:33 am
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Re: Certificate login

First, sorry for this:

BTW, from the forum rules: "Don't post bug reports, feature requests , support questions or suggestions here."

I just could not find any other place for feature requests.

I think this is a feature where most people doesn't see the benefits. But if you have once tried the ...
by hannuko
Tue Jul 08, 2008 8:06 am
Forum: [3.0/Olympus] New features discussion
Topic: Certificate login
Replies: 11
Views: 73465

Certificate login

If certificate login is added to phpbbs as a feature, that would allow users to login securely with one password to several phpbbs boards .

The basic idea is to have a x.509 certificate on your own pc. When you connect to the phpbbs (or any site allowing certificate login), the server can check if ...