SMF SSO Integration Info

July 27, 2015 at 05:59 AM

Firstly, you'll need smf_2_api.php. https://github.com/erazorbg/smfapi/blob/master/src/SmfApi/Server/api/smf_2_api.php. Place this file in your SMF forums directory (the root, forums/ forum/ or whatever).

Now, download Kieran's SSO code:

https://bitbucket.org/KHardern/vatsim-sso-demo/src

Modify index.php:

<?php
require_once("***FORUM DIRECTORY***/smf_2_api.php");
// a session is required to store the token details in
//session_start();
//** This is no longer required as SMF's API creates a session for SMF and is usable here as well.  SMF's Session is required.
// You can leave session_start(), it'll nest another session within SMF's session.

ini_set('error_reporting', E_ALL);
ini_set("display_errors", 1);

require('OAuth.php');
require('SSO.cl[Mod - Happy Thoughts].php');
require('config.php');

// initiate the SSO cl[Mod - Happy Thoughts] with consumer details and encryption details
$SSO = new SSO($sso['base'], $sso['key'], $sso['secret'], $sso['method'], $sso['cert']);

// return variable is needed later in this script
$sso_return = $sso['return'];
// remove other config variables
unset($sso);

// if VATSIM has redirected the member back
if (isset($_GET['return']) && isset($_GET['oauth_verifier']) && !isset($_GET['oauth_cancel'])){
   // check to make sure there is a saved token for this user
   if (isset($_SESSION[SSO_SESSION]) && isset($_SESSION[SSO_SESSION]['key']) && isset($_SESSION[SSO_SESSION]['secret'])){

       /*
        * NOTE: Always request the user data as soon as the member is sent back and then redirect the user away
        */

       echo '<a href="index.php">Return</a><br />';

       if (@$_GET['oauth_token']!=$_SESSION[SSO_SESSION]['key']){
           echo '<p>Returned token does not match</p>';
           die();
       }

       if (@!isset($_GET['oauth_verifier'])){
           echo '<p>No verification code provided</p>';
           die();
       }

       // obtain the details of this user from VATSIM
       $user = $SSO->checkLogin($_SESSION[SSO_SESSION]['key'], $_SESSION[SSO_SESSION]['secret'], @$_GET['oauth_verifier']);

       if ($user){
           // One-time use of tokens, token no longer valid
           unset($_SESSION[SSO_SESSION]);
/*************************************************************

           // Output this user's details
           echo '<p>Login Success</p>';
           echo '<pre style="font-size: 11px;">';
               /*
                * NOTE: In a live environment, save these details and then redirect the user
                */
               print_r($user->user);
           echo '</pre>';

           // do not proceed to send the user back to VATSIM
           die();
BELOW IS CODE TO USE API TO LOGIN TO SMF:
****************************************************************/
           smfapi_login($user->user->id);    // Log user in to SMF.  This [Mod - Happy Thoughts]umes username is their CID.
           header("****http://URL TO FORUMS HERE****");    // Redirect user back to SMF
       } else {
           // OAuth or cURL errors have occurred, output here
           echo '<p>An error occurred</p>';
           $error = $SSO->error();

           if ($error['code']){
               echo '<p>Error code: '.$error['code'].'</p>';
           }

           echo '<p>Error message: '.$error['message'].'</p>';

           // do not proceed to send the user back to VATSIM
           die();
       }
   } 
// the user cancelled their login and were sent back
} else if (isset($_GET['return']) && isset($_GET['oauth_cancel'])){
   echo '<a href="index.php">Start Again</a><br />';

   echo '<p>You cancelled your login.</p>';

   die();
}

// create a request token for this login. Provides return URL and suspended/inactive settings
$token = $SSO->requestToken($sso_return, false, false);

if ($token){

   // store the token information in the session so that we can retrieve it when the user returns
   $_SESSION[SSO_SESSION] = array(
       'key' => (string)$token->token->oauth_token, // identifying string for this token
       'secret' => (string)$token->token->oauth_token_secret // secret (p[Mod - Happy Thoughts]word) for this token. Keep server-side, do not make visible to the user
   );

   // redirect the member to VATSIM
   $SSO->sendToVatsim();

} else {

   echo '<p>An error occurred</p>';
   $error = $SSO->error();

   if ($error['code']){
       echo '<p>Error code: '.$error['code'].'</p>';
   }

   echo '<p>Error message: '.$error['message'].'</p>';

}

?>

The line to login to SMF is the: smfapi_login($user->user->id); line.

It would behoove you to check the return code from smfapi_login to determine login success or failure. Login failure is usually the user doesn't exist. You can use the API to register the user (if desired). If implemented as is, the user will be forwarded to the forums without being logged in with no error messages. Look at the function smfapi_register in the smf_2_api.php file comments at the top to see how to register a user. You can also look at the comments to determine alternate methods of logging in a user.

Now in Sources/Subs.php

Look for this code:

		'login' => array(
			'title' => $txt['login'],
			'href' => $scripturl . '?action=login',

Change the 'href' => to point to your SSO index.php file (the big code block above that handles the communications and redirect to VATSIM's SSO). ***REMEMBER THIS STEP. If you upgrade SMF and Sources/Subs.php gets modified (which is likely), you will need to redo this step to maintain SSO integration.

SMF SSO Integration Info

Recommended Posts

Daniel Hawton

Link to comment

Share on other sites