what do i need to know/use to authenticate users on my login page based upon their gmail/yahoo/hotmail/msn etc. username and password. i.e if they have a valid gmail username and password, they can acess my site.....
kingben
Recommended Answers
Jump to PostOffhand I can think of 2 ways to do this.
The first is have the users type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins. Some sites do this. But you are relying on your users …
Jump to Postya, i knew google had that stuff. I wasnt sure about the rest though
All 8 Replies
kireol
10
Posting Whiz
Offhand I can think of 2 ways to do this.
The first is have the users type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins. Some sites do this. But you are relying on your users to trust you with their email login info.
The 2nd is to request the users email address. Then email them some sort of verification to that email. In that email, send them a return link back to your site with a unique identifier to know that it was them. You won't know if they are currently logged in, but you will know if their email account was valid or not.
kingben
Hey thanks ..... One addition::
For Google this would also help
http://code.google.com/apis/accounts/index.html
kireol
10
Posting Whiz
ya, i knew google had that stuff. I wasnt sure about the rest though
kingben
type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins.
---
could you please refer me some of the resources apart from php.net which would help me in achieving this?
Offhand I can think of 2 ways to do this.
The first is have the users type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins. Some sites do this. But you are relying on your users to trust you with their email login info.The 2nd is to request the users email address. Then email them some sort of verification to that email. In that email, send them a return link back to your site with a unique identifier to know that it was them. You won't know if they are currently logged in, but you will know if their email account was valid or not.
kireol
10
Posting Whiz
change the $LOGINURL. Make sure the $postfields fields are named the same on the actual login form, and use the following code. If the login was successful, $result will hold the HTML for the page logged in to.
When you use a browser to log into a page, you enter a username and password.
The code below pretends it's a browser, and does the same thing a real browser would do. Instead of seeing the results in a browser, the HTML page is loaded into $results. do some preg matches to make sure the username and password logged into the site.
web based email is blocked for me at work, or I'd get 1 working for you. It should be fairly easy given my code though.
$cookie_file_path = "cookies/cookiejar.txt"; // Please set your Cookie File path
$fp = fopen("$cookie_file_path","w") or die("<BR><B>Unable to open cookie file $mycookiefile for write!<BR>");
fclose($fp);
$LOGINURL = "http://www.insertsitehere.com/asp/logon.asp";
$postfields = 'user=username&Passwd=yourpassword';
$agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$LOGINURL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$postfields);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
$result = curl_exec ($ch);
kingben
Thanks a lot!!! ..... I'll try it out
kingben
I have figured out how my page would be authenticating based upon the below code snippet.
I have understood every line expect the one where we are defining the headers array.
could you please throw some light over that? Any improvements that anyone would like to suggest?
<?php
$username = "gmail_username";
$password = "gmail_password";
$ch = curl_init('https://gmail.google.com/gmail/feed/atom');
$headers = array(
"Host: gmail.google.com",
"Authorization: Basic ".base64_encode($username.':'.$password),
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
"Accept-Language: en-gb,en;q=0.5",
"Accept-Encoding: text",
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
$html = curl_exec($ch);
if(preg_match("/\bUnauthorized\b/",$html)) {
echo "Invalid Login/Password";
}
else {
echo "Gained Access";
}
curl_close($ch);
?>
kireol
10
Posting Whiz
The headers array holds info that browsers and web servers use to talk before the actual HTML.
Everything looks good.
I suggestion would be to put the site specific in an array (google/yahoo/msn/etc) and make it a class or at least a function.
a final note: Google allows you to host your email for any domain on their gmail servers. so kireol@somecleverdomain.com could actually be google's gmail. so when it comes time to prompt your users for their email, if you do not recognize it as a predefined domain, you might want to allow users to define the mail host.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.