what do i need to know/use to authenticate users on my login page based upon their gmail/yahoo/hotmail/msn etc. username and password. i.e if they have a valid gmail username and password, they can acess my site.....

Offhand I can think of 2 ways to do this.


The first is have the users type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins. Some sites do this. But you are relying on your users to trust you with their email login info.

The 2nd is to request the users email address. Then email them some sort of verification to that email. In that email, send them a return link back to your site with a unique identifier to know that it was them. You won't know if they are currently logged in, but you will know if their email account was valid or not.

type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins.
---
could you please refer me some of the resources apart from php.net which would help me in achieving this?

Offhand I can think of 2 ways to do this.


The first is have the users type in their google/yahoo/msn/etc account info into your site, and then use cURL to make sure that they are valid logins. Some sites do this. But you are relying on your users to trust you with their email login info.

The 2nd is to request the users email address. Then email them some sort of verification to that email. In that email, send them a return link back to your site with a unique identifier to know that it was them. You won't know if they are currently logged in, but you will know if their email account was valid or not.

change the $LOGINURL. Make sure the $postfields fields are named the same on the actual login form, and use the following code. If the login was successful, $result will hold the HTML for the page logged in to.

When you use a browser to log into a page, you enter a username and password.
The code below pretends it's a browser, and does the same thing a real browser would do. Instead of seeing the results in a browser, the HTML page is loaded into $results. do some preg matches to make sure the username and password logged into the site.

web based email is blocked for me at work, or I'd get 1 working for you. It should be fairly easy given my code though.

$cookie_file_path = "cookies/cookiejar.txt"; // Please set your Cookie File path
$fp = fopen("$cookie_file_path","w") or die("<BR><B>Unable to open cookie file $mycookiefile for write!<BR>");
fclose($fp);


    $LOGINURL = "http://www.insertsitehere.com/asp/logon.asp";
    $postfields = 'user=username&Passwd=yourpassword';
    $agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL,$LOGINURL);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS,$postfields);
        curl_setopt($ch, CURLOPT_USERAGENT, $agent);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
        curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
        $result = curl_exec ($ch);

I have figured out how my page would be authenticating based upon the below code snippet.

I have understood every line expect the one where we are defining the headers array.
could you please throw some light over that? Any improvements that anyone would like to suggest?

<?php
$username = "gmail_username";
$password = "gmail_password";


$ch = curl_init('https://gmail.google.com/gmail/feed/atom');

$headers = array(
"Host: gmail.google.com",
"Authorization: Basic ".base64_encode($username.':'.$password),
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
"Accept-Language: en-gb,en;q=0.5",
"Accept-Encoding: text",
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);


$html = curl_exec($ch);

if(preg_match("/\bUnauthorized\b/",$html)) {
		echo "Invalid Login/Password";
}
else {
		echo "Gained Access";
}

curl_close($ch);
?>

The headers array holds info that browsers and web servers use to talk before the actual HTML.

Everything looks good.

I suggestion would be to put the site specific in an array (google/yahoo/msn/etc) and make it a class or at least a function.

a final note: Google allows you to host your email for any domain on their gmail servers. so kireol@somecleverdomain.com could actually be google's gmail. so when it comes time to prompt your users for their email, if you do not recognize it as a predefined domain, you might want to allow users to define the mail host.

This question has already been answered. Start a new discussion instead.