0

Hello all,
I have a challenge. Here's the scenario:

There are two sites. One has an activity and post-tests for some of those activities, and one has post-tests for the rest of them. They are two businesses, and for security purposes, neither allows direct queries of the other's backend from outside of their respective servers. Each requires authenticated logins. Each does not currently poll the other to set up accounts. Many users of one site find themselves confused when going to the other, and, ignoring all messages about needing to set up an account on each, continue to contact the webmasters of both sites about why their account doesn't work.

To solve this, the webmasters of both sides (myself being one of them) have put our heads together. As we are not allowed to directly query the database of the other, this is the solution reached:
1. If one has an account on the site with the activity, and tries to access a post-test on the other site (mine), their login is passed to my site.
2. If there's an account, great, they can go on ahead
3. If there isn't, I need to set up an account using the login information passed over to my script. To automatically fill out the rest of the information we need, my script then sends a request to the other server to get their information and update that account. The other alternative would be to have them fill this all out once again. Given how irritated they get about having to open two accounts, I'd like to avoid this, even if I end up going with it as a short-term solution.

Here's the challenge, as far as my side of this goes: I've looked at sending a form post to a handler script on the other server, and I've looked at using <cfhttp>. I'm either seeing functional difficulties with either approach. Or I may not be understanding either approach.

What would you suggest?

2
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by mmonclair
0

I haven't done anything like this. So I can't say whether there's a better option. But it certainly sounds doable from a technical standpoint. It's just a series of cfhttp posts and db queries on your end.

What issues are you seeing?

0

I haven't done anything like this. So I can't say whether there's a better option. But it certainly sounds doable from a technical standpoint. It's just a series of cfhttp posts and db queries on your end.

What issues are you seeing?

I was a bit unsure of using an automatically-triggered form to go back to the other server. I also tried using <cfhttp> to trigger a form request in a PHP script I set up on a different server, using a different backend, to simulate how this was going to be handled with my client, but it wasn't working in the way I had hoped (or at all, really).

I did find a workable solution, though, and have refined it a bit more, in consultation with my client. Instead of trying to do it all with one script, I broke it out into two. The first would conduct the search functions for accounts on my side, using the form variables passed over by my client, along with a URL token to create an identifier for the session. If there is an account, it will report back to the client that all is good.

If there isn't an account, the script will set up a basic one, and pass back the session token to the client via the URL attribute in <cflocation> and the first script closes. This will then trigger a query and a form post back from my client, handled by a second script, with the information needed to complete the user's account. The user will then be logged in and directed to the location of the appropriate post test.

0

Yeah, I was going to say it would definitely require multiple scripts. But it sounds like you got it figured out.

0

Just a followup...

I ended up going back to the <cfhttp> approach, as my colleague preferred to send the needed info back via a POST request. This approach, once we got our signals aligned on form values and other details, worked quite well. I can post more details if it would help anyone else doing a similar project.

0

I have a similar situation as what I described above, but for another project. This time, I have a login form on a page on a third party web host. I want to run a check on the registration application on my server. However, the database is locked down and only accepts connections from my server (we are very security conscious here). So I want to use a form handler on my server that checks the registration records here before allowing the user to log in on the third party host, passing along their login credentials.

The problem I have is in redirecting the user to the login processing script on the other site. Posting is fine, but I need to redirect, too. Here's how I've tried doing this:

<cfhttp method="post" resolveurl="yes" redirect="yes" url="http://www.othersite.com/login.php">
<cfhttpparam type="formfield" name="username" value="#username#">
<cfhttpparam type="formfield" name="password" value="#password#">
</cfhttp>

After a lot of trial and error, and looking up documentation at Adobe and elsewhere, I can't find what I'm doing wrong here.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.