11
Kiwi_Chris
Re: Coding Help
  • 2009/7/5 9:02

  • Kiwi_Chris

  • Just popping in

  • Posts: 79

  • Since: 2009/1/3 2


that is one way to do it, I think I'll use that until i find out how to use php to do that job for me.

Ideally though I need something that will do the work for me, as I already have 800+ members
and i have around 3-5 new members per day, so doing something manually is not ideal.

I thank all those that have commented here.

I will keep Googling around in the hope I'll find the info I need.

thx again all.

12
jegelstaff
Re: Coding Help

If the code on the game website is available without logging in, then it's a bad idea to base your account creation on the other website on verifying that code...since anyone could find it on the game website (ie: they don't have to login to see it).

You want to do the authentication based on some piece of information that the user gives you, that is only available on the game website to them personally, after they have logged in there.

Then you need to do some kind of web services call to the game website to verify this information against the game website's database.

Since you're looking for a way to authenticate individual users, Registration Codes is not useful in this case.

But it does sound like the exact situation openID is meant to handle. If you enable both sites to use openID, then basically people should be able to login to your website using the same login they use on the game website.

Good luck,

--Julian
Technical Architect - Freeform Solutions
Formulize - custom registration forms, ad hoc forms and reports

13
trabis
Re: Coding Help
  • 2009/7/6 17:58

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Jegelstaff, the code being visible is not an issue has long has we give user a private key.

$serial = md5('somethingwebmasteronlyknows' . $linktoprofile)

$privatekey = md5('anotherthingwebmasteronlyknows' . $serial)

Example, you can give the user a serial that he can paste it on his profile and provide him another key that he should keep private.
After the user paste the serial on the site2 he can go back to site1 and introduce the link to his profile and the private key.

This should be enough to authenticate the user.

Another aproach is using CURL. We ask user to provide username and password from the other site. CURL would then try to login and check if credentials were correct.

14
ghia
Re: Coding Help
  • 2009/7/6 22:06

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
since anyone could find it on the game website
The code is a hash of a user related data and is different for each user.
Quote:
We ask user to provide username and password from the other site.
AFAIK there is no need to, because the user comments are public readable. Because he can make a predefined comment at that place proves he is the user. (A little bit as the way Google verifies site owners by letting them place an keyvalue.html file).
Curl might be an option to do the verification, if the required game site URl can be 'calculated'.

15
Kiwi_Chris
Re: Coding Help
  • 2009/7/7 3:27

  • Kiwi_Chris

  • Just popping in

  • Posts: 79

  • Since: 2009/1/3 2


Hi all,

Yes what ghia said is correct, if the user is able to make a comment in there profile on the game website that proves they have access to it.

This is all I am trying to verify, so any random code would do,
and as long as its in there profile page (game site side) this proves they have control over this account.

this is enough for me then to put next to that members realname AKA, character name, "Verified Owner".

I do not want this to be another way for them to register or be authenticated, just to verify they are who they say they are.


Login

Who's Online

163 user(s) are online (124 user(s) are browsing Support Forums)


Members: 0


Guests: 163


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits