Welcome to Geeklog, Anonymous Thursday, November 21 2024 @ 02:38 pm EST
Geeklog Forums
Help with big authentication hack
Status: offline
amckay
Forum User
Full Member
Registered: 03/23/02
Posts: 180
Hey folks,
I want to hack GL to work on our corporate network at work. i.e. to work with our current web authentication system. I think it will be easy if you can guide me where to hack.
I have to completely remove the GL login stuff. On corporate websites you can only get to the website if you are already authenticated with your corporate ID and password. Any attempt to access a site when you are not authenticated will shunt you off to an authenticate site, then shunt you back after you've authenticated. So user information is already available in PHP the HTTP info as soon as the user gets to the GL site.
What I want to do is hack into GL and somewhere (tell me where) nuke the GL login, and then (tell me where again) pull the stuff out of the corporate HTTP info to populate the GL _USER variable. In this same place I will check to see if the visitor already has an account in the GL DB, and if not I'll pull the appropriate info out of the corporate HTTP info and create a user in the users table. I already know how to do that.
Does this sound doable to you? Can you tell me where to go hacking?
thanks,
-Alan
I want to hack GL to work on our corporate network at work. i.e. to work with our current web authentication system. I think it will be easy if you can guide me where to hack.
I have to completely remove the GL login stuff. On corporate websites you can only get to the website if you are already authenticated with your corporate ID and password. Any attempt to access a site when you are not authenticated will shunt you off to an authenticate site, then shunt you back after you've authenticated. So user information is already available in PHP the HTTP info as soon as the user gets to the GL site.
What I want to do is hack into GL and somewhere (tell me where) nuke the GL login, and then (tell me where again) pull the stuff out of the corporate HTTP info to populate the GL _USER variable. In this same place I will check to see if the visitor already has an account in the GL DB, and if not I'll pull the appropriate info out of the corporate HTTP info and create a user in the users table. I already know how to do that.
Does this sound doable to you? Can you tell me where to go hacking?
thanks,
-Alan
9
13
Quote
All times are EST. The time is now 02:38 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content