A
adaniels
Guest
Currently to use external log, you need to know the password of the user. When the user is created you can generate one and save that. However this does not prevent the user from changing it through the admin panel or through 'forgot you password'.
It would be much nicer if next to the password there was another was to redirect the user and log him in. A (safe) solution for this would be to have a secret key, which is combined with the user name to create an MD5 hash. This key is known sitebuilder as well as in the external software, however it is not known to the user.
http://sitebuilder.example.com/external_login.php?Login=<?=$user?>&LoginHash=<?=md5($user.$secret_key)?>
It would be much nicer if next to the password there was another was to redirect the user and log him in. A (safe) solution for this would be to have a secret key, which is combined with the user name to create an MD5 hash. This key is known sitebuilder as well as in the external software, however it is not known to the user.
http://sitebuilder.example.com/external_login.php?Login=<?=$user?>&LoginHash=<?=md5($user.$secret_key)?>