Dear All
Can any one help me with the following? It's a bit long winded, sorry.....
I am designing a site which uses phplib's auth and sessions to validate a
user. The database storing the data is the same as that used to store user
details and validate against our EDMS (Electronic Document Management
System).
The EDMS has it's own web server and normally validates using its own calls to this web server (see below). However we now propose to provide access to the EDMS to users only after they have attached to the main web site via the phplib functions.
The user logs into the main site and the problem arises when the user tries to access the EDMS web pages. The
EDMS web server expects the user to validate again, since it has no way of Knowing we've already validated the user, which seems a bit pointless. I'd like to have just the initial PHPLIB login. In order to do this I need to convince the EDMS system that the user is already logged in.
The process for accessing the EDMS system (in this instance it's free text
retrieval function) is as follows:
The user clicks on the url/button which uses the following url
http://edmwebserver:3559/EDM/dosetvault?vaultname=QA_Control&destination
=http://edmwebserver:3559/EDM/ftr
The edm web server then checks for a valid cookie and if its not there asks
the user to login. This is done via a similiar url thus.
http://edmwebserver:3559/EDM/dologin/?username=username&password=password
I would like to have it so that only one login is required ie the initial
login via PHPLIB.
I thought of spoofing the cookie, but
a) can't work out its format
EDMSESSION
UCWKTERL
edmwebserver/
3530499328
29406357
1469498128
29332932
*
b) I'm not sure exactly how cookies work. Does the server maintain a record some where and expects this to match the cookie on the client, or does it merely check for a cookie and then read the info therin to see if dates etc are valid? How does this work?
I then thought of sending this login url to the server. I tried using
sockets
<?php
//A test script to open a port on the edm server and login
//Set up the variables
$edmServer = "192.168.10.01";
$edmPort = 3559;
$edmTimeOut = 10;
// open a socket
if(!edmTimeOut) {
// without timeout
$edm_handle = fsockopen($edmServer, $edmPort);
}
else {
// with timeout
$edm_handle = fsockopen($edmServer, $edmPort, &$errno, &$errstr,
$edmTimeOut);
}
if(!$edm_handle) {
echo "Connection Failed!!\n";
printf("Error: %s (%s)\n",$errstr, $errno);
exit();
}
else {
echo "Connected\n";
$tmp = fgets($edm_handle, 1024);
echo "$tmp";
}
?>
This script does seem to open the socket (ie I don't get the connection
failed message)to the server but takes about 5 miniutes to do so. I can
only assume the edm webserver isn't happy with the sockets approach. :p(
Any ideas?
Finally is it possible to "transmit" the url
http://edmwebserver:3559/EDM/dologin/?username=username&password=password
from the server, on the users behalf (so they don't know it's happening) and
have the cookie returned to them?
Ideally I would like to understand the cookies and spoof them as this appears the most elegant approach but any thoughts any one might have, on anu of the ideas[or any better ones] would be much appreciated.
I hope the e mail wasn't too long :p)
Many thanks
Paul
