1

Hello i want to create login sigle sign on (sso)

i have to ip 2 ip address

#1 http://192.168.10.203:2119/ for login (home)

#2 http://192.168.10.203:8007/ for access application (apps)

i have 2 database

  • db_home

  • db_apps

when i create login in home and set curl to file apps

file : proses_login.php in home

    <?php 
    include "con_db_home.php";
    $username = $_POST['username'];
    $pwd      = hash('sha512', $_POST['password']);
    $sql      = mysqli_query($con,"SELECT * FROM app_user WHERE username='".$username."' and password='".$pwd."' and status='1'");
    $result    = mysqli_fetch_object($sql);

    $_SESSION['id_user']        = $result->id_user;
    $_SESSION['username']       = $result->username;
    $_SESSION['status']         = $result->status; 
    $_SESSION['role']           = $result->role; 
    session_start();

  if($result->username!=""){
        $_SESSION['id_user']        = $result->id_user;
        $_SESSION['username']       = $result->username;
        $_SESSION['status']         = $result->status; 
        $_SESSION['role']           = $result->role; 

            $target_site = "http://192.168.10.203:8007/connect_curl.php";
            $myvars = 'id_sso='.$result->id_user;
            $ch = curl_init($target_site);
            curl_setopt( $ch, CURLOPT_POST, 1);
            curl_setopt( $ch, CURLOPT_POSTFIELDS, $myvars);
            curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
            curl_setopt( $ch, CURLOPT_HEADER, 0);
            curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
            $response = curl_exec( $ch );
            curl_close();
        header('Location: .');
        return; 
    }
    else {
          echo "<script language='JavaScript'> alert ('Wrong Username / Password'); </script>
                <script language='JavaScript'>document.location='.'</script>";
   }    
?>

file : connect_curl.php in apps

<?php 
ob_start();
session_start();
include("con_db_apps.php");
$id_sso = $_REQUEST['id_sso'];

if($id_sso==""){
    header('Location: .');
}
else  {
        $data_us = "select * from tbl_user where user_id_sso='".$id_sso."' ";
        $resultdb= $f->get_last_record($data_us); 
            foreach($resultdb as $key=>$val) $$key=$val;

        setcookie("login_session","$id_hash");
        setcookie("login_nip","$nip");
        setcookie("login_username","$username");
        setcookie("login_name","$first_name $last_name");
        setcookie("login_fua","$fua_name");

    else {
        session_destroy();
        header('Location: .');

    }
}

i'm confused because cookie not created when i'm using curl. Because i cannot login to apps. but when bypass like this http://192.168.10.203:8007/connect_curl.php?id_sso=3 this cookie created and i can login. So how to create cookie when using curl ?

Please help me thank's

Maestro Vladimir
  • 1,186
  • 4
  • 18
  • 38
  • The cookie is created for the server that makes the curl call, not the browser you're using. – KIKO Software Sep 05 '17 at 09:28
  • @KIKOSoftware so you have a solution :( – Maestro Vladimir Sep 05 '17 at 09:32
  • You could use the response to the curl call, to either set, or not set, the cookie in the script that your browser is calling. PS: I have not checked whether your login procedure has any security problems. Oh, I see, yes it has: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – KIKO Software Sep 05 '17 at 09:42
  • I think that might also not exactly accomplish what you want, sorry. You have to use a somewhat different approach, I think. You also don't have two IP addresses, you have one IP address with two ports. – KIKO Software Sep 05 '17 at 09:49

0 Answers0