[Zope-CMF] using zope authentication outside of Zope...
Shane Hathaway
shane@zope.com
Mon, 20 May 2002 14:55:26 -0400
larry_prikockis@natureserve.org wrote:
> I'd like to use a php-based forum (w-agora) as part of a site that will be
> otherwise built in Zope/CMF.
> Is there a relatively simple way of getting at the __AC cookie zope is using
> for authentication from this php application?
>
> Or am I going about things the wrong way? I want to avoid having a user
> already logged into the CMF portal be required to log in again to be
> authenticated for the php-forum. In other words, I'd like to just pass the
> Zope/CMF credentials along to the other application. So far, my fiddling
> around with cookies hasn't been fruitful.
You just need to get PHP to decode the __ac cookie, I think. Its value
consists of the username and password, joined with a colon, then base 64
encoded. PHP probably provides a way almost as easy as Python to decode
that. Then perhaps it could authenticate against an LDAP database that
both Zope and PHP use.
> all clues greatly appreciated... (as are warnings as to why, from a
> security perspective, I don't want to be doing this... I have a bad feeling
> that if I get it to work, it'll only be by opening up some colossal security
> hole :-(
Naw, you'll only discover how weak the encoded passwords are. ;-)
Shane