cosname Posted September 23, 2013 Report Posted September 23, 2013 Hi!I developed custom website with custom admin panel. I know that i can use API, and Blesta SDK can help me with that.I stuck with one thing. I have a form of client login on my custom website. I nead to make that form login user into blesta billing system on other url (currently blesta installed as subfolder: http://customsite/billing/).I cant use the $api->get("users", "login"...Cause login functions in users model requires Session class as parameter.The $api->get("users", "auth"... just checks if user can be logged in.I looked in the HTML scource of client login form, and there is a input['_csrf_token] wich is requried for security...Is there a way to create a client session that current proper user is loged in? So after redirect i client have no nead by inputing password again?If to do via api i think custom extensionmust be created wich authentificates user by using api (cause as i see in documentation there is no other way do this by api).Also can i generate somehow the csrf_token field on my custom website?So in short:- can i authentificate client user from my custom coded website (in PHP) into BLesta billing panel through API somehow? (and is this posible via creating custom extension)- can i get proper csrf token from blesta and insert as parameter to my form (wich will do request to make a client authentification)? Quote
cosname Posted September 23, 2013 Author Report Posted September 23, 2013 Using blesta TRIAL mode. Developing on "localhost". Quote
cosname Posted September 23, 2013 Author Report Posted September 23, 2013 Hola! Found http://www.blesta.com/forums/index.php?/topic/510-login-form-outside-blesta/and trying to implement... Will send an updates soon. Quote
cosname Posted September 25, 2013 Author Report Posted September 25, 2013 The idea of removing csrf validation is workable, but i didn`t liked it. So i created custom plugin where i can get current csrf wtih Blesta PHP SDK: $blestaApi->get( "custom.custom_api", "getCsrf" )->response() The method is in /plugins/custom/models/custom_api.php fileAnd here is the code: <?php class CustomApi extends AppModel { /** * Initialize */ public function __construct() { parent::__construct(); Loader::loadHelpers($this, array("Form")); } public function getCsrf() { return $this->Form->getCsrfToken(''); } } ?> It is better cause of two cases: We still are using the csrf token We can extend custom plugin to get more better integration with custom front-end website. The rest task of website integration is matter of reading the documentation, and developing this custom plugin.Hope this will help. Michael and Paul 2 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.