0

I have 2 websites A & B. Every user has same login password for both websites A & B.

Now I want some specific users to land into(redirect to) B website's user home page after they login into the A website.

I dont want them to open the B website's login page separately for logging in.

If that specific user has logged in A website then he will be redirected to B website's user home page without doin login on B website. Can anybody help me out how to achieve this ?

EDIT - is there any way where i can post the login id password of user from A website's login page to B website's login page and then it fires the login button to redirect the user to B website's user home page in one go ?

Also, if i want to login into some external website for eg. like Gmail through my portal. Is there any way that the user logs in to my website and gets redirected to his Gmail home page ?

Kaus
  • 57
  • 1
  • 2
  • 14
  • header('Location: http://www.example.com/'); exit; – Ravi Hirani Mar 04 '16 at 09:57
  • 1
    @RaviHirani that doesn't exactly log the user in on website B. – Epodax Mar 04 '16 at 09:58
  • @RaviHirani And how is the second site going to know that this user is signed in at the first site??? – RiggsFolly Mar 04 '16 at 09:58
  • Do you want sth. like single sign on? – Hilmi Erdem KEREN Mar 04 '16 at 09:59
  • @RaviHirani im not talking about header function. I want to post user id password from one logged in website to another website's login so that i dont need to open the login page of second website.. – Kaus Mar 04 '16 at 10:00
  • @RiggsFolly even though a session is created in the web A by login in, the session is created for web A's server only. so when it redirects to the web B the session doesn't exist there ri8? – rahul Mar 04 '16 at 10:01
  • @RiggsFolly: Sorry but I have assumed that OP has connected first site's DB via second site and has set flag in DB when user is logged in to first site. So on second site's page He can check that user is set or not. Base on that he can set session on another site. For that he need to pass a unique key with header location function and also set that key in DB. that encrypted key has user data like email or id. – Ravi Hirani Mar 04 '16 at 10:01
  • I think it is not possible the after user logged the user data is set in session. and how You use one session data on other website because it is write on server. – Maninderpreet Singh Mar 04 '16 at 10:03
  • what about cookie ? cookie is strore in browser – Maninderpreet Singh Mar 04 '16 at 10:03
  • @RaviHirani And we all know that assumption is the mother of all major screwups – RiggsFolly Mar 04 '16 at 10:06
  • @RiggsFolly: I am completely agree with you. I needed to be specific on that. Sorry again to all :-) – Ravi Hirani Mar 04 '16 at 10:08
  • Possible duplicate of [Set cookie on multiple domains with PHP or JavaScript](http://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript) – Panda Mar 04 '16 at 10:13
  • @Kaus: Refer my answer to check my suggested way also. – Ravi Hirani Mar 04 '16 at 10:28
  • @RiggsFolly: Can you please share your thoughts on my answer? I am eager to know that my suggested way will work securely or not? – Ravi Hirani Mar 04 '16 at 11:02

2 Answers2

5

You can do this with using few different methods.

Method 1: Using Cookies

Once the user is logged in to Site A you can write a cookie:

setcookie("SiteALoginTrue","True",time()+3600,"/",".Site-B-URL.com");
header("Location : Site-B-URL.com); // Redirect the website to siteB

and in your Site B code you will need to read the cookie while website loads.

Method 2: Using PHP in your SiteA login script you can save logged user IP with timestamp and after redirected to Site B you will need to another script that checks Site A database if the visted IP is logged in = true. Once site B finds that IP is marked Logged in database then you can create a logged in Session to avoid checking database every page refresh.

Aslan Kaya
  • 514
  • 5
  • 11
1

If you can connect Site A's DB via Site B

Then this suggestion will help you.

1) On site A

Redirection when user with email user@gmail.com is successfully logged in

$userEmail = md5(user@gmail.com);
// Store below key to DB table of users whose email is user@gmail.com
$key = md5(microtime().rand()); 
header('Location: http://www.site-B.com/'."$key/$userEmail");
exit;

2) On site B,

Get $key and $userEmail Connect with site A's DB. and Run query like,

SELECT * FROM users WHERE MD5(email) = '$userEmail' AND key = '$key'

Get user and set session on site B. Then remove key from DB.

Ravi Hirani
  • 6,511
  • 1
  • 27
  • 42
  • but here at each login a new key will be generated which needs to be updated each time in the common database.. right ? – Kaus Mar 04 '16 at 10:39
  • Yes. Each login has it's unique key. Once you have set session on site B then you don't need of key. – Ravi Hirani Mar 04 '16 at 10:40
  • okay and will it be safe to send password alongwith username because without password he wont be able to log in ? – Kaus Mar 04 '16 at 10:43
  • No. Never send password via URL. Email and Key is enough to get authenticate User. So just receive User object and set session on site B. – Ravi Hirani Mar 04 '16 at 10:46
  • Okay but what if i want to login into some external website for eg. like Gmail through my portal. Is there any way that the user logs in to my website and gets redirected to his Gmail home page ? – Kaus Mar 04 '16 at 10:52
  • @Kaus: Login through Gmail is compltely different functionality. – Ravi Hirani Mar 04 '16 at 10:58