Im really not one for reasonable solutions if it means inconvenience to the user.
Im looking for ways to integrate single sign on for phpBB and mediawiki. I have only found one solution, but im wondering how bad of an idea this is. When a user goes to to mediawiki it does an AJAX call to a phpbb file and checks if the user is logged in or not. If they are, mediawiki would then force a login for that user. If not, it would force a logout. I know that the AJAX response can be faked pretty easily by setting a stop point in fire bug or console, and changing the return value. So this would easily allow a user to change who they are logged in as. But what if I included a salted hash and checked the values against that? I think it would only be as strong as the algorithm. I just can not keep requiring the 2 sign on thing - It is so confusing on my site. -Adam _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
