Neowin External Login Tool

[john smith 1924 Veteran]

Neowin coders / members / project leaders,

We've developed a system to allow external projects in-directly linked to neowin to authenticate users in a secure manner. Based around a ticket system, you can now check if a user says who they are. Below you can find demo code, and a more advanced explanation of how the system works. If you have any feedback on the system, please post below. The data we return to sites (username, user group, email) is subject to change. Equally, the use of this system is conditional on the pledge that you agree not abuse the information given to you. The system was designed and built by our very own Timdorr (you can thank him via a PM :) ).

Explanation of the system

An effective system for validating members can be done via tickets. Essentially, it's a 3 stage process.

1. You require a visiting user to prove they are who they say they are (with relation to their neowin membership). You forward them to us (www.neowin.net/login/?url=yoururl.com). Here, they enter username and password.

2. If they enter the correct info, we'll return the user to your site with a ticket. With this ticket, you can now access neowin asking for validation (see example code below). This ticket is only valid for 60 seconds (security measure).

3. If the ticket is invalid (for whatever reason) we'll return the data "no". If it is valid, we'll return the following data : username, email address, group information (e.g. banned, normal, moderator).

From this, you can then proceed with whatever activites the user wants to do on your site, safe in the knowledge that they are who they say they are.

Example Code

<?php
//Neowin Login Tool example code, coded by Sietse and offered freely for use by Neowin.net
// Send the user to login if no ticket is found
// ----------------------------------------------
//enter your url below - the location of this script - e.g. www.mysite.com/
$myurl = 'http://www.sietse.nu/neowin/';

if(empty($_GET['ticket']))
{
 ? ?header('Location: https://www.neowin.net/login/?url=' . $myurl);
}
else
{
	// Check ticket
	// -----------------
	$info = ?explode("\n", file_get_contents('https://www.neowin.net/login/checkticket.php?ticket=' . $_GET['ticket']));

	if($info[0] == "no")
	{
 ?echo "Sorry, you could not be logged in, check your username and password.";
	}
	else
	{
 ?// Succesfully logged in, display the given content
 ?// -------------------------------------------------
 ?echo "You've been succesfully logged in..\n
 ? ?<br /><br />\n<strong>Username:</strong> " . $info[1] . "<br />\n
 ? ?<strong>E-mail:</strong> " . $info[2] . "<br />\n
 ? ?<strong>Group:</strong> " . $info[5] . "<br />\n
 ? ?<strong>Member ID:</strong> " . $info[4] . "<br />\n
 ? ?<strong>Time Offset:</strong> " . $info[3];
	}
}

?>

An example of the system can be found here : here

Please feel free to leave feedback below, as well as links to sites that you've impUPDATE FEB 1, 2009: FEB 1, 2009:

We've made some changes to the script. The biggest thing is that it now uses the Finity style, and offers more details. Generally, it feels better.

The other thing is for developers of Neowin-based services. You can now pass &img=http://mydomain.com/neowin-login.png on the login URL, and that image will appear at the top left of the site, like so: https://www.neowin.net/login/?img=http://ww...ser%2Fticket%2F

It offers that extra bit of branding and clarity to the user.

The image you use should be 48px high, and only as wide as you need. There should be 2 or 3 pixels of padding around the image, so really the height is about 42px. Make sure it is a transparent PNG, so our background can be seen through it. Remember, you're branding Neowin, it :ptter look nice :p

[JMann Veteran]

Cheers dude. Very nice, this is obviously going to be used for NeoRequest. Thanks.

[Hurmoth]

Yes this is nice (Y)

[-=[Blueshadowz]=-]

Yay nice work :D!

[+chorpeac MVC]

Ok let me see if I can use this.

[+chorpeac MVC]

Ok this should work. Good job

One question/suggestion...

Could you return the Neowin MemberID also, so on our apps we can link to this:

https://www.neowin.net/forum/index.php?showuser=MemberID

to display the Neowin Profile page for the user?

Lots of users were asking for the ability to look at another Users Neowin profile from within NeoRequest.

This would definitely help out!

[Tim Dorr Veteran]

Added to the end of the list. If there's other metrics that people need, I can add them to the end of the list. (No, I won't add the password hash :p ).

[+chorpeac MVC]

Added to the end of the list. If there's other metrics that people need, I can add them to the end of the list. (No, I won't add the password hash :p ).

Ah, one other...

Users Timezone

[Tim Dorr Veteran]

Added :)

[Tim Dorr Veteran]

one more change: I realize now that people, such as Mr Magoo, have spaces in their names. I've switched it to newline deliminated, so that people with weird characters don't cause a problem :)

[+chorpeac MVC]

Excellent, thanks timdorr

[Tim Dorr Veteran]

I'll try not to break the protocol in the future, but if I do have to, I'll set up checkuser2.php , checkuser3.php and etc so there's always backwards compatibilty.

[+chorpeac MVC]

Ok, well others can speak up when they use it, but I will plan so that as long as you append to the end, it should be ok.

But if you change the label in the front...well then I can see a break. :)

Thanks for helping us with this feature!

[Marshalus Veteran]

one more change: I realize now that people, such as Mr Magoo, have spaces in their names. I've switched it to newline deliminated, so that people with weird characters don't cause a problem :)

Nothing about people who are weird characters though, they'll still cause problems. :)

[Sietse Veteran]

Example fixed (updated) :)

[+chorpeac MVC]

Nothing about people who are weird characters though, they'll still cause problems. :)

I think they will still work. ? works...

[Sietse Veteran]

I don't see the problem either.. :)

[JMann Veteran]

You know it rocks. :)

[matt74441]

Awesomeness. I'll have to give this a shot for Neomap.

[+chorpeac MVC]

Awesomeness. I'll have to give this a shot for Neomap.

Cool, I was trying to forward this link to you, but Neowin was acting weird, and I didn't get around to it. I thought you might be able to use this too!

[matt74441]

Cool, I was trying to forward this link to you, but Neowin was acting weird, and I didn't get around to it. I thought you might be able to use this too!

Well it wasn't exactly what I was looking for, but I'm sure I could modify it for my needs :)

Timdorr, would I be able to get the complete user group list?

[Sietse Veteran]

https://www.neowin.net/forum/index.php?act=Members

A complete list is given in the dropdown box at the bottom. :yes:

[+chorpeac MVC]

OK timdorr...

I'm not sure if anyone else is using this yet or not, but maybe something we could put in here to make things a little bit easier...

Could we put begin and end character strings to signify begin of data and end of data. I'm just trying to recommend a standardized mechanism. It's currently possible to get the data, but it would be really easy if we can look for certain characters or delimiters so to speak.

Hmm...Just something that could/would be consistent.

[matt74441]

https://www.neowin.net/forum/index.php?act=Members

A complete list is given in the dropdown box at the bottom. :yes:

I knew about that, but I need the one for banned users as well.

[+chorpeac MVC]

OK wait a second...we could use Regular Expressions to extract this information...