2012-05-21 09:51:55
Hi,
I am trying to login to ATutor from an external page, i.e. from a wordpress site.
Does anyone have the appropriate code for that ready?
Thank you very much
Operating system ATutor is installed on - Windows XP
ATutor version - latest
PHP version - 5.3.8
MySQL version - 5.0.8
2012-05-21 10:03:30
You should be able to just copy the HTML from the ATutor login screen, paste it into an external page, then adjust the commented areas at the top of the login.php file in ATutor.
2012-05-21 10:37:19
Thank you for your quick response, but I get the following error:
The following errors occurred:
Invalid login/password combination.
when I try to login. Any idea?
2012-05-21 10:56:37
If you've reset the commented lines in the login.php file correctly, and you're getting this error, I;d guess your remote login form is not encrypting the password. You'll need to include the sha-1factory.js script, copied from the root directory of ATutor, and create a little script like the following to encrypt the password.
[php]
<script type="text/javascript">
/*
* Encrypt login password with sha1
*/
function encrypt_password3() {
document.form3.form_password_hidden.value = hex_sha1(hex_sha1(document.form3.form_password.value) + 'ef83c8000457760441185a39c9aba09d675e1166');
document.form3.form_password.value = "";
return true;
}
</script>
[/php]
Note that "form3" into the above script should correspond to the name of the form, and the encrypt_password() function get inserted in an onclick attribute with the form's submit button. Something like this:
[php]
<input type="submit" name="submit" value="Login" onclick="return encrypt_password3();" />
[/php]
Have a look how it was done on our demo site.
http://atutor.ca/atutor/demo.php
2012-05-22 05:32:30
Hi again.
Thank you very much for your explanatory response. I have used the html code below:
[php]
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
<script type="text/javascript">
/*
* Encrypt login password with sha1
*/
function encrypt_password3() {
document.form.form_password_hidden.value = hex_sha1(hex_sha1(document.form.form_password.value) + "ef83c8000457760441185a39c9aba09d675e1166");
document.form.form_password.value = "";
return true;
}
</script>
<div class="input-form">
<div class="column" style="margin-top:0;">
<form action="./../atutor/login.php" method="post" name="form">
<input type="hidden" name="form_login_action" value="true" />
<input type="hidden" name="form_course_id" value="0" />
<input type="hidden" name="form_password_hidden" value="" />
<input type="hidden" name="p" value="" />
<fieldset class="group_form"><legend class="group_form">Returning User</legend>
<p>Enter your login name or your email address, and your password.</p>
<label for="login">Login Name or Email</label><br />
<input type="text" name="form_login" size="50" style="max-width: 80%; width: 80%;" id="login" /><br />
<label for="pass">Password</label><br />
<input type="password" class="formfield" name="form_password" style="max-width: 80%; width: 80%;" id="pass" />
<br /><br />
<input type="submit" name="submit" value="Login" class="button" onclick="return encrypt_password3();" />
</fieldset>
</form>
</div>
</body>
</html>
[/php]
The file sha-1factory.js exists in my directory, while the login.php file of ATutor is located at folder ./../atutor/login.php of the above mentioned html file.
The error that I get is:
The following errors occurred:
You have entered an unrecognized login and password combination. You have two more attempts before the login page is disabled.
My login.php file has the following comments:
[php]
/***
* Remove comments below to enable a remote login form.
*/
if (isset($_POST['token']))
{
$_SESSION['token'] = $_POST['token'];
}
else
{
if (!isset($_SESSION['token']))
$_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
}
/***
* Add comments 2 lines below to enable a remote login form.
*/
//if (!isset($_SESSION['token']))
// $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
if (isset($_GET['course'])) {
$_GET['course'] = intval($_GET['course']);
} else {
$_GET['course'] = 0;
}
[/php]
Can you see anything wrong with my configuration?
Thank you very much!
2012-05-22 06:02:31
It finally worked!!! Ignore my previous post :)
A last question: Is it possible to have this kind of remote login, but not redirected to the page of ATutor?
2012-05-22 12:02:29
Another question is that if I put the following url for example
http://localhost/atutor/login.php?form_login_action=true&form_course_id=1&form_password_hidden=84caa6c67db13cf9a479d11f8f451ce871e83222&token=4b5ffe76e8e8b2e82b3d76f49af9ed730543dbb2&form_login=admin&form_password=&submit=Login
in a browser, shouldn't login to atutor perform? The page that I created produces the above url
2012-05-22 12:59:06
The login won't work with the given url since the login.php is processing $_POST vars while the variables associated in the url belong to $_GET. BTW, sending these sensitive information via get request is not a secured approach.
Regarding ur previous question: "Is it possible to have this kind of remote login, but not redirected to the page of ATutor?" What do you mean? You only need the validation without performing the actual login?
2012-05-22 14:01:55
Thank you for your answer and sorry for not explaining very well.
That means that if I make the necessary code with php or javascript for posting to login.php I will be able to login, right?
I am trying to make a plugin in wordpress, that when a user logins in wordpress, automatically logs in Atutor (assuming that both users are identical in both databases).
2012-05-22 14:18:54
You should have a look at the Wordpress/ATutor integration. Though in this case wordpress is a plugin for ATutor.
https://github.com/atutor/wordpress
2012-05-23 03:46:00
I dont think that the Wordpress/ATutor integration suits for my need. I only need the "automatic" login to ATutor platform from wordpress.
By the way, I tried to post through java code to login.php with the following parameters
ClientHttpRequest method = new ClientHttpRequest("http://localhost/atutor/login.php");
method.setParameter("form_login_action", "true");
method.setParameter("form_course_id", "1");
method.setParameter("form_password_hidden", "84caa6c67db13cf9a479d11f8f451ce871e83222");
method.setParameter("token", "4b5ffe76e8e8b2e82b3d76f49af9ed730543dbb2");
method.setParameter("form_login", "admin");
method.setParameter("form_password", "");
method.setParameter("submit", "Login");
but it does not either. I tried also from php code but the same..It seems that I am missing something..
2012-05-23 05:46:35
Coming back to my first post, I use the following code:
[php]
<script language="JavaScript" src="/atutor/sha-1factory.js" type="text/javascript"></script>
<form action="login.php" method="post" name="form4">
<input type="hidden" name="form_login_action" value="true" />
<input type="hidden" name="form_course_id" value="1" />
<input type="hidden" name="form_password_hidden" value="" />
<input type="hidden" name="token" value="4b5ffe76e8e8b2e82b3d76f49af9ed730543dbb2" />
<div class="login">
<div class="login_header">ATutor 2.0.3 Demo</div>
<div class="login_body" >
<dl class="login">
<dt class="login_dt">
<label for="username">
<strong>Login</strong></label></dt>
<dd class="login_dd"><input type="text" name="form_login" size="15" class="input" style="max-width: 90%; width: 90%;" id="username" value="demo" /></dd>
<dt class="login_dt"><label for="password"><strong>Password</strong></label></dt>
<dd class="login_dd"><input type="password" class="input" name="form_password" style="max-width: 90%; width: 90%;" size="15" id="password" value="demo"/></dd>
</dl>
<div class="login_bottom" style="text-align:right;">
<input type="submit" name="submit" value="Login" class="submit" style="width:5em; margin-left:auto;margin-right:auto;" onclick="return encrypt_password4();" />
</div>
</div>
</div>
</form>
<script type="text/javascript">
function encrypt_password4() {
document.form4.form_password_hidden.value = hex_sha1(hex_sha1(document.form4.form_password.value) + '4b5ffe76e8e8b2e82b3d76f49af9ed730543dbb2');
document.form4.form_password.value = "";
return true;
}
</script>
[/php]
which logins into atutor. But when I open for example in a separate browser tab the page "http://localhost/atutor" it redirects me to the login page. Shouldn't the new tab redirect me to "http://localhost/atutor/admin/index.php" since I was logged in?
2012-05-23 09:31:46
Can you clarify your steps? My understanding is,
1. The user input user name/password on wordpress login page,
2. Login wordpress and auto-login atutor with the same credential,
3. With the valid or invalid login, where would the page be redirected? Wordpress or ATutor after-login page?
If what you need is to have the user stay on wordpress after login page with ATutor access being granted but not seeing ATutor after login page, validating ATutor user via login.php is not the proper way to do it since login.php eventually re-directs the page to ATutor internal home page. A more proper way is to extract the validation process from login.php into a function/method which sets the proper SESSION vars for valid users.
2012-05-24 04:45:29
That is exactly what I want. That means that if in my function I set the following SESSION variables:
[php] $_SESSION['token']="4b5ffe76e8e8b2e82b3d76f49af9ed730543dbb2";
$_SESSION['valid_user'] = true;
$_SESSION['member_id'] = 1;
$_SESSION['login'] = "admin";
$_SESSION['is_guest'] = 0;
$_SESSION['lang'] = "en";
$_SESSION['course_id'] = 1;
$_SESSION['first_login'] = false;
$_SESSION['prefs']['PREF_FORM_FOCUS'] = 1;
$_SESSION['privileges'] = 1;
[/php]
will ATutor logs in??
2012-05-28 05:08:33
any help??
2012-05-28 09:04:30
A couple of more:
$_SESSION['prefs']
$_SESSION['enroll']
2012-05-28 10:06:56
Thanks for the answer!!!
What is the value that $_SESSION['enroll'] should be set up? I didnt find any file containing such variable..
2012-05-28 12:38:41
$_SESSION['enroll'] is set when users goes into a course, see bounce.php. It may not be important at this point to grant a system level access.