tags:

views:

88

answers:

4
Q: 

Drupal: customizing user registration workflow for communicating with another webapp

Hi all,

I'm new to Drupal6 and spent long time searching how to implement the following feature without success: I use Drupal as front-end/doc board for a web-app. I want to mirror all user account creation, update and deletion on this web-app, i.e. send user name and password.

I started coding a little module implementing hook_user (http://api.drupal.org/api/function/hook_user/6), but I am still wondering on several question concerning this hook:

1) I can't find a doc concerning the $account fields, and thus don't know how to retrieve the user name and password.
2) The insert operation informs that "The user account is being added". Is that triggered when the user query an account or when his/her pending account creation has been approved?
3) User management on the 'slave' webapp is done through a URL interface. I only know the header("Location: http://webapp/users/add?user=martin&pwd=bla") PHP primitive, but I fear this will make a redirection, instead of just hiting the target page and continue code flow. Any suggestion?

Maybe some of you already programmed such a module, or would have links for more documentation?
Thanks in advance,
Martin

A: 

Taking a step back and looking at the big picture, you have several options.

  1. Use OpenID (there's a core Drupal module for it) for both sites
  2. Use LDAP (there's a really good Drupal contrib module for it)
  3. Look at other modules offer user login sharing with other apps (such as http://drupal.org/project/phpbb or http://drupal.org/project/moodle or many others) for inspiration
  4. Have your web app use Drupal's user table. This is relatively easy as the username is there in plaintext and the password is just MD5'ed (so no salts or anything to muddy up the waters).
Mike Crittenden  2010-01-22 17:15:55
It sounds like he isn't in control of the web app or he wouldn't need the URL login route.
Chris Ridenour  2010-01-22 18:39:19
@Chris: I have control over the web app but want to minimize changes :)@MCrittenden: Thanks for all these suggestions. OpenID and LDAP libraries implied too much changes for me. Phpbb and moodle provided some examples. I was fan of the direct user's table access, but unfortunately, the tables of my slave webapp are in another database, so a trigger can't work unfortunately.
Martin  2010-01-25 15:31:00
A: 

Basically, hook_user is wrong. What you need to do is use hook_form_alter to change the '#validate' parameter of the login form. That way, the validate is passed to your function in your module where you are getting $form_values['username'] and $form_values['password']. You pass that on to your URL via curl. If it returns correctly, return nothing. If it doesn't return, use form_set_error and it will deny the login.

Good luck!

Chris Ridenour  2010-01-22 18:35:24
Hook_user would be correct for adding/updating/deleting account information, but validating their login would require hook_form_alter
GApple  2010-01-22 19:24:09
A: 

In order to just retrieve a response from a page, you can use drupal_http_request()

And a general security note, make sure you're authenticating and validating the requests between applications. Passing passwords in plain text via GET parameters over HTTP also makes me a little queasy, but I don't know your application set up.

GApple  2010-01-22 19:29:34
Good remark. The thing is that hook_user provides the password md5ified already.drupal_http_request has been a good companion for this script, so thanks.
Martin  2010-01-25 15:25:20
A: 
Martin  2010-01-25 15:53:46
Rather than modifying index.php, you can add those php settings to your site's settings.php. It will be run as the first part of loading drupal, so unless you change any core files you won't miss any errors. This way you may be less likely to accidentally turn on error reporting on a live site. Installing XDebug on your development machine is also an excellent way to track down errors, since you can get the full call stack with parameters.
GApple  2010-01-29 18:59:18

related questions

Batch node operations in Drupal 5
How do you make php's json_decode compatible with firefox's javascript?
Drupal CSS URL Problem
Is it possible to deploy an already built Drupal site?
php Access violation
Creating an online catalogue using Drupal, what are the best modules/techniques?
How do I upgrade from Drupal 5 to 6?
How does AOP work in Drupal?
Any quirks I should be aware of in Drupal's XML-RPC and BlogAPI implementations?
What is the simplest way to handle images in Drupal?
How can I change some of Drupal's default menu strings without hacking the core files or using the String Override plugin?
Why is my Drupal site logging out users when a Javascript function is called?
How do I add a "last" class on the last <li> within a Views-generated list?
How do I determine if I should install Drupal 5.x or 6.x?
Missing label on Drupal 5 CCK single on/off checkbox
learning drupal fast track: how to create a stackoverflow clone?
How do you remove the default title and body fields in a CCK generated Drupal content-type?
How do I create a node from a cron job in drupal?
How to quickly theme a view?
Where is the best place to get Drupal & Sugar CRM developers?
How to get rid of Javascript Runtime Errors when running PDT + XDebug in Eclipse?
What makes Drupal better/different from Joomla
Include CSS or Javascript file for specific node in Drupal 6
What version of TinyMCE will work in Drupal 5 with google chrome?
How can I change the way my Drupal theme displays the front page