Atk4 has basic login functionality and I could build it out to add user registration, forgotten password link, email verify etc using atk4, tmail templates and so on. But if I want to integrate it with an existing open source application that already provides that functionality, what do I need to do to allow that systems login to be allowed so that atk4 protected pages can be viewed after login on the third party app?
There are four alternatives.
The most secure way to do that is by passing secure token from the other system to Agile Toolkit. The token should contain the username and hash of some secret passphrase along with that username $user.":".md5($secret.":".$user)
You can check the argument inside API Class:
$this->auth=$this->add('YourAuth');
if($_GET['login_token'])){
list($user,$token)=explode($_GET['login_token']);
if(!verify_token($token))throw $this->exception('Break-in attempt');
$this->api->auth->login($user);
}
$this->auth->check();
You would need to build same encryption in Agile Toolkit Auth class. Fortunately you can easily do that, by re-defining encryptPassword
class MyAuth extends SQLAuth {
function encryptPassword($password,$salt=null){
return ....
}
}
If you need different connection to database you can also add:
function init(){
parent::init();
// Ouch, last occurrence of static method use!
$newdb=DBLite::connect(
$this->api->getConfig('user_dsn'));
$this->db=$newdb->dsql();
}
Agile Toolkit uses the Application's realm as a name. That's the argument you specify to the constructor when you create your app instance inside index.php:
$api=new MyFrontend('myrealm');
You would need to call
session_name('myrealm');
session_start();
Then you need to set the session variable, something like myrealm_MyAuth_info, you can probably get this by dumping contents of $_SESSION from Agile Toolkit. You need to set it to something like array('user'=>'john'), as long as it's not "false" anything is ok.
This is similar to previous approach, but it should be easier to do:
include 'yourapp/atk4/loader.php';
include 'yourapp/lib/Frontend.php';
$api = new Frontend();
$api->auth->login('john');
This assumes that your "Frontend" class properly sets the "auth". If this does not work, some tweaks might be needed, for example you might want to move $auth->check() into initLayout() function, if you are calling it from within API.