cosname

Hi! Also you can get _csrf_token by using plugin and API (with Blesta SDK), so you just fetch the csrf record, and place it anywhere you whant to! I posted details as separate posts here: http://www.blesta.com/forums/index.php?/topic/1107-login-and-redirect-client-user-from-custom-website-to-billing-website/?p=9077

The idea of removing csrf validation is workable, but i didn`t liked it. So i created custom plugin where i can get current csrf wtih Blesta PHP SDK: $blestaApi->get( "custom.custom_api", "getCsrf" )->response() The method is in /plugins/custom/models/custom_api.php file And here is the code: <?php class CustomApi extends AppModel { /** * Initialize */ public function __construct() { parent::__construct(); Loader::loadHelpers($this, array("Form")); } public function getCsrf() { return $this->Form->getCsrfToken(''); } } ?> It is better cause of two cases: We still are using the csrf token We can extend custom plugin to get more better integration with custom front-end website. The rest task of website integration is matter of reading the documentation, and developing this custom plugin. Hope this will help.

Hola! Found http://www.blesta.com/forums/index.php?/topic/510-login-form-outside-blesta/ and trying to implement... Will send an updates soon.

Using blesta TRIAL mode. Developing on "localhost".

Hi! I developed custom website with custom admin panel. I know that i can use API, and Blesta SDK can help me with that. I stuck with one thing. I have a form of client login on my custom website. I nead to make that form login user into blesta billing system on other url (currently blesta installed as subfolder: http://customsite/billing/). I cant use the $api->get("users", "login"... Cause login functions in users model requires Session class as parameter. The $api->get("users", "auth"... just checks if user can be logged in. I looked in the HTML scource of client login form, and there is a input['_csrf_token] wich is requried for security... Is there a way to create a client session that current proper user is loged in? So after redirect i client have no nead by inputing password again? If to do via api i think custom extensionmust be created wich authentificates user by using api (cause as i see in documentation there is no other way do this by api). Also can i generate somehow the csrf_token field on my custom website? So in short: - can i authentificate client user from my custom coded website (in PHP) into BLesta billing panel through API somehow? (and is this posible via creating custom extension) - can i get proper csrf token from blesta and insert as parameter to my form (wich will do request to make a client authentification)?