Jump to content

cosname

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by cosname

  2. Login And Redirect Client User From Custom Website To Billing Website.

    in General

    Posted

    The idea of removing csrf validation is workable, but i didn`t liked it. So i created custom plugin where i can get current csrf wtih Blesta PHP SDK:

    $blestaApi->get( "custom.custom_api", "getCsrf" )->response()

     

    The method is in /plugins/custom/models/custom_api.php file
    And here is the code:
     

     

    <?php
class CustomApi extends AppModel {
  /**
  * Initialize
  */
  public function __construct() {
    parent::__construct();
    Loader::loadHelpers($this, array("Form"));
  }

  public function getCsrf() {
    return $this->Form->getCsrfToken('');
  }
}
?>

    It is better cause of two cases:

    1. We still are using the csrf token :D
    2. We can extend custom plugin to get more better integration with custom front-end website.

    The rest task of website integration is matter of reading the documentation, and developing this custom plugin.

    Hope this will help.

  5. Login And Redirect Client User From Custom Website To Billing Website.

    in General

    Posted

    Hi!

    I developed custom website with custom admin panel. I know that i can use API, and Blesta SDK can help me with that.

    I stuck with one thing.

    I have a form of client login on my custom website. I nead to make that form login user into blesta billing system on other url (currently blesta installed as subfolder: http://customsite/billing/).

    I cant use the $api->get("users", "login"...
    Cause login functions in users model requires Session class as parameter.

    The     $api->get("users", "auth"... just checks if user can be logged in.

    I looked in the HTML scource of client login form, and there is a input['    _csrf_token] wich is requried for security...

    Is there a way to create a client session that current proper user is loged in? So after redirect i client have no nead by inputing password again?

    If to do via api i think custom extensionmust be created wich authentificates user by using api (cause as i see in documentation there is no other way do this by api).

    Also can i generate somehow the csrf_token field on my custom website?

    So in short:

    - can i authentificate client user from my custom coded website (in PHP) into BLesta billing panel through API somehow? (and is this posible via creating custom extension)
    - can i get proper csrf token from blesta and insert as parameter to my form (wich will do request to make a client authentification)?

×
×
  • Create New...