cosname
-
Posts
5 -
Joined
-
Last visited
-
Days Won
1
Posts posted by cosname
-
-
The idea of removing csrf validation is workable, but i didn`t liked it. So i created custom plugin where i can get current csrf wtih Blesta PHP SDK:
$blestaApi->get( "custom.custom_api", "getCsrf" )->response()
The method is in /plugins/custom/models/custom_api.php file
And here is the code:
<?php class CustomApi extends AppModel { /** * Initialize */ public function __construct() { parent::__construct(); Loader::loadHelpers($this, array("Form")); } public function getCsrf() { return $this->Form->getCsrfToken(''); } } ?>
It is better cause of two cases:
- We still are using the csrf token
- We can extend custom plugin to get more better integration with custom front-end website.
The rest task of website integration is matter of reading the documentation, and developing this custom plugin.
Hope this will help. -
Hola! Found
http://www.blesta.com/forums/index.php?/topic/510-login-form-outside-blesta/
and trying to implement... Will send an updates soon. -
Using blesta TRIAL mode. Developing on "localhost".
-
Hi!
I developed custom website with custom admin panel. I know that i can use API, and Blesta SDK can help me with that.
I stuck with one thing.I have a form of client login on my custom website. I nead to make that form login user into blesta billing system on other url (currently blesta installed as subfolder: http://customsite/billing/).
I cant use the $api->get("users", "login"...
Cause login functions in users model requires Session class as parameter.
The $api->get("users", "auth"... just checks if user can be logged in.
I looked in the HTML scource of client login form, and there is a input['_csrf_token] wich is requried for security...
Is there a way to create a client session that current proper user is loged in? So after redirect i client have no nead by inputing password again?
If to do via api i think custom extensionmust be created wich authentificates user by using api (cause as i see in documentation there is no other way do this by api).
Also can i generate somehow the csrf_token field on my custom website?
So in short:
- can i authentificate client user from my custom coded website (in PHP) into BLesta billing panel through API somehow? (and is this posible via creating custom extension)
- can i get proper csrf token from blesta and insert as parameter to my form (wich will do request to make a client authentification)?
Login Form Outside Blesta
in Contribute
Posted
Hi! Also you can get _csrf_token by using plugin and API (with Blesta SDK), so you just fetch the csrf record, and place it anywhere you whant to!
I posted details as separate posts here:
http://www.blesta.com/forums/index.php?/topic/1107-login-and-redirect-client-user-from-custom-website-to-billing-website/?p=9077