SitePoint Sponsor |
|
User Tag List
Results 1 to 17 of 17
Hybrid View
-
Jul 2, 2006, 15:57 #1
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
extra query string params in rails
say i wanted to pass more than an id, i.e. account/some_username/some_password/ in the query string...i would have to set up a new route no? otherwise it comes back with routing error...how come this is the case? i would of thought it would just pass extra elements to the params object by default?
-
Jul 2, 2006, 16:57 #2
- Join Date
- May 2002
- Location
- Berkeley
- Posts
- 76
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hi Bob,
Yes, you will have to setup a new route.
BTW, you probalby shouldn't pass the username or password around in the url.
The reason you need to set up a new route, is so rails can determine where in the parameter hash to place your extra argument. The route that gets used will determine this. In your case you might have something like:
Code:map.connect 'account/:username/:password', :controller => 'account', :action => 'some_action'
Here is a more in depth explanation:
http://rails.outertrack.com/class/Ac...ing%3A%3ARoute
-
Jul 3, 2006, 01:24 #3
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
cheers. i know its not good to pass sensitive information in the qs - but unfortunately my app has a weird requirement and this seems to be the most efficient solution - only the encrypted password will be passed to the app, not the raw form
-
Jul 3, 2006, 02:50 #4
FWIW, if you want to send extra params via GET, you can simply send them using the normal querystring format:
Code:link_to :controller => 'mycontroller', :action => 'myaction', :foo => 'bar' # becomes: # /mycontroller/action/?foo=bar
-
Jul 3, 2006, 03:08 #5
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
ta luke, i thought there would be something along those lines
-
Jul 3, 2006, 03:23 #6
Why are you putting a password into the URL?
-
Jul 3, 2006, 03:39 #7
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
lol..
im only putting the encrypted password into a url, which is never seen by the user anyway. obviously if someone was sniffing they could find out the encrypted password, then hack the encryption - but at the end of the day if someone is willing to go to that much trouble to hack a site they can just sniff the normal site data anyway as its not https :P the reason? my rails app is using user data from a php forum, when they login i want it to login to the php forum, then the rails app. best way i thought of was to send the login form to the php forum, and then hijack that code to redirect to the rails app if the login was succesful (with the username and encrypted password in the query string to perform a second check ruby side)
-
Jul 3, 2006, 03:52 #8my rails app is using user data from a php forum, when they login i want it to login to the php forum, then the rails app. best way i thought of was to send the login form to the php forum, and then hijack that code to redirect to the rails app if the login was succesful
-
Jul 3, 2006, 04:47 #9
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I've explored most if not all avenues Luke - the problem with the http request is the php forum builds its session data based on a hash which is generated from the ip - if you send an http request the ip received will be that of the server rather than the user, messing up the sessions - with the method you suggest I very nearly had it working, the user was logged in but the hash would not validate when the user subsequently views the forum in their browser hence appearing logged out.
-
Jul 3, 2006, 04:52 #10
Which forum are you using? Perhaps you could make a small tweak to the forum source so it generates its hash from an IP address passed as a POST parameter, then you can send the end users IP along with the http request in the controller.
-
Jul 3, 2006, 04:59 #11
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Vbulletin - yeh it's a possibility. But I checked it out and the code that handles that looked quite convoluted and cropped up in numerous different places and it's the sort of thing where you are bound to end up screwing the login for the actual forum it's self. I'm willing to take this security compromise to minimise the amount of hacking that is needed.
-
Jul 3, 2006, 06:06 #12
- Join Date
- Jun 2003
- Location
- Iowa, USA
- Posts
- 3,749
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Seems like maybe you would have better luck "hijacking" the PHP session yourself. You should be able to know the PHP session ID, and since you are running as the sever, even when running Ruby, you should be able to access the file. Parsing the serialized data structure of the session file sounds like it might be less work than what you are contemplating.
Jason Sweat ZCE - jsweat_php@yahoo.com
Book: PHP Patterns
Good Stuff: SimpleTest PHPUnit FireFox ADOdb YUI
Detestable (adjective): software that isn't testable.
-
Jul 3, 2006, 06:48 #13
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The PHP sessions are stored in the database, do you think that makes it any easier? I must admit I don't quite follow your logic - are you suggest letting the php forum handle the login and just check for the php session instead of a rails session?
-
Jul 3, 2006, 06:55 #14
- Join Date
- Jun 2003
- Location
- Iowa, USA
- Posts
- 3,749
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by Bob Carologees
Jason Sweat ZCE - jsweat_php@yahoo.com
Book: PHP Patterns
Good Stuff: SimpleTest PHPUnit FireFox ADOdb YUI
Detestable (adjective): software that isn't testable.
-
Jul 3, 2006, 07:28 #15
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks - that is a neat solution, I'll definitely try that. In terms of propagating the session ID - I think it would be easier to just set a rails session when the app has determined the user is logged into the php forum - and when logging out this is unset in a similar manner. Obviously it gets more complicated when I worry about having remember me functionality...
-
Jul 3, 2006, 07:36 #16
- Join Date
- Jun 2003
- Location
- Iowa, USA
- Posts
- 3,749
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I was actually more worried about what happens when the user tries to go back to the PHP side of your application and gets a new session...
Jason Sweat ZCE - jsweat_php@yahoo.com
Book: PHP Patterns
Good Stuff: SimpleTest PHPUnit FireFox ADOdb YUI
Detestable (adjective): software that isn't testable.
-
Jul 3, 2006, 07:41 #17
- Join Date
- Jul 2005
- Posts
- 606
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hmm good point, I guess the problem will arise if someone logs into the forum and then closes their browser, they'll be logged out of the forum but not the main site. I guess it might be a case of storing the php session id in the rails session and checking whether its still valid on every request :S but that sounds like a bit of an overload.
Bookmarks