The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/printthread.php 16 require_once



UserSpice
Programmatic Login - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: Programmatic Login (/showthread.php?tid=680)



Programmatic Login - geomC - 08-21-2017

Hi guys,

I am quite new to php development and I am trying to set up a simple backend for a an existing hybrid (mobile, webbased) application using Apache Cordova.
I customized the users account page so that a logged-in user can inspect and download datasets linked to his account.

Now I would like the mobile client to perform the same query for data linked to the user from within the app.
From here I pictured
  • the user fills out a login form
  • username and password are sent to <myUserSpiceInstance>/login.php
  • the response contains a token to be persisted in the browser
  • the token can be used for further requests to obtain model data

Meanwhile I came to understand that the login request already has to provide a token in order to prevent CSRF.

Does that mean that a "programmatic login" (using a remote form and do the login via POST) is not possible with UserSpice?
If it is still possible, I would appreciate some hints to achieve this.



Programmatic Login - mudmin - 08-21-2017

Anything is possible!

What you would have to do to make something like this is to copy the login form over to the usersc folder and change the line that mentions init (line 25) to:

Code:
<?php require_once '../users/init.php'; ?>

From there, you can modify the login form to your heart's content.

The request itself does have a CSRF protection system, but there's nothing stopping you from either redirecting to another page and looking for a response from your app or only looking for it on submission of that particular form and not all $_POST.