Initially, there was a project written in Asp.NET with the Oracle database, to which they decided to add another application. The second application was purchased. It is written in PHP, uses the MySQL database.

Now you need to combine the sites so that when you click a button on one site, you move to the second, without having to enter a password and login, authorization occurs automatically, and also to implement an algorithm that, when registering on one site, automatically adds this user to the second site.

Here are the options that have ripened in my inexperienced june brain:

1) Rewrite one of the applications for another database, but here there is a problem with not knowing PHP, and changing the database in the main project is also quite problematic.

2) Creating a trigger in the Oracle or MySQL database itself, so that when Insert'e, Email and Hash are sent by a SQL query directly to another database. But I’m not sure if it is safe, or if it can be implemented at all.

3) Connecting two databases with each of the projects, but as far as I understand, the variant is very curved. Yes, and PHP problems with the knowledge of PHP will let you know about yourself.

4) The database stores username and password from the user. The login is in a normal form, and the password is encrypted. I thought about somehow transmitting this particular Hash from the database, so that the second site would normally accept it and authorize me. But there is a problem with the fact that even with the same password this Hash is different.

I would like to hear your option for implementing a solution to this problem, or the answer to which of my options is the safest, easiest and fastest. implementation.

    1 answer 1

    I often had to solve similar problems in PHP in different cases.

    For example, when an application allows authorization extension - for example, the phpbb engine can do this. Or when it was necessary to wedge in someone written application, when it was necessary to independently understand samopisny routing and authentication mechanisms. And even when there were demands not to climb into the core of the application, but to add the plugin to the side.

    Let's do it in fact: all your sentences are at the DB level. Insert records, edit records, triggers ... For some reason, you stubbornly don’t want to work with application code - and in vain, this is the right direction. Perhaps, you are stopped by what you do not know PHP - in general, you need to provide the management with arguments for you, if you don’t have a full-fledged developer, to take it as a freelancer for a while. Or even - learn PHP and ask for a premium for additional responsibilities, since you now have to maintain this system from two sites.

    It seems that because of this lack of resources for programmers, you are looking for ways through the bases, believing that it is "easier." Then I will talk about how “right”, believing that you still have the resources.

    Whatever way I walked. On the PHP side, I would write a small page that accepts a set of getter parameters (login, password, email) and calls the PHP application code that is responsible for creating the user. And, when a user creation event is written on a site that is written in c #, it would send a request to create a similar user. Similarly, in the opposite direction: when creating a user on a PHP site, the authorization code would be supplemented by sending a POST request to a special page on another site.

    This is the easiest option.

    Options with SQL tables may not work for two reasons:

    • you can not completely guess the logic of the application that it executes when creating the user
    • you will not recover the password by hash and salt (unless the application is written crookedly, because, in general, hashing with salt is just meant to keep the password secret)

    In addition, somehow my colleague had to implement a complex version of cross-site authentication between c # and php. The passwords on the sites were different, which ones — none of the sites knew, just some own protocol was created (they were inspired by the miserable stump of OAuth, don’t ask for them: first, the NDA, secondly, I’m ashamed of the curvature for haste, thirdly, I have not yet seen the conclusion of our security officers on how we generated tokens). There, it was assumed that if a user is authorized on one site, then he can be automatically authorized on another. The main thing - if only logins coincided, the rest of the work was done by a protocol of three pages. You can try the same thing to do, if that - inspired by OAuth.