Im really not one for reasonable solutions if it means inconvenience to the user.
Im looking for ways to integrate single sign on for phpBB and mediawiki.
I have only found one solution, but im wondering how bad of an idea this is.
When a user goes to to mediawiki it does an AJAX call to a phpbb file and checks if the user is logged in or not. If they are, mediawiki would then force a login for that user. If not, it would force a logout.
I know that the AJAX response can be faked pretty easily by setting a stop point in fire bug or console, and changing the return value. So this would easily allow a user to change who they are logged in as.
But what if I included a salted hash and checked the values against that? I think it would only be as strong as the algorithm.
I just can not keep requiring the 2 sign on thing - It is so confusing on my site.
-Adam