Im really not one for reasonable solutions if it means inconvenience to the user.
Im looking for ways to integrate single sign on for phpBB and mediawiki.
I have only found one solution, but im wondering how bad of an idea this is.
When a user goes to to mediawiki it does an AJAX call to a phpbb file and checks if the
user is logged in or not. If they are, mediawiki would then force a login for that user.
If not, it would force a logout.
I know that the AJAX response can be faked pretty easily by setting a stop point in fire
bug or console, and changing the return value. So this would easily allow a user to change
who they are logged in as.
But what if I included a salted hash and checked the values against that? I think it would
only be as strong as the algorithm.
I just can not keep requiring the 2 sign on thing - It is so confusing on my site.
-Adam