Instructions for external auth:
1. Redirection to external auth from external site
A visitor to the external site requests a page or action that requires authentication (for example, writing a comment). The external site has no direct access to the internal system of Tribalwars. However, the external site can add the comment but mark is as ‘not yet authorised’ in the database. Afterwards, the user is redirected to the external authentication. This is located at
http://www.tribalwars.net/external_auth.php. The page expects the following parameters via GET:
SID: unique Id, generated by the player’s page. This could be the ID of his/her comment.
Client – the client as supplied and entered in to the external auth database.
2. The authentication of players
At this point the visitor is no longer on the player project’s site, but on the site for Tribalwars external authentication. The visitor must now login using their normal username and password from the game. If the authentication is successful, the Tribalwars system will make a HTTP request to the client’s validation URL to provide confirmation to the player’s website that the visitor has successfully authenticated. As the validation URL is only used internally by the Tribalwars system it is recommended that the URL is not made public.
When Tribalwars calls the validation URL the following parameters will be passed via GET:
*sid: The unique ID that was passed to external_auth.php via the original redirect, for example the ID of the comment.
*username: The username that the visitor has logged in with.
*hash: A MD5 hash of a string consisting of the variables “sid”, “username” and “secret” together. e.g. $hash = md5($sid . $username . $secret_password);
The validation code on the player project should check the hash variable to make sure that the request is legitimate. As only the website owner will know the secret password the hash cannot be faked if someone found out the validation URL. If the authentication was successful and the data submitted is correct than the comment or resource can be marked as authenticated.
3. Redirecting the player back to the player site
The validation URL for a project should not display any content except a plain text URL. This is the URL that visitors should be forwarded to once they have been authenticated. For example the URL to the comment that the visitor has just posted could be set as the content that the validation URL returns.
At the end of the process the player is returned back to the external website.
In short, the steps are:
1. Visitor redirected to external_auth.php with parameters sid and client via
GET.
2. Visitor logs in using usual username and password.
3. Tribalwars makes request in background to validation URL with parameters username, sid, hash via GET, stores response.
4. Tribalwars redirects visitor to the response of the validation GET.
Retirado do post
http://forum.tribalwars.net/showthr...wars-Claimer&p=2937832&viewfull=1#post2937832