I looked at some of these chat integrations
They are good as integrations, in the sense of the chat fitting inside the board space.
The chat integrations I studied, are not good as "safe" chats.
They are not safeguarded to prevent that people cannot come into the chat with fake names, imitating other people's nicknames.
It is not difficult for me to get into these chats with the name Gizmo, for example.
Partly that has to do with the fact that most free versions of chats do not allow user authentication with external database calls or cgi calls. I need to use a paid chat version, and almost all of these allow external authentication.
I need a safe chat, that guarantees that if there is a Gizmo in the chat, it really is the real Gizmo, the only one that can log into this forum (provided that his password is not compromised, of course).
Sorry Gizmo, nothing personal. But imitating important and prominent board members and admins is an exciting sport for some people then imitating a stranger named curiousguy.
The same way ubb forum is secured against "fake Gizmos" and other impostors, I need to secure my chat.
And that does not work the way most of these chat integrations work. They all have back doors. In the worst case, I fiddle a little with my ubb cookie and write gizmo instead of curiousguy into it, and most likely I am in the chat as a fake gizmo, without needing to know his password.
If that were not true, then the required routine already would be part of these integration:
I need an authentication cgi routine that can be called from the chat or any other external program, that
- takes as input username and password, maybe an ip number and takes as input username and password, and
- gives as output if the person is authorized to enter as regular chatter, as admin, as moderator, or not authorized to enter, or banned
Now I could hack this myself, using some login routine from the ubbthreads software. But I admit I am not too familiar with that software, it would be lots of work and an ugly inefficient hack.
So I wonder if someone already did that, or if someone can hack in 1 hour what would take me 20 hours. And if it would not be a good idea to make this part of the official ubb distribution: external_authentication.php
Here is an example of the specs of such a routine
Remote (HTTP) authentication
If you have your own member database, you may take advantage of our advanced Remote Authentication System, or RAS. RAS allows you to authenticate access to your chat room from your own web site. Advanced customers may create a simple script, hosted on your web site, that tells our servers if a user should be allowed access to your chat room.
http://support.addoninteractive.com/index.php?action=kb&article=9Remote Authentication System v1.0
This is the one I am most interested in right now
Other database integrationshttp://123flashchat.com/integration-faq.html#d22. If I host my website and you host my chat room, can you integrate my database?
Yes.
We'll offer you a dynamic web application like a php file or an asp file, please configure the file with your database information, upload it to your web server to co-operate with the integration, then give us the url of the dynamic web page, so that 123 flash chat server can authorize your members' login information using the file. So please contact a live supporter at demo room now or write to support@123flashchat.com to request the file.
http://123flashchat.com/auto-login-guest.htmlHow to auto-login without database integration?
http://www.realchat.com/doc/database-integration.htmlhttp://www.parachat.com/documentation/hosted7/Web%5FAdministration/site/auth_code.htm
