Login to PHPBB forum via external member login page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Login to PHPBB forum via external member login page

Post by Skittlewidth »

I've been working on a site with a member's only area and I was asked to install a PHPBB forum which is accessible from the member's area only. Obviously the member has to login to get to that section of the site, and so I've been asked if it is possible to make the user not have to login to the forum separately as well.

I've set up an identical test account for a user on the forum and have attempted to pass the username and password to the forum login page via a post request using hidden fields, with the obvious drawback that the password is visible through view source, but that doesn't work in anycase.

I realise that the user can just login once and select "log me in automatically" but is there anyway of transparently logging in so that when a member clicks the "Go to the community forums" link in our members only area it will go straight to the forum index and they can start posting? Can it be done by setting a cookie with the same name as the one set when the user requests to be logged into the forum automatically at the forum login page?
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

ive never done it but im guessing you should duplicate the exact way that PHPBB handles sessions (sessions i believe)

start a session after login on your site, insert that session_id into MySQL database in the PHPBB table (remember to enable database sessions) and it should be good to go?

i could be being naive but in theory to me at least, it should work
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

pretty easy, this should get ya started

viewtopic.php?t=27589

Mark
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Thanks! I get the rough idea. How can I manipulate the data so that PHPBB thinks the user is logged in? The current output shows

Code: Select all

їusername] => Anonymous
їuser_password] =>
їsession_logged_in] => 0
(obviously thats not all of it). Sorry if I sound like a bit of a noob, I have already tried setting the variables with the relevent username and password but when I then navigate to the forum page it still does not say I am logged in.
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

check out the link posted as it does seem pretty striaght forward.

I'll be onto doing that part of the intergration later this week.

One sign up/sign in for both the site and phpBB.
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Please give me some credit I did follow the link and read it several times and try several things with it.

I'm just after some clarification. I presume I am manipulating some session data. Do I need to execute

Code: Select all

init_userprefs($userdata);
after making changes to the array to make the changes take effect, and how much /little do I need to change to perform a basic log in? It just doesn't seem to be working at the moment, as straightforward as the post may seem.

Thanks
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

When I get to that part, I will post my code for you as that is on the agenda for this afternoon or tommorrow.

sorry if I offended but just a quick read and it seemed easy enough but then I haven't tried to implement it yet. :?
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

No worries PHPScott, I've just seen so many people who won't try to help themselves before that I didn't want to be counted as one of them. :wink:

I look forward to seeing your code. Thanks for your help :)
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

If you don't want the code I will just give you the directions that I used to accomplish the task.

I know what you mean, it is one thing for some one to do it for you and you look at the code and another to be proded in the right direction and figure it out for yourself.
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Either code or hints would be great. I'd just like to know how its done. Although I do find a certain satisfaction from working things out myself I've had a long enough attempt at it not to feel too bad about being given the answer!
Thanks, look forward to hearing from you later :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You do understand if you visit phpbb's mod section they have this available?
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Well I do now... except I can't find it, and the search facility doesn't appear to be working very well. I'll keep looking.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

First you need a login form directed to your php login page. Something like:

Code: Select all

<form action=&quote;http://yoursite.com/yourforum/login.php&quote; method=&quote;post&quote;>
<table class=&quote;forumline&quote; cellSpacing=&quote;1&quote; cellPadding=&quote;1&quote; width=&quote;155&quote; border=&quote;0&quote;>
            <tbody>
              <tr> 
                <td  valign=&quote;top&quote; align=&quote;left&quote;> <span class=&quote;topictext&quote;>User name:</span><br />

                  <input  size=&quote;12&quote; name=&quote;username&quote; /> </td>
              </tr>
              <tr> 
                <td  valign=&quote;top&quote; align=&quote;left&quote;> <span class=&quote;topictext&quote;>Password:</span><br /> 
                  <input  type=&quote;password&quote; size=&quote;12&quote; name=&quote;password&quote; /> </td>
              </tr>
              <tr> 
                <td  valign=&quote;top&quote; align=&quote;left&quote;> <input  type=&quote;submit&quote; value=&quote;Login&quote; name=&quote;login&quote; /> 
                  <br /> <span class=&quote;topictext&quote;>Not a member? <a href=&quote;http://www.yoursite.com/forum/profile.php?mode=register&quote; class=&quote;boldblack&quote;>Join 
                  Today</a></span> <br /> <span class=&quote;topictext&quote;><a href=&quote;http://www.yoursite.com/forum/profile.php?mode=sendpassword&quote; class=&quote;boldblack&quote;>Forgot 
                  Password?</a></span></TD>

              </tr>
            </tbody>
          </table>
        </form>
If you want user variables available, put the following at the top of your php page:

Code: Select all

/////SET UP PHPBB VARIABLES AND USER DATA
	define('IN_PHPBB', true);
   	$phpbb_root_path = 'ABSOLUTE/PATH/TO/YOUR/forum/';
   	include($phpbb_root_path . 'extension.inc');
   	include($phpbb_root_path . 'common.'.$phpEx);
   	$userdata = session_pagestart($user_ip, PAGE_INDEX);
   	init_userprefs($userdata);
If you want to do it secretly I'd used hidden fields with username and password in the form.

Hope this helps
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Thanks. I'd already tried that. The problem is that with hidden fields you can view the source and see the password that PHP echoed out. I did try md5() but since the PHPBB login script does it again when it receives the password it then becomes unrecognisable.

It works fine with a password field if the user types their username and password in, but of course that defeats the object of the exercise, since they will already have submitted the same details to get to the members only menu. Creating a PHPBB session from their first login must be the way forward, but so far I'm not having any joy.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Okay. Try this. Find the function in phpbb that logs the user in. Add an extra optional paramter something like $md5 = false. Then inside of the function write an if statement where the function encrypts the user input password. Something like:

Code: Select all

if($md5 == true){
 $password = $user_input_password;
} else {
 $password = md5($user_input_password);
}
Then get the phpBB login.php page. Rename it to auto_login.php. Save it some place convienient. Open it up and change the login function call to include your new parameter $md5= true.

Then create your hidden form and point it to auto_login.php.

I've never actually done this before for phpBB but I have done it with another system. It worked pretty good. The theory is still the same. You need some way to tell it not to md5-hash the password. It may require a unique login page it might not.

If you already have a db with usernames in passwords you might try looking around phpbbhacks.com for a external user db hack.

Good luck
Post Reply