Login to PHPBB forum via external member login page
Moderator: General Moderators
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
Login to PHPBB forum via external member login page
I've been working on a site with a member's only area and I was asked to install a PHPBB forum which is accessible from the member's area only. Obviously the member has to login to get to that section of the site, and so I've been asked if it is possible to make the user not have to login to the forum separately as well.
I've set up an identical test account for a user on the forum and have attempted to pass the username and password to the forum login page via a post request using hidden fields, with the obvious drawback that the password is visible through view source, but that doesn't work in anycase.
I realise that the user can just login once and select "log me in automatically" but is there anyway of transparently logging in so that when a member clicks the "Go to the community forums" link in our members only area it will go straight to the forum index and they can start posting? Can it be done by setting a cookie with the same name as the one set when the user requests to be logged into the forum automatically at the forum login page?
I've set up an identical test account for a user on the forum and have attempted to pass the username and password to the forum login page via a post request using hidden fields, with the obvious drawback that the password is visible through view source, but that doesn't work in anycase.
I realise that the user can just login once and select "log me in automatically" but is there anyway of transparently logging in so that when a member clicks the "Go to the community forums" link in our members only area it will go straight to the forum index and they can start posting? Can it be done by setting a cookie with the same name as the one set when the user requests to be logged into the forum automatically at the forum login page?
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
ive never done it but im guessing you should duplicate the exact way that PHPBB handles sessions (sessions i believe)
start a session after login on your site, insert that session_id into MySQL database in the PHPBB table (remember to enable database sessions) and it should be good to go?
i could be being naive but in theory to me at least, it should work
start a session after login on your site, insert that session_id into MySQL database in the PHPBB table (remember to enable database sessions) and it should be good to go?
i could be being naive but in theory to me at least, it should work
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
Thanks! I get the rough idea. How can I manipulate the data so that PHPBB thinks the user is logged in? The current output shows
(obviously thats not all of it). Sorry if I sound like a bit of a noob, I have already tried setting the variables with the relevent username and password but when I then navigate to the forum page it still does not say I am logged in.
Code: Select all
їusername] => Anonymous
їuser_password] =>
їsession_logged_in] => 0- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
Please give me some credit I did follow the link and read it several times and try several things with it.
I'm just after some clarification. I presume I am manipulating some session data. Do I need to execute
after making changes to the array to make the changes take effect, and how much /little do I need to change to perform a basic log in? It just doesn't seem to be working at the moment, as straightforward as the post may seem.
Thanks
I'm just after some clarification. I presume I am manipulating some session data. Do I need to execute
Code: Select all
init_userprefs($userdata);Thanks
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
First you need a login form directed to your php login page. Something like:
If you want user variables available, put the following at the top of your php page:
If you want to do it secretly I'd used hidden fields with username and password in the form.
Hope this helps
Code: Select all
<form action="e;http://yoursite.com/yourforum/login.php"e; method="e;post"e;>
<table class="e;forumline"e; cellSpacing="e;1"e; cellPadding="e;1"e; width="e;155"e; border="e;0"e;>
<tbody>
<tr>
<td valign="e;top"e; align="e;left"e;> <span class="e;topictext"e;>User name:</span><br />
<input size="e;12"e; name="e;username"e; /> </td>
</tr>
<tr>
<td valign="e;top"e; align="e;left"e;> <span class="e;topictext"e;>Password:</span><br />
<input type="e;password"e; size="e;12"e; name="e;password"e; /> </td>
</tr>
<tr>
<td valign="e;top"e; align="e;left"e;> <input type="e;submit"e; value="e;Login"e; name="e;login"e; />
<br /> <span class="e;topictext"e;>Not a member? <a href="e;http://www.yoursite.com/forum/profile.php?mode=register"e; class="e;boldblack"e;>Join
Today</a></span> <br /> <span class="e;topictext"e;><a href="e;http://www.yoursite.com/forum/profile.php?mode=sendpassword"e; class="e;boldblack"e;>Forgot
Password?</a></span></TD>
</tr>
</tbody>
</table>
</form>Code: Select all
/////SET UP PHPBB VARIABLES AND USER DATA
define('IN_PHPBB', true);
$phpbb_root_path = 'ABSOLUTE/PATH/TO/YOUR/forum/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);Hope this helps
- Skittlewidth
- Forum Contributor
- Posts: 389
- Joined: Wed Nov 06, 2002 9:18 am
- Location: Kent, UK
Thanks. I'd already tried that. The problem is that with hidden fields you can view the source and see the password that PHP echoed out. I did try md5() but since the PHPBB login script does it again when it receives the password it then becomes unrecognisable.
It works fine with a password field if the user types their username and password in, but of course that defeats the object of the exercise, since they will already have submitted the same details to get to the members only menu. Creating a PHPBB session from their first login must be the way forward, but so far I'm not having any joy.
It works fine with a password field if the user types their username and password in, but of course that defeats the object of the exercise, since they will already have submitted the same details to get to the members only menu. Creating a PHPBB session from their first login must be the way forward, but so far I'm not having any joy.
Okay. Try this. Find the function in phpbb that logs the user in. Add an extra optional paramter something like $md5 = false. Then inside of the function write an if statement where the function encrypts the user input password. Something like:
Then get the phpBB login.php page. Rename it to auto_login.php. Save it some place convienient. Open it up and change the login function call to include your new parameter $md5= true.
Then create your hidden form and point it to auto_login.php.
I've never actually done this before for phpBB but I have done it with another system. It worked pretty good. The theory is still the same. You need some way to tell it not to md5-hash the password. It may require a unique login page it might not.
If you already have a db with usernames in passwords you might try looking around phpbbhacks.com for a external user db hack.
Good luck
Code: Select all
if($md5 == true){
$password = $user_input_password;
} else {
$password = md5($user_input_password);
}Then create your hidden form and point it to auto_login.php.
I've never actually done this before for phpBB but I have done it with another system. It worked pretty good. The theory is still the same. You need some way to tell it not to md5-hash the password. It may require a unique login page it might not.
If you already have a db with usernames in passwords you might try looking around phpbbhacks.com for a external user db hack.
Good luck