Page 1 of 1
Login to PHPBB forum via external member login page
Posted: Mon May 16, 2005 7:43 am
by Skittlewidth
I've been working on a site with a member's only area and I was asked to install a PHPBB forum which is accessible from the member's area only. Obviously the member has to login to get to that section of the site, and so I've been asked if it is possible to make the user not have to login to the forum separately as well.
I've set up an identical test account for a user on the forum and have attempted to pass the username and password to the forum login page via a post request using hidden fields, with the obvious drawback that the password is visible through view source, but that doesn't work in anycase.
I realise that the user can just login once and select "log me in automatically" but is there anyway of transparently logging in so that when a member clicks the "Go to the community forums" link in our members only area it will go straight to the forum index and they can start posting? Can it be done by setting a cookie with the same name as the one set when the user requests to be logged into the forum automatically at the forum login page?
Posted: Mon May 16, 2005 7:48 am
by malcolmboston
ive never done it but im guessing you should duplicate the exact way that PHPBB handles sessions (sessions i believe)
start a session after login on your site, insert that session_id into MySQL database in the PHPBB table (remember to enable database sessions) and it should be good to go?
i could be being naive but in theory to me at least, it should work
Posted: Mon May 16, 2005 8:01 am
by JayBird
pretty easy, this should get ya started
viewtopic.php?t=27589
Mark
Posted: Mon May 16, 2005 8:41 am
by Skittlewidth
Thanks! I get the rough idea. How can I manipulate the data so that PHPBB thinks the user is logged in? The current output shows
Code: Select all
їusername] => Anonymous
їuser_password] =>
їsession_logged_in] => 0
(obviously thats not all of it). Sorry if I sound like a bit of a noob, I have already tried setting the variables with the relevent username and password but when I then navigate to the forum page it still does not say I am logged in.
Posted: Mon May 16, 2005 10:54 am
by phpScott
check out the link posted as it does seem pretty striaght forward.
I'll be onto doing that part of the intergration later this week.
One sign up/sign in for both the site and phpBB.
Posted: Tue May 17, 2005 4:39 am
by Skittlewidth
Please give me some credit I did follow the link and read it several times and try several things with it.
I'm just after some clarification. I presume I am manipulating some session data. Do I need to execute
after making changes to the array to make the changes take effect, and how much /little do I need to change to perform a basic log in? It just doesn't seem to be working at the moment, as straightforward as the post may seem.
Thanks
Posted: Tue May 17, 2005 5:35 am
by phpScott
When I get to that part, I will post my code for you as that is on the agenda for this afternoon or tommorrow.
sorry if I offended but just a quick read and it seemed easy enough but then I haven't tried to implement it yet.

Posted: Tue May 17, 2005 5:46 am
by Skittlewidth
No worries PHPScott, I've just seen so many people who won't try to help themselves before that I didn't want to be counted as one of them.
I look forward to seeing your code. Thanks for your help

Posted: Tue May 17, 2005 5:56 am
by phpScott
If you don't want the code I will just give you the directions that I used to accomplish the task.
I know what you mean, it is one thing for some one to do it for you and you look at the code and another to be proded in the right direction and figure it out for yourself.
Posted: Tue May 17, 2005 6:50 am
by Skittlewidth
Either code or hints would be great. I'd just like to know how its done. Although I do find a certain satisfaction from working things out myself I've had a long enough attempt at it not to feel too bad about being given the answer!
Thanks, look forward to hearing from you later

Posted: Tue May 17, 2005 6:57 am
by John Cartwright
You do understand if you visit phpbb's mod section they have this available?
Posted: Tue May 17, 2005 7:32 am
by Skittlewidth
Well I do now... except I can't find it, and the search facility doesn't appear to be working very well. I'll keep looking.
Posted: Tue May 17, 2005 8:33 am
by neophyte
First you need a login form directed to your php login page. Something like:
Code: Select all
<form action="e;http://yoursite.com/yourforum/login.php"e; method="e;post"e;>
<table class="e;forumline"e; cellSpacing="e;1"e; cellPadding="e;1"e; width="e;155"e; border="e;0"e;>
<tbody>
<tr>
<td valign="e;top"e; align="e;left"e;> <span class="e;topictext"e;>User name:</span><br />
<input size="e;12"e; name="e;username"e; /> </td>
</tr>
<tr>
<td valign="e;top"e; align="e;left"e;> <span class="e;topictext"e;>Password:</span><br />
<input type="e;password"e; size="e;12"e; name="e;password"e; /> </td>
</tr>
<tr>
<td valign="e;top"e; align="e;left"e;> <input type="e;submit"e; value="e;Login"e; name="e;login"e; />
<br /> <span class="e;topictext"e;>Not a member? <a href="e;http://www.yoursite.com/forum/profile.php?mode=register"e; class="e;boldblack"e;>Join
Today</a></span> <br /> <span class="e;topictext"e;><a href="e;http://www.yoursite.com/forum/profile.php?mode=sendpassword"e; class="e;boldblack"e;>Forgot
Password?</a></span></TD>
</tr>
</tbody>
</table>
</form>
If you want user variables available, put the following at the top of your php page:
Code: Select all
/////SET UP PHPBB VARIABLES AND USER DATA
define('IN_PHPBB', true);
$phpbb_root_path = 'ABSOLUTE/PATH/TO/YOUR/forum/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
If you want to do it secretly I'd used hidden fields with username and password in the form.
Hope this helps
Posted: Tue May 17, 2005 9:06 am
by Skittlewidth
Thanks. I'd already tried that. The problem is that with hidden fields you can view the source and see the password that PHP echoed out. I did try md5() but since the PHPBB login script does it again when it receives the password it then becomes unrecognisable.
It works fine with a password field if the user types their username and password in, but of course that defeats the object of the exercise, since they will already have submitted the same details to get to the members only menu. Creating a PHPBB session from their first login must be the way forward, but so far I'm not having any joy.
Posted: Tue May 17, 2005 9:49 am
by neophyte
Okay. Try this. Find the function in phpbb that logs the user in. Add an extra optional paramter something like $md5 = false. Then inside of the function write an if statement where the function encrypts the user input password. Something like:
Code: Select all
if($md5 == true){
$password = $user_input_password;
} else {
$password = md5($user_input_password);
}
Then get the phpBB login.php page. Rename it to auto_login.php. Save it some place convienient. Open it up and change the login function call to include your new parameter $md5= true.
Then create your hidden form and point it to auto_login.php.
I've never actually done this before for phpBB but I have done it with another system. It worked pretty good. The theory is still the same. You need some way to tell it not to md5-hash the password. It may require a unique login page it might not.
If you already have a db with usernames in passwords you might try looking around phpbbhacks.com for a external user db hack.
Good luck