Custom user registration in phpBB

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
kertz
Forum Newbie
Posts: 17
Joined: Sat Sep 15, 2007 2:34 am
Location: India

Custom user registration in phpBB

Post by kertz »

Well I tried to put this post in Code Snippets and tutorials and they don't allow me there! :( So I posted this here...


I have found that most of the time when you register in a website, you'll need to register for the phpBB forum separately! This is really disgusting for the user... So here's a php script which will register the user with phpBB! All you need to do is the following steps...

1) First Create a file named config.php and copy the following code to it

Code: Select all

<?php
$conn=mysql_connect("localhost","root","password")//change the password to suit yours
    or die("mysql_error()");
$db=mysql_select_db("mysite_db")//change mysite_db to your database name
    or die(mysql_error());
?>
But keep in mind that I used mySQL so you've got to change the syntax according to it to work for other databases!

2)Now create the main file preferably index.php or register.php and copy the following code

Code: Select all

<?php

 /**
 Description: This is an example of the function which can be used to register your site user with the phpBB forum when he/she registers with your custom registration procedure. The function is very simple. You just need to supply the username,password(not encrypted, because the code does it) and the email, the rest is done by the code. Remember that you need to validate the e-mail yourself using custom code. You can use the activate_user function to activate the user after the email has been verified. 
 
 Keep in mind that I consider that you have not given automatic account activation. If you have given there is no need to use the activate _user function. But I would reccomend you to not use automatic activation.
 
 If you encounter any problem feel free to ask at http://www.devunite.com
 */

include "config.php"; // the database configuration file. Update this to connect to your databse

function register_phpBB($username,$user_password,$user_email){
	//fucntion to regiter with phpBB

	//find the next userid
	$query="select max(user_id) as total from phpbb_users";
	$results=mysql_query($query) or die(mysql_error());
	if($results){
		$row=mysql_fetch_row($results);//store the result in $row array
		$user_id=++$row['0'];//increment the currnet user_id by 1
	}
	//encrypt the password using md5
	$enc_password=md5($user_password);

	mysql_free_result($results);//free the result
	
	//insert new registration details to database
	$query="insert into phpbb_users(user_id,username,user_regdate,user_password,user_email)"; 
	$query=$query."values('".$user_id."','".$username."',".time().",'".$enc_password."','".$user_email."')";
	$results=mysql_query($query) or die(mysql_error());
	if($results){
		echo "Successfully registered with phpBB";
		return 1;
	}else{
		echo "Registration failed";
		return 0;
	}
}

//function to activate the user. Give the user id as the parameter.
function activate_user($user_id){
	$query="update phpbb_users set user_active=1 where user_id=".$user_id;
	$results=mysql_query($query) or die(mysql_error());	
	if(!$results){
		echo "The account has been activated!";
	}	
}

//check if the form was submitted
if((isset($_POST['Submit']) && $_POST['Submit']=="Register")){
	//check whether the username and e-mail already exist or not
	$sql="select username,user_email from phpbb_users where username='".$_POST['username']."' or user_email='".$_POST['email']."'";
	$results=mysql_query($sql) or die(mysql_error());
	if(mysql_num_rows($results)>0){
		$row=mysql_fetch_row($results);
		if($_POST['username']==$row['0']){//check the username
			echo "Username already taken!";
		}elseif($_POST['email']==$row['1']){//checks the e-mail
			echo "The e-mail already used for registration!";
		}else{//username and e-mail not used
			//register new user to access phpBB forum
			register_phpBB($_POST['username'],$_POST['password'],$_POST['email']);	
		}
	}else{
		//register new user to access phpBB forum
		register_phpBB($_POST['username'],$_POST['password'],$_POST['email']);
	}
}else{
?>
<!---- the form to take input ----!>
<html>
<body>
<form action="<? $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" value="username" align="LEFT" name="username" />
<br>
<input type="password" value="password" name="password" />
<br>
<input type="text" value="email" name="email" />
<br>
<input type="submit" value="Register" name="Submit" />
</form>
</body>
</html>
<?
}
?>
After this run the above file in your server and register using the sample form. You will need to execute the activate_user function in order to activate the newly registered user if you have disabled automatic activation!

I wish you'll find this tutorial useful! :D
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Hmm. I'm going to move this to Coding Critique, simply because it is more of a snippet and not a PHP coding problem or question. And snippets must pass through the coding critique board before going to the snippets board. :)
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
jeffery
Forum Contributor
Posts: 105
Joined: Mon Apr 03, 2006 3:13 am
Location: Melbourne, Australia
Contact:

Post by jeffery »

scottayy wrote:And snippets must pass through the coding critique board before going to the snippets board. :)
I didn't know that. I have been waiting for one of my snippets to be approved :( I'll post it here then.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

Code: Select all

<form action="<? $_SERVER['PHP_SELF'] ?>" method="post"> 
That is a no no. Define the action or just leave it blank (don't know if that is the same security risks or not).
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

tecktalkcm0391 wrote:(don't know if that is the same security risks or not).
The security risk comes from outputting data that can be altered by the user, i.e. PHP_SELF. It's an XSS risk.
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

1: It doesn't take into account custom PHPBB table prefixes (you have phpbb_users, for example)
2: It uses the currently active MySQL connection to do the actions. So if I put in a separate connection between the include and the function definitions, it will run off the last MySQL connection I created (even though you assign a connection variable, you don't use it).
3: In your query results (the associated arrays), you use indexes instead of column names. The column names are static for PHPBB, so why not use the name, instead of the index? It's more user-friendly when modifying the code as you know right away which column you're referencing.
4: user_id in the prefix_users table is a mediumint, yet you're inserting it as a string
5: SQL Injection is prevalent in just about every query you run, you're not filtering any input whatsoever

It's a good start, just needs more work to make it secure and more ready to integrate with custom code.
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Post by The Phoenix »

Is this for phpbb2 or phpbb3?
kertz
Forum Newbie
Posts: 17
Joined: Sat Sep 15, 2007 2:34 am
Location: India

Post by kertz »

its made in phpBB 2 and by the way I just made it as a ground for more work... Its not yet secure or highly efficient... I thought maybe someone will find it useful! :D By the way I'll work on it to make it beter and thanks for all your comments that would be helpful!
kertz
Forum Newbie
Posts: 17
Joined: Sat Sep 15, 2007 2:34 am
Location: India

Post by kertz »

tecktalkcm0391 wrote:

Code: Select all

<form action="<? $_SERVER['PHP_SELF'] ?>" method="post"> 
That is a no no. Define the action or just leave it blank (don't know if that is the same security risks or not).

Well I didn't know that there is a security risk with that! Even the best reference books on PHP use it!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

kertz wrote:Well I didn't know that there is a security risk with that! Even the best reference books on PHP use it!
There actually is, and those books are incorrect for using it. Unfortunately, not all books go through thorough security checks, let alone quality code checks.
kertz
Forum Newbie
Posts: 17
Joined: Sat Sep 15, 2007 2:34 am
Location: India

Post by kertz »

well then whats the alternative?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

kertz wrote:well then whats the alternative?
Discontinuing the use of books. Also discontinuing the use of old (poorly written) tutorials and code examples. Unfortunately, the vast number of examples available are generally poorly written.
maxkinn
Forum Newbie
Posts: 2
Joined: Tue Apr 26, 2011 8:11 am

Re: Custom user registration in phpBB

Post by maxkinn »

Hi,
Quite useful information
but How can I call the activation function in order to make registration successful

thanks
Jessicaishot
Forum Newbie
Posts: 1
Joined: Sat Oct 29, 2011 9:48 am

Re: Custom user registration in phpBB

Post by Jessicaishot »

Hi all, I am trying to have phpbb insert username, user_email in to mytable where do I add my query as I am unfamiliar with phpbb3. I looked in includes/functions.php but again this is my firt time working with phpbb3. Here is what I was trying after a member registers on myboard the username,user_email are inseted into mytable. I only need these to feilds everthing else is not needed. So what I need is to know where phpbb3 registration page is and if I am looking in the right place.
Thanks everyone!

P.S. If someone can give me a (on delete, on update, on insert) That would be great.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Custom user registration in phpBB

Post by Mordred »

This code is utter crap, do not use it. Funny, the guys caught the XSS but didn't catch the glaring SQL injection nor the concurrency problem with user ids.
Post Reply