Topic: Intergrating Login System

I have a login system for my site as well as the forums, they share a table together quite well but one thing I was never able to do was integrate the login system.

When I look at the contents of the cookie that punBB writes I can see a lot of information along with what looks like a sha1 or md5 hash. I need to know how to replicate all that information so I can write it to a cookie and use my sites login for both the site and forums.

I have looked at the source for login.php, not really much help. A direction in this would be great.

Thanks,
Sam

2

Re: Intergrating Login System

include/functions.php. The cookie generation functions and such are near the top of the file.

3 (edited by mattxb 2008-04-14 02:42)

Re: Intergrating Login System

I've just tried to do the same thing for my own site, if I understand correctly; you want to use the login system for your main website to 'automatically' log people in to the punBB forum... Ie, use the main site's user validation system instead of punBB's?

I modified my functions.php file so that the function check_cookie() looks like: (sorry, I used quote instead of code so I could highlight some bits)

function check_cookie(&$pun_user)
{
    global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;

    $now = time();
    $expire = $now + 31536000;    // The cookie expires after a year

    //// We assume it's a guest
    //$cookie = array('user_id' => 1, 'password_hash' => 'Guest');

    // If a cookie is set, we get the user_id and password hash from it
    //if (isset($_COOKIE[$cookie_name])) {
    //    list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
    //}

    //if ($cookie['user_id'] > 1)
    if (userIsLoggedIn() > 100)

    {
        // Check if there's a user with the user ID and password hash from the cookie
        $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '
            .$db->prefix.'users AS u INNER JOIN '
            .$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '
            .$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='
            .intval(CURRENT_USER_FORUMID)) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
        $pun_user = $db->fetch_assoc($result);

       
        //if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
        //{
        //    pun_setcookie(1, md5(uniqid(rand(), true)), $expire);
        //    set_default_user();
        //    return;
        //}

The bits in bold are the bits I modified. userIsLoggedIn() is a function in my login system that check the user is logged in, and populates some constants to useful user info. It returns a code that specifies the user level, so my check > 100 means that the user is present and logged in, with the correct permissions.

I replaced part of the sql statement so that instead of getting the punBB user id from a cookie, it gets it from some data read from my own website's user table in my userIsLoggedIn() function. Basically when I register a new user, I automatically add a user record to the punBB database, and then add that (forum) user id to a special field in my own website user table, which I read out again in userIsLoggedIn().

Then notice I remove the later check leading to set_default_user() since it's unecessary since I've already validated that the user is ok by that point.

This seems to work ok so far, and you never need worry about creating cookies?...

Edit: This was with v. 1.2.17, btw...

Re: Intergrating Login System

mattxb,

thanks for sharing that with us. How about the forum username display... did you change the forum's code to display their username from your site's main users table?

Eoin

5 (edited by mattxb 2008-04-14 16:13)

Re: Intergrating Login System

This is the only modification that I've made so far. The user name is the same in both cases because I just put the same user name in both user tables (the main site, and the forum).

There is a slight problem now that I have possibly two profiles per user; the forum one and anything I make for my own site. I'll probably try and block access to the forum profile and redirect to my own site profile, although now I'll have to add extra parts to my profile pages so I can update forum options like the time zone and email options... And I have no idea how to do that yet...

Edit: I figure it's more elegant to keep two separate databases and minimise modifications to punBB, than it is to have one database for everything but add lots of modifications to the punBB code...

Edit II: Hmm, maybe having the profile clashes means it is easier to maintain a single user table, after all... smile