• Registered: 2008-12-30
  • Posts: 4

Topic: integration with custom front end

Hello

Which way should one go to integrate his own database stuff with punbb ?
Should i add custom fields to forum database tables that are already in punbb or create additional tables with my own site specific information ?
I would gain a bit of flexibility at cost of performance if i would split these two apart.
However i would like to stick to user authentication in punbb.

Also could you point me to which variables are important when it comes to authentication  and how should I handle them 'outside' punbb on my main page? Is it enough if I put some $_SESSION var and direct it to forum pages ?

If you could point out what I should be careful with it would be really nice cause Ive always worked on Intranet with 0% chance of attacks.

2 Reply by MattF

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: integration with custom front end

Whichever suits the occasion best. For example, if you merely need an extra column in the user table, then add an extra column. If, however, you want a completely separate table for some new addition that isn't related to any of the existing tables, create a new table. Keeping with the general layout and flow is my personal method.

With regards to input, just make sure you verify the integrity of *ALL* input which can be supplied to your scripts. Trust nothing and check everything. It is better to be too paranoid than not enough. big_smile

MattF's Website

  • Registered: 2008-12-30
  • Posts: 4

Re: integration with custom front end

Hello

Thank you for your reply.
Im looking at login.php and am I correct assuming its just the cookie thats keeping auth information ?
I got used to $_SESSION variable after proper login with the database. Is it possible to verify against cookie together with session var? That would eliminate the 'remember me' option...

Im sorry that Im so noobish with methods used over internet smile Just trying to be on the safe side.
Am I assuming correctly if i verify the login against the users table of phpbb in my custom main page script and create a cookie named like my phpbb config (or default name) just the way it is done by forum_setcookie function called in login.php I will be safe from harm?

4 Reply by MattF (edited by MattF 2008-12-30 14:54)

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: integration with custom front end

calebos wrote:

Am I assuming correctly if i verify the login against the users table of phpbb in my custom main page script and create a cookie named like my phpbb config (or default name) just the way it is done by forum_setcookie function called in login.php I will be safe from harm?

I'm not overly familiar with the 1.3* code, but if you include common.php within your script, you will then have access to all the cookie functions and the forum_user? array. smile Just have a quick look at the code, and you will see how straight forward it should be to integrate. smile

Edit: The devs or one of the 1.3* chaps will let you know if anything is different from the above. I'm still firmly stuck in the 1.2* code camp. big_smile

MattF's Website

  • Registered: 2008-12-30
  • Posts: 4

Re: integration with custom front end

Hello

I finished the basic main page stuff.

Im going to use 1 forum for newswriting.  I edited my mainpage php so it cuts the news item if the writer used a <eon> inside the post so the lenght is controlled on the main page. I got the links for stuff finished but Im still a bit confused with the login variables used by punbb.

Would some admin care to explain in a simple way what do I need to do (which variables and how) so I dont mess up anything and its done the same way as it is on punbb ? Precisely what are and what do they do

<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="redirect_url" value="http://localhost/punbb/viewtopic.php?id=3" />
<input type="hidden" name="csrf_token" value="05b183b9678d9b2c43490bd35de77bfac0eea26e" />