Topic: auto login

first sorry for my english skill that poor. smile
just got couple problem n are desperate for solution

i just dowload punbb 1.3, and want to use it for my website, but i need too modify it but have some problem. i build a web that have member area, i just want to when the user click forum link on my web and he is already login in my web, when he click the forum link, he doesn't have to login again. so he automatically login to in forum when he login in my web.

i already search in this forum and read this thread http://punbb.informer.com/forums/topic/3912/auto-login/

i try it on 1.3 version, it works but it have an error in the redirecting page..here is the image..
http://i39.tinypic.com/2eveo10.jpg

just wander how to get rid of that error...

and my second problem is..i just lost in the encryption for the password value..
i usually just use the md5 function, but in punbb when i look at the source code..
it has many function with sha1, random_key, etc.....

just very confuse with it, i am still a newbie php programmer so i am still learning..
hope can find solution here...

thanks b4... smile

Re: auto login

sIpIt_nya wrote:

i try it on 1.3 version, it works but it have an error in the redirecting page..here is the image..

This error appears because you need to define the redirect url in authorization form (it is hidden value). After authorization,
the forum will redirect the user to this URL.

sIpIt_nya wrote:

just wander how to get rid of that error...

and my second problem is..i just lost in the encryption for the password value..
i usually just use the md5 function, but in punbb when i look at the source code..
it has many function with sha1, random_key, etc.....

just very confuse with it, i am still a newbie php programmer so i am still learning..
hope can find solution here...

To get the correct hash of a password, you need to call the function "forum_hash" with two arguments: 1) Your password; 2) Salt which you can get from the table "users", field "salt" of your user record.

3 (edited by sIpIt_nya 2009-05-18 16:51)

Re: auto login

well, i try it again today..
at least one of problem has been solved, it's very strange though.

i already succesfully add a new user now, when a user register from my website so it's automatically register at the punbb forum too.

problem i had before is the password that seems can't work. i already used the function forum_hash and random_key that i took from function.php in punbb to use it for the user password, but i cannot login.

but when i change to encryption only with md5, it suddenly work.

so my query in my web site looks like this..

@require_once 'punbb/include/functions.php';
$salt = random_key(12);
$registered = time();
$registration_ip = $_SERVER['REMOTE_ADDR'];
$last_visit = time();
            
@mysql_query("INSERT INTO `punbb_users` (`username`,`group_id`,`password`,`email`,`email_setting`, `timezone`,`dst`,`language`,`style`,`registered`,`registration_ip`,`last_visit`,`salt`,`activate_key`) VALUES ('".$_POST[username]."','3','".md5($_POST[password])."','".$_POST[email]."','1','7','1','English','Oxygen','".$registered."','".$registration_ip."','".$last_visit."','".$salt."',NULL)") or die(mysql_error());

my code before that can't work look like this

@require_once 'punbb/include/functions.php';
$salt = random_key(12);
$password_hash = forum_hash($_POST[password],$salt);
$registered = time();
$registration_ip = $_SERVER['REMOTE_ADDR'];
$last_visit = time();
            
@mysql_query("INSERT INTO `punbb_users` (`username`,`group_id`,`password`,`email`,`email_setting`, `timezone`,`dst`,`language`,`style`,`registered`,`registration_ip`,`last_visit`,`salt`,`activate_key`) VALUES ('".$_POST[username]."','3','".$password_hash."','".$_POST[email]."','1','7','1','English','Oxygen','".$registered."','".$registration_ip."','".$last_visit."','".$salt."',NULL)") or die(mysql_error());

just wonder what happen there...


and my error problem with the redirect url still can work it out.
that error messages still appearing..just wonder how can i fixed it?

my url is like this
punbb/login.php?form_sent=1&req_username=jokowi&req_password=1234

and i change the code in function.php with this

if (isset($_REQUEST['form_sent']) && empty($action))
{
    $form_username = forum_trim($_REQUEST['req_username']);
    $form_password = forum_trim($_REQUEST['req_password']);

i only change $_POST to $_REQUEST....

Re: auto login

sIpIt_nya wrote:

and my error problem with the redirect url still can work it out

In forum's core, redirect URL stored in $_POST['redirect_url'] in the hidden forum value.
Could you, please, describe the details of your integration? What mechanism of authorization have you used at your site? Cookie? Sessions?

Re: auto login

well, sorry for lack of information..
my authorization for my web is using Session.
but i don't send it to punbb forum the variable $_SESSION to punbb forum, instead i send the username n password value in the url to access punbb forum.

well i access the forum through my website with this url :
www.mysite.com/punbb/login.php?form_sent=1&req_username=jokowi&req_password=1234"

username = jokowi
password = 1234
value req_username is coming from username that are currently login
and the password value are coming from password from the user that currently login.

and i change login.php code in punbb forum in this section
code before i change

$action = isset($_GET['action']) ? $_GET['action'] : null;
$errors = array();

// Login
if (isset($_POST['form_sent']) && empty($action))
{
    $form_username = forum_trim($_POST['req_username']);
    $form_password = forum_trim($_POST['req_password']);
    $save_pass = isset($_POST['save_pass']);
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
}

code after i changed it

$action = isset($_GET['action']) ? $_GET['action'] : null;
$errors = array();

// Login
if (isset($_REQUEST['form_sent']) && empty($action))
{
    $form_username = forum_trim($_REQUEST['req_username']);
    $form_password = forum_trim($_REQUEST['req_password']);
    $save_pass = isset($_POST['save_pass']);
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
        ....
}

well, that is my method to auto login into punbb forum and i get that error as display in the image on my first post.
any solution? smile

Re: auto login

I think it would be better for you to change the code of function "cookie_login" in "<FORUM_ROOT>/include/functions.php". This function is used for checking if a user was authorized or not on every page of the forum. You can replace the forum's mechanism of authorizing with yours, which you used at your site. And if the user was authorized at your site it will be authorized at the forum.

Re: auto login

i already try to replace cookie_login function, but it's got very complicated and i can't make it work. maybe there's some value missing or other thing.

so i turn back to my old way that i describe above, and finally get rid of that error that appearing in the redirect page...
i just give the value "www.mysite.com/punbb" to replace the $_POST['redirect_url'] and it's work. that error message doesn't appear again.

so i will use that url to login.. just have to modificate it so the security problem can be avoid. maybe with md5 function there.

thanks very much slavok for helping me out here. smile