Topic: Reading session information from outside of punBB

Hello,

I am setting up a home-made CMS/blog alongside punBB. The main blog is at www.domain.com, and the forum is at www.domain.com/forum.

What I'd like to be able to do is read forum information from inside the main CMS. So, while in the blog, if they are logged in they will see a comment forum to post comments to the blog. If they are not logged in, they see a message saying they can't comment.

I do not need or want header integration, just reading session information from PunBB. Is this possible?

2 (edited by johnreynolds10 2009-08-18 08:15)

Re: Reading session information from outside of punBB

Can anyone help us out? I am also interested in finding answer for this. Thanks.....Indie

3

Re: Reading session information from outside of punBB

Yes, it is possible.

You will need to mimic the session code from PunBB in your CMS.

Re: Reading session information from outside of punBB

Little help on exactly which code to mimic? I try putting this code in the head:

if (!defined('FORUM_ROOT'))
    define('FORUM_ROOT', 'forum/');
require FORUM_ROOT.'include/common.php';

But then I get this error:


Warning: require(forum/include/essentials.php) [function.require]: failed to open stream: No such file or directory in /home/ruesome/public_html/g/forum/include/common.php on line 15

Warning: require(forum/include/essentials.php) [function.require]: failed to open stream: No such file or directory in /home/ruesome/public_html/g/forum/include/common.php on line 15

Fatal error: require() [function.require]: Failed opening required 'forum/include/essentials.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/ruesome/public_html/g/forum/include/common.php on line 15

Re: Reading session information from outside of punBB

Alright, I got it working for me in a very, very, VERY simple way. It is not all that secure, but for my means it is okay:

//include the config file from PunBB
include ("forum/config.php");

//Decode the forum cookie.
$decoded_cookie = base64_decode($_COOKIE[$cookie_name]);
$logged_in_info = explode("|",$decoded_cookie);
echo "User ID: ".$logged_in_info[0];

Obviously, if the cookie isn't set, the user isn't logged in. The user's password is also saved within the cookie and can be cross-checked to verify it is not a spoofed cookie for added security, which I may add eventually but for now this is about all the implementation I am looking for. Using the User ID, you can look up the user's information in the database and echo it all out in commenting forms and stuff across the site.

Anyway, there's my basic solution. Very interested in other people's.

6

Re: Reading session information from outside of punBB

That's pretty much what I had in mind, yes. I would check that database to make sure the password matches, though.

Re: Reading session information from outside of punBB

Alright, my revised script:

//include the config file from PunBB
include ("forum/config.php");

//Decode the forum cookie.
$decoded_cookie = base64_decode($_COOKIE[$cookie_name]);
$logged_in_info = explode("|",$decoded_cookie);

//Grab the user's profile out of the forum
$result_com_from = mysql_db_query($database, "SELECT * FROM forum_users WHERE id = '".$logged_in_info[0]."'") or die (mysql_error());
$qry_com_from = mysql_fetch_array($result_com_from);

// Compare the     password hash in the cookie with the user's password hash stored for the forum. If they don't match, kill the script.
if ($logged_in_info[0] != $qry_com_from['password']) { 
    die("Sorry, there's something wrong with your cookie. Maybe you're a hacker? Try logging out and back in and see if that helps."); 
} else {

        // Continue processing here because the cookie pass matched the database pass

}

Re: Reading session information from outside of punBB

Revisions welcome, obviously, but this is working well for me.

I'm extending the functionality even further, with simple things like increasing the user's post count when they make comments outside of the forum. I am very interested to see how other people are implementing PunBB functionality across different CMSes.

9

Re: Reading session information from outside of punBB

$result_com_from = mysql_db_query($database, "SELECT * FROM forum_users WHERE id = '".$logged_in_info[0]."'") or die (mysql_error());

This is BEGGING for a hack. At least use

mysql_real_escape_string($logged_in_info[0])

instead of

$logged_in_info[0]

10

Re: Reading session information from outside of punBB

timwasson wrote:

I am very interested to see how other people are implementing PunBB functionality across different CMSes.

I did it the other way around - I replaced all PunBB code that queries its users table or deals with user authentication to instead use the code of our CMS. Even made an extension out of it, although that extension needs heavy modification for other CMS's. Search the forums here, I posted it somewhere.