1 (edited by littlebigfred 2010-07-26 22:10)

Topic: [SOLVED] PHP code to check that user is logged on?

Hello

The article PunBB 1.3 integration shows how to use PunBB's authentication module in external applications by displaying its logon form.

But once the user has logged on successfully and received the necessary cookie... what code should I use in the external application in all restricted areas to check that the user is logged on and, if not, redirect him to that logon page?

Thank you.

Re: [SOLVED] PHP code to check that user is logged on?

I mean the equivalent of this page for PhpBB:

http://www.phpbb.com/community/viewtopi … ;t=1677625

I guess I could do this myself by reading if the browser returned a cookie named "forum_cookie_b2bbd3", check that this key exists in $_SESSION[], and find what the username is from this session.

But before doing this, I'd like to make sure PunBB doesn't already provide a safer/cleaner way.

Thank you.

3

Re: [SOLVED] PHP code to check that user is logged on?

$forum_user['is_guest']

  smile

Eraversum - scifi browser-based online webgame

Re: [SOLVED] PHP code to check that user is logged on?

Thanks Grez. I figured there should be a simpler solution.

And finally, now that users are authenticated in the blog part of the site... what URL should I use to provide a "Log out" button or hyperlink?

The Log Out URL in the PunBB forum seems to include the SessionID as returned by the browser:

http://punbb.informer.com/forums/logout/10921/b9ecde09d23f6f2a82f558b92ab556827558049b/

Is this URL also available as a variable in PunBB?

Thank you.

Re: [SOLVED] PHP code to check that user is logged on?

Here it is, in ./include/functions:

$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'">'.$lang_common['Logout'].'</a></li>';

However, the user ends up in the PunbBB forum... while he was in the blog when clicking on the Logout link I displayed hmm

How can I tell login.php to redirect the user to a different URL instead of the forum?

Thank you.

6

Re: [SOLVED] PHP code to check that user is logged on?

You could add $_GET variable to the link and then at login.php check whether the variable is set.

./include/functions.php

line 446:
$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'&blog=true">'.$lang_common['Logout'].'</a></li>';

line 452:
$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'&blog=true">'.$lang_common['Logout'].'</a></li>';

./login.php

line 163:
($hook = get_hook('li_logout_pre_redirect')) ? eval($hook) : null;

if(isset($_GET['blog'])) redirect('http://google.com', $lang_login['Logout redirect']);
redirect(forum_link($forum_url['index']), $lang_login['Logout redirect']);

Eraversum - scifi browser-based online webgame

Re: [SOLVED] PHP code to check that user is logged on?

Thanks again Grez for the idea. Solved solved smile

Re: [SOLVED] PHP code to check that user is logged on?

One last little thing, though: I notice that after calling a form with action=login.php to let the user authenticate against PunBB... once redirected, the URL has "/?login=1" added to the URL, ie.

http://192.168.0.8/?login=1

Reading through login.php, this is due to the final redirect():

if (isset($_POST['form_sent']) && empty($action))
{
[...]
     redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&amp;' : '?').'login=1', $lang_login['Login redirect']);
        }

Before I go ahead and just remove this bit... does someone know if it's really needed and removing it could have some nasty side-effect?

Thank you.

9

Re: [SOLVED] PHP code to check that user is logged on?

It's for checking whether user was logged successfully smile

./include/common.php, 120

// Check to see if we logged in without a cookie being set
if ($forum_user['is_guest'] && isset($_GET['login']))
    message($lang_common['No cookie']);
Eraversum - scifi browser-based online webgame

Re: [SOLVED] PHP code to check that user is logged on?

Thanks for the clarification. From the code above, I guess it means that in case the user tried to fake authentication by calling the URL with "login=whatever" added manually, PunBB will display an error message.

But in my case, the user has been logged on OK since a cookie is available, and so, $forum_user['is_guest'] == False.

So I'm not sure whether I can remove "login=1" safely. It's just for esthetics, though, not a major issue.

Thanks.

11

Re: [SOLVED] PHP code to check that user is logged on?

It's for checking, whether user's browser has enabled cookies (you can't loggin without that). But in your case, you know that if he'd been logged OK you can remove it  smile

Eraversum - scifi browser-based online webgame

Re: [SOLVED] PHP code to check that user is logged on?

Thanks Grez smile