1 Topic by Peter (edited by Peter 2007-02-24 03:01)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Topic: How does authentication in PunBB work?

I'm trying to integrate PunBB into my main site, where I have a generic PHP login script. Both login scripts already use the same members table in MySQL. Members that sign up on the main site show up in PunBB's User List (and the other way around).

But a member that's logged in at the main site is not automatically logged in at PunBB. He or she has to login seperately at the PunBB login, with the same name/pass as on the main site. So that's already pretty good.

But how can I make PunBB accept the login from my main site?

On the main site I use something like this (and variations) for restricted pages:

<?

session_start();
if($_SESSION['s_logged_n'] == 'true'){} 

else { 
    header("Location: http://mainsite.com/login.php");
}

?>

How does authentication (/authorization?) in PunBB work? What's the general logic behind it? Which pages require authentication? Which pieces of code should I focus on? Where should I start?

I don't know php! I'm learning from examples, comparing between several scripts that do the same thing, copy pasting, trial and error. The above works on the main site, but I can't find something similar in PunBB that I can just replace to bring it into the main site.

Peter's Website

2 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

OK, I see PunBB uses cookies. Have no clue how that works...

Any suggestions how I could add PunBB's cookie stuff to the generic login script on my main page?

Peter's Website

3 Reply by quaker (edited by quaker 2007-02-25 22:45)

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

peter.. to do a simple login script ..
you will need to add a few lines of code to your index.php
then simple seach the forum for the login.php scripts.

go to punres.org click on wiki
go to mini-portal there you will find some useful info on how to integrate stuff.

try this code..this goes at the very top.......

<?php
 
define('PUN_ROOT', './');
define('PUN_QUIET_VISIT', 1);
require PUN_ROOT.'include/common.php';
 define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'include/parser.php';
 
?>
        your html coding..... that should allow you to put punbb tags inside your html...

this is the login.php block.
here is the code for login...

<?php
 
// Show login if not logged in
if($pun_user['is_guest'])
{
    if(!isset($focus_element) || (isset($focus_element) && !in_array('login', $focus_element)))
    {
 
    // Load the language files
    require PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';
    require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
 
    // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login)
    $redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';
 
    $required_fields = array('req_username' => $lang_common['Username'], 'req_password' => $lang_common['Password']);
 
?>
                  <div class="block">
 
<h2><span>Login</span></h2>
<div id="login" class="box">
<div class="inbox">             
        <div class="logintop">
            <form id="login" name="login" name="qpost" method="post" action="login.php?action=in" onsubmit="return process_form(this)">
<div style="text-align: center" class="inform">
 
 
 
 
 
 
 
                <p>
                    <input type="hidden" name="form_sent" value="1" />
                    <input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>" />
                     <?php echo $lang_common['Username'] ?><br />
                    <input type="text" name="req_username" size="16" maxlength="25" /><br /><br />
                     <?php echo $lang_common['Password'] ?><br />
 
 <input type="password" name="req_password" size="16" maxlength="16" wrap="virtual" onkeypress="if(event.keyCode==13) document.login.submit()" /><br /><br />
<input type="submit" name="login" value="<?php echo $lang_common['Login'] ?>" tabindex="3" /><br /><br />
                    <a href="register.php"><?php echo 'Register Now!'; ?></a>
                </p>
 
</div>
            </form>
        </div>
</div>
</div>
</div>
<?php
    }
}
?>

good luck..!


Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

4 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Thanks Quaker!

I think I had come across this one. It looks like it's the other way around from what I'm actually looking for; I don't want to have to put PunBB code in all my main site php pages, I want PunBB to accept the login of my main site.

On the main site I want to have a self-contained login/authorization script, that I can use for various other php scripts and is not dependant on PunBB. So I'll have to get rid of the PUN_ROOT stuff etc.

But this is probably a good starting point to study how it all works... :-)

Peter's Website

  • Registered: 2007-02-26
  • Posts: 7

Re: How does authentication in PunBB work?

Here's the code I'm currently using.  Notice the hard linking of forum/login.php in the HTML

<?php
 define('PUN_ROOT', './forum/');
define('PUN_QUIET_VISIT', 1);
require PUN_ROOT.'include/common.php';
 define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'include/parser.php';

 
// Show login if not logged in
if($pun_user['is_guest'])
{
    if(!isset($focus_element) || (isset($focus_element) && !in_array('login', $focus_element)))
    {
 
    // Load the language files
    require PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';
    require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
 
    // Set the $redirect_url to this page, 
    $redirect_url = '' ;
    if(isset($_SERVER['REQUEST_URI'])) {
        $redirect_url = $_SERVER['REQUEST_URI'] ;
    }
 
    $required_fields = array('req_username' => $lang_common['Username'], 'req_password' => $lang_common['Password']);
 
?>
        <div class="logintop">
            <form id="login" name="login" method="post" action="forum/login.php?action=in" onsubmit="return process_form(this)">
                <p>
                    <input type="hidden" name="form_sent" value="1" />
                    <input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>" />
                    <?php echo $lang_common['Username'] ?>:
                    <input type="text" name="req_username" size="16" maxlength="25" />
                     <?php echo $lang_common['Password'] ?>:
 
                    <input type="password" name="req_password" size="16" maxlength="16" />
                     <a href="#" onclick="document.login.submit(); return false"><?php echo $lang_common['Login'] ?></a>  |  <a href="register.php"><?php echo $lang_common['Register'] ?></a>
                </p>
            </form>
        </div>
<?php
    }
}else
{
?>
        <div class="logintop">
            <p>
                <?php echo $lang_common['Logged in as'].' <strong>'.pun_htmlspecialchars($pun_user['username']).'</strong>  |  <a href="forum/login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; ?>
            </p>
        </div>
<?php
}
?>

6 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Thanks yeehawjared!

Again, this seems a way to extend the PunBB login system to outside html pages. PunBB then becomes the core of the entire site.

I'm trying to put together a generic login system that's independent of PunBB and get PunBB to accept the login from that system.

Which pieces of PunBB code set/activate/check (?) the cookie? I guess I have to add those to my generic login system.

Peter's Website

7 Reply by hcgtv

  • hcgtv
  • hcgtv
  • Senior Member
  • Offline
  • From: Charlotte, NC
  • Registered: 2004-06-25
  • Posts: 1,991

Re: How does authentication in PunBB work?

Peter wrote:

PunBB then becomes the core of the entire site.

Yes, I'm in line with this thinking.

PHPCrossRef . TXP Make . TXP Themes . TXP Tags . TXP Planet . We Love TXP

hcgtv's Website

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

i took it one step father.. in the include/template folder
main.tpl
i took my css template and copied it there  and put the pun tags where i wanted the punbb stuff to show.. i had to create my own style system

http://lh4.google.com/image/whatyourname/ReIzu3IuY3I/AAAAAAAAAQI/w1yYr8t4R3g/s288/bf2site.jpg

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

9 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

hcgtv wrote:
Peter wrote:

PunBB then becomes the core of the entire site.

Yes, I'm in line with this thinking.

OK, but it's not what I want. I don't want PunBB to be the core of the site. I'm trying to put together a transparant, generic login system that I understand and is independent of the other PHP scripts that make up the site.

The style integration is no issue for me. I don't know PHP, but am pretty good with HTML and CSS. I strip PHP scripts from most of their templating and style stuff, pull them apart and then try to integrate them.

I just have trouble understanding PunBB's login system, especially the cookie stuff. So I'd welcome any pointers on how PunBB "sets cookies" and how PunBB checks if someone is logged in.

Peter's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: How does authentication in PunBB work?

Take a look at the aptly named check_cookie and pun_setcookie functions in include/functions.php?

11 Reply by Peter (edited by Peter 2007-02-26 02:16)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Smartys wrote:

Take a look at the aptly named check_cookie and pun_setcookie functions in include/functions.php?

That does make sense! But do you think it's at all possible what I want to do? Can I add these functions to another login script and make it somehow work to get into PunBB? Are there certain issues I should look out for?

For example, I guess I need the cookie info from the config file as well.

I'll go look for tutorials on PHP registration scripts with cookies...

Peter's Website

12 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

i know that you want to use your own login script... but the funtions of punbb and the ability to modify it and other functions that can be added is so much easier to just use the login from punbb with the extern.php functions all the way to new mods.. and all the punportals....
and with the release of 1.3 in the future ...

i would just simply use punbb as the core and backbone for anysite....
hcgtv... what up man..hahaha..


Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

13 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

My login system will end up looking a lot like PunBB's of course.

I'm now trying to "strip out" the registration script from PunBB and see if I can get it working "stand alone". (Again, I don't know PHP, so it's all a big adventure to me...)

Peter's Website

  • From: Ottawa, Canada
  • Registered: 2006-09-05
  • Posts: 308

Re: How does authentication in PunBB work?

Use punbb login/session data.

I recently wrote my own sessions manager (for guests+logged in users), You have a lot of stuff to worry about. Broken load-balance routers that make connections from two different IPs on the same session. SNAT routers that use the same ip for multiple users. Cookie stealers who can use the same generated cookie data as a current session. The list goes on. Use punbb as a registration and login method, and then integrate your other parts of the web with punbb's login.

I'm currently going the other way around (on this current project of mine), for various reasons particular to the project. I've also managed to finish the "session management" part of it in about a week tongue Ok... well 3 good days of reading and coding tongue

If your set on too much extra work, read the php docs on session_start() session_id() and session_regenerate_id(). Also, overthink about what to do when there are 2 session id's from different IPs, what to do about timeouts, how many types of timeouts to have. In mine I have "createtime" which is initialized once, "modifytime" which is changed each time it's "modify_timeout" seconds old (it also regenerates a new session id; generally done every 5 minutes to minimize the chance of a packet sniffer on the same SNAT stealing cookie data and hijacking a session), and "accesstime" which is changed each page view and after "acces_timeout" the user is marked as "idle" for too long, and needs to reverify his/her password, and after "delete_timeout" that session data is completely removed from the session table in the database. Now don't forget about what to do at login (ie: delete any sessions with the same user id; incase someone's session was hijacked, etc...).

In short, use punbb session handling, and login handling so that you don't have to think and worry. Use your own if you want to learn how to be a crazy mo fo, or where using punbb's wouldn't be allowed in the GNU GPL licence.

echo "deadram"; echo; fortune;

15 Reply by Peter (edited by Peter 2007-02-26 16:41)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Thanks deadram! That was very helpfull!

As a non-coder I really shouldn't try to wade into this territory. I guess I'll have to abandon my nice simple generic login... sad

But I still want to try to extract PunBB's login stuff and get it to work "stand alone". To start with I want to get rid of the overcomplicated PUN_ROOT addresses (edit: done! not that hard...) and options to change language files etc. Or will that open other cans of worms?

I want to simplify it to the point where even I understand it... wink

Peter's Website

  • From: Ottawa, Canada
  • Registered: 2006-09-05
  • Posts: 308

Re: How does authentication in PunBB work?

Peter wrote:

To start with I want to get rid of the overcomplicated PUN_ROOT addresses (edit: done! not that hard...)

Removing PUN_ROOT could cause some trouble once your include/requires' need to include or require other php files in some sub directory. for example:

www-root/simple_test/login.php
\--> include('common/db_layer.php')

www-root/simple_test/common/db_layer.php
\--> include('errors/db_errors.php')

www-root/simple_test/errors/db_errors.php

The above list ~should~ work fine on any server, but...

www-root/simple_test/sub_folder/index.php
\--> include('../common/db_layer.php')

www-root/simple_test/common/db_layer.php
\--> include('errors/db_errors.php')

www-root/simple_test/errors/db_errors.php

db_errors.php will not be found, it will be looked for in www-root/simple_test/sub_folder/. With that PUN_ROOT stuff prefixing each include, in sub_folder/index.php you would set PUN_ROOT to "../" and it would work fine. This won't be a problem if you don't use sub-folders for the viewable pages

Peter wrote:

and options to change language files etc

You could just delete the files, and replace every part of the code that has something like $lang['Blah'] with the text in the language of your choice. It will be much harder to translate your files into other languages though, and you might just end up adding that stuff back in if you ever do decide to support more then one language. I can only guess at what the etc... stuff is smile generally speaking though, if it's in there, it's there for a reason. This is especially true for punbb, which sports low CPU usage in comparison to other forum systems.

echo "deadram"; echo; fortune;

17 Reply by Peter (edited by Peter 2007-03-01 20:03)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Removing the PUN_ROOT stuff does cause lots of problem, so I'm now sticking to the PunBB way of doing things. But I'm not happy about it. PunBB is taking over my site.

For example, even replacing PunBB's header.php with the header from my main site causes all kinds of problems. PHP code, html and CSS are tightly interwoven in PunBB and almost impossible to pick apart if you don't read PHP.

Removing the templating system is complicated for the same reason. I want to use my own static transparant lite html/CSS, but PunBB won't let me because template files are "required" and connected with PHP and database in inscrutible ways.

Struggling on...

Peter's Website

18 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

dude... work with in the main.tpl
u can remove objects tags form the main.tpl so pun doesnt display it.

this is my main.tpl for http://bunpai.com
something that im hacking out... in my own style

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2" />
    <meta http-equiv="Content-Language" content="English" />
    <meta name="Author" content="Luka Cvrk (luka@solucija.com)" />
    <meta name="Robots" content="index,follow" />
    <meta name="Description" content="Bunpai Internet Sharing!" />
    <meta name="Keywords" content="Bunpai Internet Sharing!" />
    <link rel="stylesheet" type="text/css" href="style.css" />
    <title>Bunpai Internet Sharing!</title>
</head>
<body>
    <div id="main">
        <div id="logo">
            <h1>Bunpai <span class="blue">Internet Sharing!</span></h1>
        </div>
        <ul id="menu">
            <li class="active"><a href="index.php" accesskey="h"><span class="key">H</span>ome</a></li>
            <li class="active"><a href="gallery.php" accesskey="f"><span class="key">G</span>allery</a></li>
            <li class="active"><a href="forum.php" accesskey="r"><span class="key">F</span>orum</a></li>
            <li class="active"><a href="contact.php" accesskey="p"><span class="key">C</span>ontact</a></li>
            <li class="active"><a href="Links.php" accesskey="o"><span class="key">L</span>inks</a></li>
            
        </ul>
        
        <div id="intro_left">
            <p>The leading textbook in <a href="http://aima.cs.berkeley.edu/">Artificial Intelligence</a>. Used in over 1000 universities in 91 countries (over 90% market share) and the 85th most cited publication on Citeseer.</p>
        
        </div>
        
        <div id="intro_right">
            <p class="white">Artificial Intelligence</p>
            <h1>Term by definition</h1>
            <p>A branch of computer science that studies how to endow computers with capabilities of human intelligence. For example, speech recognition is a problem being worked on by AI scientists.</p>
        </div>
<ul id="menu_left">
</ul>
        
        
        <div id="left">
            <div class="box">
                <p><pun_sidelinks></p>
                <p><pun_include "login.php"></p>
                <p><pun_include "ads.php"></p>
                <pun_userbox>
                <p><pun_include "affiliates.php"></p>
                <p><pun_include "Link.php"></p>
            </div>
            <div class="note">
                <p><a href="register.php" title="Register Now!">Register now</a> to get a one yr access for free!</p>
            </div>
        </div>
        <div id="right">
            <div class="leftcol">
                <p><pun_include "portalnews.php"></p>
                <p></p>
            </div>
            <div class="rightcol">
                <p><pun_include "rss1.php"></p><br />
                
            </div>

            <div class="special">
                <p><pun_main></p>    
            </div>
        </div>
    
        <div id="footer">
            <p>© Copyright <a href="http://modelcrowd.com">MC</a> 2006 · Design: <a href="http://www.solucija.com/" title="Information Architecture and Web Design">Luka Cvrk</a> : Powered by<a href="http://punbb.org" title="Rickard"> Punbb</a> </p>
        </div>
    </div>
</body>
</html>

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

19 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

I want to get rid of PunBB's templating system, because I'm not going to let users change skins or whatever. So I don't want to have to deal with main.tpl. I would have liked the code to work within the html/css and system of php includes I already had.

Again, I'll probably be forced to rewrite everything to fit PunBB's wishes.

Peter's Website

20 Reply by quaker (edited by quaker 2007-03-01 20:33)

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

what i did was the same thing you are trying to do..
in the main.tpl if you link to another css than punbb style it over rides the style system except the admin css...
notice 

<link rel="stylesheet" type="text/css" href="style.css" />

that what im talking about
you join bunpai.com
and see for ya self.
i had to do some editing from the css and the cs_css of punbb style so that the forum will not look all crazy...

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

21 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

I want to make changes beyond just replacing the stylesheets. My main site has a different layout and different layouts on different pages within the site. I want PunBB elements to fit in those existing layouts. I can't do that if I'm stuck to PunBB's templating system.

Peter's Website

22 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

look for punportal
they give a way to have different css on each page..
that might be able to help you.

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

23 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

I don't want Pun's templating systems to take over my site. PunBB will not be the only PHP script on the site.

And I want to split PHP code and html as much as possible. PunBB seems to have them mostly mixed up in the same pages.

Peter's Website

24 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: How does authentication in PunBB work?

ok.. that kewl.. im just trying to find the best answer using punbb.....

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

25 Reply by Peter (edited by Peter 2007-03-02 20:00)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: How does authentication in PunBB work?

Sticking to PunBB's way of doing things I guess this is the answer to my original question:

<?
 
define('PUN_ROOT', './');
define('PUN_QUIET_VISIT', 1);
require PUN_ROOT.'include/common.php';
 define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'include/parser.php';

if ($pun_user['is_guest'])
{
    echo '<meta content="5; URL = http://homepage.com" http-equiv="Refresh" />';
    echo '<center>You have to be logged in to view this page.<br /> You are now being redirected to the homepage!</center>';
}

else
{    $tpl_temp = '<ul>'."\n\t\t\t\t".'<li>'.$lang_common['Logged in as'].' <strong>'.pun_htmlspecialchars($pun_user['username']).'</strong></li>'."\n\t\t\t\t".'<li>'.$lang_common['Last visit'].': '.format_time($pun_user['last_visit']).'</li>';

?>
<p>Whatever else you want to show to logged in members</p>
<?
}
?>

I'm still trying to seperate the required PunBB code from all the template stuff etc. For example, in one external php script I had trouble with Pun's common.php because it pulls in a very long function.php that already declared (?) a redirect.

Thanks for all the great suggestions!! smile

Peter's Website