You are not logged in. Please login or register.
PunBB Forums → PunBB 1.3 troubleshooting → [SOLVED] PHP code to check that user is logged on?
Hello
The article PunBB 1.3 integration shows how to use PunBB's authentication module in external applications by displaying its logon form.
But once the user has logged on successfully and received the necessary cookie... what code should I use in the external application in all restricted areas to check that the user is logged on and, if not, redirect him to that logon page?
Thank you.
I mean the equivalent of this page for PhpBB:
http://www.phpbb.com/community/viewtopi … ;t=1677625
I guess I could do this myself by reading if the browser returned a cookie named "forum_cookie_b2bbd3", check that this key exists in $_SESSION[], and find what the username is from this session.
But before doing this, I'd like to make sure PunBB doesn't already provide a safer/cleaner way.
Thank you.
Thanks Grez. I figured there should be a simpler solution.
And finally, now that users are authenticated in the blog part of the site... what URL should I use to provide a "Log out" button or hyperlink?
The Log Out URL in the PunBB forum seems to include the SessionID as returned by the browser:
http://punbb.informer.com/forums/logout/10921/b9ecde09d23f6f2a82f558b92ab556827558049b/Is this URL also available as a variable in PunBB?
Thank you.
Here it is, in ./include/functions:
$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'">'.$lang_common['Logout'].'</a></li>';However, the user ends up in the PunbBB forum... while he was in the blog when clicking on the Logout link I displayed 
How can I tell login.php to redirect the user to a different URL instead of the forum?
Thank you.
You could add $_GET variable to the link and then at login.php check whether the variable is set.
./include/functions.php
line 446:
$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'&blog=true">'.$lang_common['Logout'].'</a></li>';
line 452:
$links['logout'] = '<li id="navlogout"><a href="'.forum_link($forum_url['logout'], array($forum_user['id'], generate_form_token('logout'.$forum_user['id']))).'&blog=true">'.$lang_common['Logout'].'</a></li>';
./login.php
line 163:
($hook = get_hook('li_logout_pre_redirect')) ? eval($hook) : null;if(isset($_GET['blog'])) redirect('http://google.com', $lang_login['Logout redirect']);
redirect(forum_link($forum_url['index']), $lang_login['Logout redirect']);
Thanks again Grez for the idea. Solved solved 
One last little thing, though: I notice that after calling a form with action=login.php to let the user authenticate against PunBB... once redirected, the URL has "/?login=1" added to the URL, ie.
http://192.168.0.8/?login=1Reading through login.php, this is due to the final redirect():
if (isset($_POST['form_sent']) && empty($action))
{
[...]
redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&' : '?').'login=1', $lang_login['Login redirect']);
}Before I go ahead and just remove this bit... does someone know if it's really needed and removing it could have some nasty side-effect?
Thank you.
It's for checking whether user was logged successfully
./include/common.php, 120
// Check to see if we logged in without a cookie being set
if ($forum_user['is_guest'] && isset($_GET['login']))
message($lang_common['No cookie']);Thanks for the clarification. From the code above, I guess it means that in case the user tried to fake authentication by calling the URL with "login=whatever" added manually, PunBB will display an error message.
But in my case, the user has been logged on OK since a cookie is available, and so, $forum_user['is_guest'] == False.
So I'm not sure whether I can remove "login=1" safely. It's just for esthetics, though, not a major issue.
Thanks.
It's for checking, whether user's browser has enabled cookies (you can't loggin without that). But in your case, you know that if he'd been logged OK you can remove it
Thanks Grez
PunBB Forums → PunBB 1.3 troubleshooting → [SOLVED] PHP code to check that user is logged on?
Powered by PunBB, supported by Informer Technologies, Inc.