Rather than alter the phpBB password hashing (because we had users registered in the forum already) I built a command line interface to phpBB that could be executed using <cfexecute>. This has the advantage that my phpBB3 install is completely unmodified, and my CF app doesn't care what system is authenticating the users, so i could for example change forum software and write a new connector if i needed to.
LoginController.cfc
Code: Select all
<cfexecute name="/usr/bin/php" arguments='-q #expandpath("/")#/forum/webapi/cli.php login "#username#" "#password#"' variable="result" timeout="10"></cfexecute>
Code: Select all
if($method == 'login') {
$username = $argv[2];
$password = $argv[3];
$result = login_db($username, $password);
write($result, 'rsp');
}
Code: Select all
<rsp><status>10</status><error_msg>LOGIN_ERROR_USERNAME</error_msg><user_row><user_id>1</user_id></user_row></rsp>
LoginController.cfc
Code: Select all
<!--- try and log them into phpbb at the same time --->
<!--- initial call to get start a session --->
<cfhttp url="http://#CGI.SERVER_NAME#:#CGI.SERVER_PORT#/forum/index.php" method="GET" useragent="#CGI.HTTP_USER_AGENT#"></cfhttp>
<cfset cookies = getCookies(cfhttp)> <!--- customFunction, see article above --->
<!--- log them in --->
<cfhttp url="http://#CGI.SERVER_NAME#:#CGI.SERVER_PORT#/forum/ucp.php?mode=login" method="post" useragent="#CGI.HTTP_USER_AGENT#">
<cfloop from="1" to="#arrayLen(cookies)#" index="i">
<cfhttpparam type="cookie" name="#lcase(cookies[i].NAME)#" value="#cookies[i].VALUE#">
</cfloop>
<cfhttpparam type="formfield" name="username" value="#username#">
<cfhttpparam type="formfield" name="password" value="#password#">
<cfhttpparam type="formfield" name="login" value="Login">
</cfhttp>
<cfset authcookies = getCookies(cfhttp)>
<!--- set the authed cookies --->
<cfloop from="1" to="#arrayLen(authcookies)#" index="i">
<!--- we can't use cfcookie here because it will ucase the cookie name!! --->
<cfheader name="Set-Cookie" value="#lcase(authcookies[i].name)#=#authcookies[i].value#; path=/;">
<cfif authcookies[i].name EQ "phpbb3_bsysp_sid">
<cfset sid = authcookies[i].value>
</cfif>
</cfloop>
<!--- update phpbb's session table so show the clients ip, not the servers --->
<cfquery name="qUpdateSessionIP" datasource="#getModelGlue().getBean('reactorConfiguration').getDSN()#">
UPDATE phpbb_sessions SET session_ip = '#CGI.REMOTE_ADDR#'
WHERE session_id = '#sid#';
</cfquery>
d1rty