Single Login for Coldfusion CMS and PHPBB3

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
d1rty
Registered User
Posts: 1
Joined: Tue Oct 30, 2007 1:08 pm

Re: Single Login for Coldfusion CMS and PHPBB3

Post by d1rty »

I realise you may be already on the way to sorting this, but it may be of some use to you or others. I've built a club portal using ColdFusion (ModelGlue:Unity, Reactor and Coldspring) and phpBB3, I'm using phpBB3's user table and authenticating my CF application against that.

Rather than alter the phpBB password hashing (because we had users registered in the forum already) I built a command line interface to phpBB that could be executed using <cfexecute>. This has the advantage that my phpBB3 install is completely unmodified, and my CF app doesn't care what system is authenticating the users, so i could for example change forum software and write a new connector if i needed to.

LoginController.cfc

Code: Select all

<cfexecute name="/usr/bin/php" arguments='-q #expandpath("/")#/forum/webapi/cli.php login "#username#" "#password#"' variable="result" timeout="10"></cfexecute>
cli.php

Code: Select all

if($method == 'login') {
	$username = $argv[2];
	$password = $argv[3];
	$result = login_db($username, $password);
	write($result, 'rsp');
}
The write function returns xml that can be parsed be CF, like

Code: Select all

<rsp><status>10</status><error_msg>LOGIN_ERROR_USERNAME</error_msg><user_row><user_id>1</user_id></user_row></rsp>
So that will only check the login, if you want to start a session for them in phpBB (ie single signon) then you need to do a bit more. Theres some very useful info in this article, i used it to figure out how to do this.

LoginController.cfc

Code: Select all

			<!--- try and log them into phpbb at the same time --->
			<!--- initial call to get start a session --->
			<cfhttp url="http://#CGI.SERVER_NAME#:#CGI.SERVER_PORT#/forum/index.php" method="GET" useragent="#CGI.HTTP_USER_AGENT#"></cfhttp>
			<cfset cookies = getCookies(cfhttp)> <!--- customFunction, see article above --->
			
			<!--- log them in --->
			<cfhttp url="http://#CGI.SERVER_NAME#:#CGI.SERVER_PORT#/forum/ucp.php?mode=login" method="post" useragent="#CGI.HTTP_USER_AGENT#">
				<cfloop from="1" to="#arrayLen(cookies)#" index="i">
					<cfhttpparam type="cookie" name="#lcase(cookies[i].NAME)#" value="#cookies[i].VALUE#">
				</cfloop>
				<cfhttpparam type="formfield" name="username" value="#username#">
				<cfhttpparam type="formfield" name="password" value="#password#">
				<cfhttpparam type="formfield" name="login" value="Login">
			</cfhttp>
			<cfset authcookies = getCookies(cfhttp)>
			
			<!--- set the authed cookies --->
			<cfloop from="1" to="#arrayLen(authcookies)#" index="i">
				<!--- we can't use cfcookie here because it will ucase the cookie name!! --->
				<cfheader name="Set-Cookie" value="#lcase(authcookies[i].name)#=#authcookies[i].value#; path=/;">
				<cfif authcookies[i].name EQ "phpbb3_bsysp_sid">
					<cfset sid = authcookies[i].value>
				</cfif>
			</cfloop>
			
			<!--- update phpbb's session table so show the clients ip, not the servers --->
			<cfquery name="qUpdateSessionIP" datasource="#getModelGlue().getBean('reactorConfiguration').getDSN()#">
			UPDATE phpbb_sessions SET session_ip = '#CGI.REMOTE_ADDR#'
			WHERE session_id = '#sid#';
			</cfquery>
So far this is working very well for me, and i've implemented methods for login, group_user_add, group_user_del, group_set_user_default, get_lang_string and submit_post.

d1rty
R_GomeZ
Registered User
Posts: 1
Joined: Mon Jul 21, 2008 12:45 am

Re: Single Login for Coldfusion CMS and PHPBB3

Post by R_GomeZ »

Hello,

I used this method to change the phpbb3 encryptation method. But by what I could read it uses double md5 hashing. What do I have to do use a simple md5. I want this because I use SA-MP Multiplayer Gamemode and it's reading passwords from phpbb3 users table. And it reads in md5. So they need to be in md5. Please help me! It's very urgent.
jimz
Registered User
Posts: 3
Joined: Thu Nov 20, 2008 8:16 am

Re: Single Login for Coldfusion CMS and PHPBB3

Post by jimz »

Halooo Master jrl pleasee help me i have the same interest as you have

i need to connect my coldfusion single sign on to phpbb3

and i have read your discussion in this forum and that u said it's worked.

please teach me ho to do it. how to use single sign on within coldfusion and phpBB3?

Please Help................

jimz
Registered User

Joined: Thu Nov 20, 2008 8:16 am
Private messageE-mail :shock:
jimz
Registered User
Posts: 3
Joined: Thu Nov 20, 2008 8:16 am

Re: Single Login for Coldfusion CMS and PHPBB3

Post by jimz »

hai jrl copy i have reach you on your email but had no answer yet

can you teach me how to make it work , i really need it.

Thanks.....
jimz
Registered User
Posts: 3
Joined: Thu Nov 20, 2008 8:16 am

Re: Single Login for Coldfusion CMS and PHPBB3

Post by jimz »

hai can you show me the entire source code to made single sign on in coldfusion works with phpbb3?

please tell me........ hellllppppp
wowforum
Registered User
Posts: 17
Joined: Tue Jan 22, 2008 5:36 am

Re: Single Login for Coldfusion CMS and PHPBB3

Post by wowforum »

im really a fan of PHPBB3. Its an awesome forum.

Im trying to validate password for user in PHPBB3 using CF. However, when I did hash or md5, it does not match the password. When I look into the database, all password start with $H$9.

My login form is simple with fields below to send to my validation page:
username: PHPBB3
user_password: abcd1234

In my login form, I would put the data above. In my page to validate the form, it should validate the user_password in the table. For some reason, when I hash or do md5, it does not match.

What Im trying to do is convert the plain text user_password from the login form to md5 or hash, so it will validate in phpbb_users table

Any explanation how to convert my password so I can validate it to PHPBB3 will be appreciated. Thanks
User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10589
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster

Re: Single Login for Coldfusion CMS and PHPBB3

Post by Noxwizard »

You need to use phpbb_check_hash() to check the password, as it's not an md5. To convert it from plaintext, you need to use phpbb_hash(). You may have to duplicate these functions in Coldfusion if you can't call it from PHP.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

Return to “[3.0.x] Support Forum”