Integrating phpBB3 with site-wide authorization system

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Post Reply
User avatar
nickb611
Registered User
Posts: 69
Joined: Sat Nov 24, 2007 4:58 am

Integrating phpBB3 with site-wide authorization system

Post by nickb611 »

Hello,

I'm interested in adding phpBB to my site but I'm not sure if I should. The forums would be in:
http://www.example.com/forum
while the rest of the domain at
http://www.example.com
has a lot of other stuff going on,including an authorization / login / registration system.
How hard is it to integrate phpBB's authorization system with the entire domain?
Should I rely on phpBB's registration / authorization system as the main registration for the site?
User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10489
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Integrating phpBB3 with site-wide authorization system

Post by Noxwizard »

It's not too hard. You start the phpBB session, and you can call the phpBB functions to do logins and registrations.

Here's an example of an external registation:

Code: Select all

<?php
define('IN_PHPBB',true);
$phpbb_root_path = "./phpBB3/";
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require_once( $phpbb_root_path . "common." . $phpEx );
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
 
if($user->data['is_registered'])
{
        meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
        trigger_error("You are already registered!");
}
 
$submit = request_var('submit', '');
if($submit)
{
        // Retrieve default group ID
        $sql = 'SELECT group_id
                FROM ' . GROUPS_TABLE . "
                WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
                        AND group_type = " . GROUP_SPECIAL;
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
 
        if (!$row)
        {
                trigger_error('NO_GROUP');
        }
        $group_id = $row['group_id'];
        
 
        $data = array(
                'username'                      => utf8_normalize_nfc(request_var('username', '', true)),
                'user_password'         => phpbb_hash(request_var('password', '', true)),
                'user_email'            => strtolower(request_var('email', '')),
                'group_id'                      => (int) $group_id,
                'user_type'                     => USER_NORMAL,
                'user_ip'                       => $user->ip,
        );
        
        $user_id = user_add($data);
 
        if ($user_id === false)
        {
                trigger_error('NO_USER', E_USER_ERROR);
        }
 
        //Set up welcome message
        if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
        {
                $message = $user->lang['ACCOUNT_INACTIVE'];
        }
        else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
        {
                $message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
        }
        else
        {
                $message = $user->lang['ACCOUNT_ADDED'];
        }
        
        //Display message
        $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
        trigger_error($message);
}
else
{
        echo '<form action="./register.php" method="post">
                        Username: <input type="text" name="username" /><br />
                        E-mail address: <input type="text" name="email" size="25" maxlength="100" /><br />
                        Password: <input type="password" name="password" size="25" /><br />
                        <input type="submit" name="submit" value="Submit" />
                        </form>';
}
?>
Example login:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if($user->data['is_registered'])
{
    //User is already logged in
}
else
{
    $username = request_var('username', '', true);
    $password = request_var('password', '', true);

    $result = $auth->login($username, $password);

    if ($result['status'] == LOGIN_SUCCESS)
    {
        //User was successfully logged into phpBB
    }
    else
    {
        //User's login failed
    }
}
?>
You can run a search under my username with the keyword integration and find similar topics: http://www.phpbb.com/community/search.p ... d%5B%5D=64
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.
User avatar
nickb611
Registered User
Posts: 69
Joined: Sat Nov 24, 2007 4:58 am

Re: Integrating phpBB3 with site-wide authorization system

Post by nickb611 »

Thanks for your reply!

You're right, that looks very manageable. There's probably some other things I would like to do outside of the forums, such as the group-coloration displaying everywhere. But, if it is that easy to generate a login script using phpBB's setup it seems like I found what I was looking for.
User avatar
nickb611
Registered User
Posts: 69
Joined: Sat Nov 24, 2007 4:58 am

Re: Integrating phpBB3 with site-wide authorization system

Post by nickb611 »

Noxwizard, if you could help me with this I'd be on my way and very happy. I'm trying to get register.php to work outside the forums. It's close! I just can't do these things:

1) I want to integrate the CAPTCHA image, confirm email address, and confirm password outside of the forums.
2) The page doesn't check if the username is taken, and it probably doesn't check other fields too. How do I get it to check the registration fields? If I try to register a username taken a SQL Error outputs. I'd want to validate the username, password, email, and CAPTCHA image, just like phpBB's original register feature.
3) For the most part, I don't want to go through the UCP, I'd rather just echo "You've been successfully registered" to the page, or if you weren't successfully registered, an error message with the registration prompt again.
4) The trigger_error() for $validate_password and $validate_username don't work, so I found the functions to call for these commands, I just don't know how to implement them!

Here's my register.php:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = './forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
 
if($user->data['is_registered'])
{
        meta_refresh(3, append_sid("index.$phpEx"));
        trigger_error("You are already registered!");
}
 
$submit = request_var('submit', '');
if($submit)
{
        // Retrieve default group ID
        $sql = 'SELECT group_id
                FROM ' . GROUPS_TABLE . "
                WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
                        AND group_type = " . GROUP_SPECIAL;
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
 
        if (!$row)
        {
                trigger_error('NO_GROUP');
        }
        $group_id = $row['group_id'];
        
 
        $data = array(
                'username'                      => utf8_normalize_nfc(request_var('username', '', true)),
                'user_password'         => phpbb_hash(request_var('password', '', true)),
                'user_email'            => strtolower(request_var('email', '')),
                'group_id'                      => (int) $group_id,
                'user_type'                     => USER_NORMAL,
                'user_ip'                       => $user->ip,
        );
        
        $validate_username = validate_username($data['username']);
        if ($validate_username !== false)
        {
                trigger_error($validate_username, E_USER_ERROR);
        }
        
        $validate_password = validate_password($data['user_password']);
        if ($validate_password !== false)
        {
          trigger_error($validate_password, E_USER_ERROR);
        }
        
        $validate_email = validate_email($data['user_email']);
        if ($validate_email !== false)
        {
         trigger_error($validate_email, E_USER_ERROR);
        }
        
        $user_id = user_add($data);
 
        if ($user_id === false)
        {
                trigger_error('NO_USER', E_USER_ERROR);
        }
 
        //Set up welcome message
        if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
        {
                $message = $user->lang['ACCOUNT_INACTIVE'];
        }
        else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
        {
                $message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
        }
        else
        {
                $message = $user->lang['ACCOUNT_ADDED'];
        }
        
        //Display message
        $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
        trigger_error($message);
}
else
{
        echo '<form action="./register.php" method="post">
              Username: <input type="text" name="username" /><br />
              E-mail address: <input type="text" name="email" size="25" maxlength="100" /><br />
              Password: <input type="password" name="password" size="25" /><br />
              <input type="submit" name="submit" value="Submit" />
              </form>';
}
?>
Thanks for helping me!
User avatar
*Christian*
I've Been Banned!
Posts: 884
Joined: Sat Nov 03, 2007 1:35 pm
Location: Location, Location.

Re: Integrating phpBB3 with site-wide authorization system

Post by *Christian* »

Hello,

I'm curious how to do this also, however integrating with a HTML powered homepage. I tried but a ton of php code gets printed on the site.

Any pointers please? I'm a novice at php coding :lol:
Proud owner of Bertie 3.0
:: No support via PM or IM ::
User avatar
nickb611
Registered User
Posts: 69
Joined: Sat Nov 24, 2007 4:58 am

Re: Integrating phpBB3 with site-wide authorization system

Post by nickb611 »

*Christian* wrote:Hello,

I'm curious how to do this also, however integrating with a HTML powered homepage. I tried but a ton of php code gets printed on the site.

Any pointers please? I'm a novice at php coding :lol:
I would assume you'll have to rename your file .php and then start the phpBB sessions.
User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10489
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Integrating phpBB3 with site-wide authorization system

Post by Noxwizard »

nickb611: Those functions do not do what you think they should do. For example, the validate_password function only checks complexity and not length. Same for email, it checks for MX domains, standard layout, etc. and not length.

If you look in includes/ucp/ucp_register.php around line 187, you'll notice all the data is passed into the validate_data() function. You will need to do something similar to that. I have some partial code written, but it's late, so I will look more into it later.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.
User avatar
nickb611
Registered User
Posts: 69
Joined: Sat Nov 24, 2007 4:58 am

Re: Integrating phpBB3 with site-wide authorization system

Post by nickb611 »

I noticed that earlier, once I read through the functions and not just their commented description. So, here's what I came up with, and I'm pretty sure it works. You can hold onto it if somebody has the same question as I did, and maybe tell me if I screwed it up or not. It looks like it works. Anyhow, register.php:

Code: Select all

define('IN_PHPBB', true);
$phpbb_root_path = './forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
 
if($user->data['is_registered'])
{
        meta_refresh(3, append_sid("index.$phpEx"));
        trigger_error("You are already registered!");
}

		if ($config['require_activation'] == USER_ACTIVATION_DISABLE)
		{
			trigger_error('UCP_REGISTER_DISABLE');
		}

		$confirm_id		= request_var('confirm_id', '');		
		$submit			= (isset($_POST['submit'])) ? true : false;
		// Check and initialize some variables if needed
		if ($submit)
		{
		 		$error = $cp_data = $cp_error = array();

		$data = array(
			'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
			'new_password'		=> request_var('new_password', '', true),
			'password_confirm'	=> request_var('password_confirm', '', true),
			'email'				=> strtolower(request_var('email', '')),
			'email_confirm'		=> strtolower(request_var('email_confirm', '')),
			'confirm_code'		=> request_var('confirm_code', ''),
		);
		
			$error = validate_data($data, array(
				'username'			=> array(
					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
					array('username', '')),
				'new_password'		=> array(
					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
					array('password')),
				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
				'email'				=> array(
					array('string', false, 6, 60),
					array('email')),
				'email_confirm'		=> array('string', false, 6, 60),
				'confirm_code'		=> array('string', !$config['enable_confirm'], 5, 8),
			));

			// Replace "error" strings with their real, localised form
			$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

			// DNSBL check
			if ($config['check_dnsbl'])
			{
				if (($dnsbl = $user->check_dnsbl('register')) !== false)
				{
					$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
				}
			}

			// Visual Confirmation handling
			$wrong_confirm = false;
			if ($config['enable_confirm'])
			{
				if (!$confirm_id)
				{
					$error[] = $user->lang['CONFIRM_CODE_WRONG'];
					$wrong_confirm = true;
				}
				else
				{
					$sql = 'SELECT code
						FROM ' . CONFIRM_TABLE . "
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
							AND confirm_type = " . CONFIRM_REG;
					$result = $db->sql_query($sql);
					$row = $db->sql_fetchrow($result);
					$db->sql_freeresult($result);

					if ($row)
					{
						if (strcasecmp($row['code'], $data['confirm_code']) === 0)
						{
							$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
								WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
									AND session_id = '" . $db->sql_escape($user->session_id) . "'
									AND confirm_type = " . CONFIRM_REG;
							$db->sql_query($sql);
						}
						else
						{
							$error[] = $user->lang['CONFIRM_CODE_WRONG'];
							$wrong_confirm = true;
						}
					}
					else
					{
						$error[] = $user->lang['CONFIRM_CODE_WRONG'];
						$wrong_confirm = true;
					}
				}
			}

			if (!sizeof($error))
			{
				if ($data['new_password'] != $data['password_confirm'])
				{
					$error[] = $user->lang['NEW_PASSWORD_ERROR'];
				}

				if ($data['email'] != $data['email_confirm'])
				{
					$error[] = $user->lang['NEW_EMAIL_ERROR'];
				}
			}

			if (!sizeof($error))
			{
				$server_url = generate_board_url();

				// Which group by default?
				$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';

				$sql = 'SELECT group_id
					FROM ' . GROUPS_TABLE . "
					WHERE group_name = '" . $db->sql_escape($group_name) . "'
						AND group_type = " . GROUP_SPECIAL;
				$result = $db->sql_query($sql);
				$row = $db->sql_fetchrow($result);
				$db->sql_freeresult($result);

				if (!$row)
				{
					trigger_error('NO_GROUP');
				}

				$group_id = $row['group_id'];

				if (($coppa ||
					$config['require_activation'] == USER_ACTIVATION_SELF ||
					$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
				{
					$user_actkey = gen_rand_string(10);
					$key_len = 54 - (strlen($server_url));
					$key_len = ($key_len < 6) ? 6 : $key_len;
					$user_actkey = substr($user_actkey, 0, $key_len);

					$user_type = USER_INACTIVE;
					$user_inactive_reason = INACTIVE_REGISTER;
					$user_inactive_time = time();
				}
				else
				{
					$user_type = USER_NORMAL;
					$user_actkey = '';
					$user_inactive_reason = 0;
					$user_inactive_time = 0;
				}

				$user_row = array(
					'username'				=> $data['username'],
					'user_password'			=> phpbb_hash($data['new_password']),
					'user_email'			=> $data['email'],
					'group_id'				=> (int) $group_id,
					'user_timezone'			=> (float) $data['tz'],
					'user_dst'				=> $is_dst,
					'user_lang'				=> $data['lang'],
					'user_type'				=> $user_type,
					'user_actkey'			=> $user_actkey,
					'user_ip'				=> $user->ip,
					'user_regdate'			=> time(),
					'user_inactive_reason'	=> $user_inactive_reason,
					'user_inactive_time'	=> $user_inactive_time,
				);

				// Register user...
				$user_id = user_add($user_row, $cp_data);

				// This should not happen, because the required variables are listed above...
				if ($user_id === false)
				{
					trigger_error('NO_USER', E_USER_ERROR);
				}

				if ($coppa && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_COPPA'];
					$email_template = 'coppa_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE'];
					$email_template = 'user_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
					$email_template = 'admin_welcome_inactive';
				}
				else
				{
					$message = $user->lang['ACCOUNT_ADDED'];
					$email_template = 'user_welcome';
				}

				if ($config['email_enable'])
				{
					include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

					$messenger = new messenger(false);

					$messenger->template($email_template, $data['lang']);

					$messenger->to($data['email'], $data['username']);

					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

					$messenger->assign_vars(array(
						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
						'USERNAME'		=> htmlspecialchars_decode($data['username']),
						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
					);

					if ($coppa)
					{
						$messenger->assign_vars(array(
							'FAX_INFO'		=> $config['coppa_fax'],
							'MAIL_INFO'		=> $config['coppa_mail'],
							'EMAIL_ADDRESS'	=> $data['email'])
						);
					}

					$messenger->send(NOTIFY_EMAIL);

					if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
					{
						// Grab an array of user_id's with a_user permissions ... these users can activate a user
						$admin_ary = $auth->acl_get_list(false, 'a_user', false);
						$admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();

						// Also include founders
						$where_sql = ' WHERE user_type = ' . USER_FOUNDER;

						if (sizeof($admin_ary))
						{
							$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
						}

						$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
							FROM ' . USERS_TABLE . ' ' .
							$where_sql;
						$result = $db->sql_query($sql);

						while ($row = $db->sql_fetchrow($result))
						{
							$messenger->template('admin_activate', $row['user_lang']);
							$messenger->to($row['user_email'], $row['username']);
							$messenger->im($row['user_jabber'], $row['username']);

							$messenger->assign_vars(array(
								'USERNAME'			=> htmlspecialchars_decode($data['username']),
								'U_USER_DETAILS'	=> "$server_url/memberlist.$phpEx?mode=viewprofile&u=$user_id",
								'U_ACTIVATE'		=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
							);

							$messenger->send($row['user_notify_type']);
						}
						$db->sql_freeresult($result);
					}
				}

				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
				trigger_error($message);
			}
		}

		$s_hidden_fields = array(
			'agreed'		=> 'true',
			'change_lang'	=> 0,
		);
        
		$s_hidden_fields = build_hidden_fields($s_hidden_fields);

		$confirm_image = '';

		// Visual Confirmation - Show images

		if ($config['enable_confirm'])
		{
			if ($change_lang)
			{
				$str = '&change_lang=' . $change_lang;
				$sql = 'SELECT code
						FROM ' . CONFIRM_TABLE . "
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
							AND confirm_type = " . CONFIRM_REG;
				$result = $db->sql_query($sql);
				if (!$row = $db->sql_fetchrow($result))
				{
					$confirm_id = '';
				}
				$db->sql_freeresult($result);
			}
			else
			{
				$str = '';
			}
			if (!$change_lang || !$confirm_id)
			{
				$user->confirm_gc(CONFIRM_REG);
					
				$sql = 'SELECT COUNT(session_id) AS attempts
					FROM ' . CONFIRM_TABLE . "
					WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
						AND confirm_type = " . CONFIRM_REG;
				$result = $db->sql_query($sql);
				$attempts = (int) $db->sql_fetchfield('attempts');
				$db->sql_freeresult($result);

				if ($config['max_reg_attempts'] && $attempts > $config['max_reg_attempts'])
				{
					trigger_error('TOO_MANY_REGISTERS');
				}

				$code = gen_rand_string(mt_rand(5, 8));
				$confirm_id = md5(unique_id($user->ip));
				$seed = hexdec(substr(unique_id(), 4, 10));

				// compute $seed % 0x7fffffff
				$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

				$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
					'confirm_id'	=> (string) $confirm_id,
					'session_id'	=> (string) $user->session_id,
					'confirm_type'	=> (int) CONFIRM_REG,
					'code'			=> (string) $code,
					'seed'			=> (int) $seed)
				);
				$db->sql_query($sql);
			}
			$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
			$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
		}

		//
		$l_reg_cond = '';
		switch ($config['require_activation'])
		{
			case USER_ACTIVATION_SELF:
				$l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
			break;

			case USER_ACTIVATION_ADMIN:
				$l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
			break;
		}
		
	   $error_display = (sizeof($error)) ? implode('<br />', $error) : '';
	   echo $error_display;

       echo '<form action="./register.php" method="post">        
              Username: <input type="text" name="username" /><br />
              E-mail address: <input type="text" name="email" size="25" maxlength="100" /><br />
              Confirm E-Mail address: <input type="text" name="email_confirm" size="25" maxlength="100"><br />
              Password: <input type="password" name="new_password" size="25" /><br />
              Confirm Password: <input type="password" name="password_confirm" size="25" /><br />
              '.$confirm_image.'
              <input type="text" name="confirm_code" size="8" maxlength="8" /><br />'.$s_hidden_fields.'<br />
              <input type="submit" name="submit" value="Submit" />
              </form>';
	    
    
Superman859
Registered User
Posts: 46
Joined: Sat Nov 18, 2006 7:05 pm

Re: Integrating phpBB3 with site-wide authorization system

Post by Superman859 »

Thanks for the code. I will be implementing it shortly.

Is it possible to modify this so that it will register and activate new members without requiring email validation, regardless of the settings in the control panel? I want to require people registering through the forums to have to validate the email address, but when I use this script I do not want to require it as it will make a process not function smoothly and be interrupted.

I'm sure it's possible - I'm just not sure which part to modify so that it will mark them as active and not send out any validation emails (since they will already be active).

Second, I noticed if I turn registration to none, it automatically routes the user back to the message board and says 'you are successfully registered..you can log in now...' with their name or whatever. Is there a way to automatically log them in upon successful registration? Is there a way to redirect to another page rather than the forums stating 'you are successfully registered...'

If it helps - here is what I am trying to do. I am integrating with my site which is a pay site. I want to make new member signup easy and conflict free, but right now they have to make a username first, activate via email, then go back and log in, then they can pick a payment method.

Instead, I would rather have it work similar to amazon - first present a login box. If they have a name, they can register. If not, they create one (using this register.php). If registering here, I do not want to require email validation or anything - I want it to automatically log them in and take them to the next step (pick payment type) - I need them logged in at this step so I can get some information.

So I'm just trying to make the process as smooth as possible - based on some statistics it seems like I lose quite a few people during the process. It's smooth for people already registered and activated, but not at all for those who are not.
Arty Ziff
Registered User
Posts: 11
Joined: Sat Aug 27, 2005 1:16 am

Re: Integrating phpBB3 with site-wide authorization system

Post by Arty Ziff »

Is there a way to log out without redirecting to a forum page? In other words, stay on the same page you log out in?
Budde
Registered User
Posts: 40
Joined: Tue Oct 30, 2007 9:59 pm

Re: Integrating phpBB3 with site-wide authorization system

Post by Budde »

nickb611 wrote:I noticed that earlier, once I read through the functions and not just their commented description. So, here's what I came up with, and I'm pretty sure it works. You can hold onto it if somebody has the same question as I did, and maybe tell me if I screwed it up or not. It looks like it works. Anyhow, register.php:

Code: Select all

define('IN_PHPBB', true);
$phpbb_root_path = './forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
 
if($user->data['is_registered'])
{
        meta_refresh(3, append_sid("index.$phpEx"));
        trigger_error("You are already registered!");
}

		if ($config['require_activation'] == USER_ACTIVATION_DISABLE)
		{
			trigger_error('UCP_REGISTER_DISABLE');
		}

		$confirm_id		= request_var('confirm_id', '');		
		$submit			= (isset($_POST['submit'])) ? true : false;
		// Check and initialize some variables if needed
		if ($submit)
		{
		 		$error = $cp_data = $cp_error = array();

		$data = array(
			'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
			'new_password'		=> request_var('new_password', '', true),
			'password_confirm'	=> request_var('password_confirm', '', true),
			'email'				=> strtolower(request_var('email', '')),
			'email_confirm'		=> strtolower(request_var('email_confirm', '')),
			'confirm_code'		=> request_var('confirm_code', ''),
		);
		
			$error = validate_data($data, array(
				'username'			=> array(
					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
					array('username', '')),
				'new_password'		=> array(
					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
					array('password')),
				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
				'email'				=> array(
					array('string', false, 6, 60),
					array('email')),
				'email_confirm'		=> array('string', false, 6, 60),
				'confirm_code'		=> array('string', !$config['enable_confirm'], 5, 8),
			));

			// Replace "error" strings with their real, localised form
			$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

			// DNSBL check
			if ($config['check_dnsbl'])
			{
				if (($dnsbl = $user->check_dnsbl('register')) !== false)
				{
					$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
				}
			}

			// Visual Confirmation handling
			$wrong_confirm = false;
			if ($config['enable_confirm'])
			{
				if (!$confirm_id)
				{
					$error[] = $user->lang['CONFIRM_CODE_WRONG'];
					$wrong_confirm = true;
				}
				else
				{
					$sql = 'SELECT code
						FROM ' . CONFIRM_TABLE . "
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
							AND confirm_type = " . CONFIRM_REG;
					$result = $db->sql_query($sql);
					$row = $db->sql_fetchrow($result);
					$db->sql_freeresult($result);

					if ($row)
					{
						if (strcasecmp($row['code'], $data['confirm_code']) === 0)
						{
							$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
								WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
									AND session_id = '" . $db->sql_escape($user->session_id) . "'
									AND confirm_type = " . CONFIRM_REG;
							$db->sql_query($sql);
						}
						else
						{
							$error[] = $user->lang['CONFIRM_CODE_WRONG'];
							$wrong_confirm = true;
						}
					}
					else
					{
						$error[] = $user->lang['CONFIRM_CODE_WRONG'];
						$wrong_confirm = true;
					}
				}
			}

			if (!sizeof($error))
			{
				if ($data['new_password'] != $data['password_confirm'])
				{
					$error[] = $user->lang['NEW_PASSWORD_ERROR'];
				}

				if ($data['email'] != $data['email_confirm'])
				{
					$error[] = $user->lang['NEW_EMAIL_ERROR'];
				}
			}

			if (!sizeof($error))
			{
				$server_url = generate_board_url();

				// Which group by default?
				$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';

				$sql = 'SELECT group_id
					FROM ' . GROUPS_TABLE . "
					WHERE group_name = '" . $db->sql_escape($group_name) . "'
						AND group_type = " . GROUP_SPECIAL;
				$result = $db->sql_query($sql);
				$row = $db->sql_fetchrow($result);
				$db->sql_freeresult($result);

				if (!$row)
				{
					trigger_error('NO_GROUP');
				}

				$group_id = $row['group_id'];

				if (($coppa ||
					$config['require_activation'] == USER_ACTIVATION_SELF ||
					$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
				{
					$user_actkey = gen_rand_string(10);
					$key_len = 54 - (strlen($server_url));
					$key_len = ($key_len < 6) ? 6 : $key_len;
					$user_actkey = substr($user_actkey, 0, $key_len);

					$user_type = USER_INACTIVE;
					$user_inactive_reason = INACTIVE_REGISTER;
					$user_inactive_time = time();
				}
				else
				{
					$user_type = USER_NORMAL;
					$user_actkey = '';
					$user_inactive_reason = 0;
					$user_inactive_time = 0;
				}

				$user_row = array(
					'username'				=> $data['username'],
					'user_password'			=> phpbb_hash($data['new_password']),
					'user_email'			=> $data['email'],
					'group_id'				=> (int) $group_id,
					'user_timezone'			=> (float) $data['tz'],
					'user_dst'				=> $is_dst,
					'user_lang'				=> $data['lang'],
					'user_type'				=> $user_type,
					'user_actkey'			=> $user_actkey,
					'user_ip'				=> $user->ip,
					'user_regdate'			=> time(),
					'user_inactive_reason'	=> $user_inactive_reason,
					'user_inactive_time'	=> $user_inactive_time,
				);

				// Register user...
				$user_id = user_add($user_row, $cp_data);

				// This should not happen, because the required variables are listed above...
				if ($user_id === false)
				{
					trigger_error('NO_USER', E_USER_ERROR);
				}

				if ($coppa && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_COPPA'];
					$email_template = 'coppa_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE'];
					$email_template = 'user_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
					$email_template = 'admin_welcome_inactive';
				}
				else
				{
					$message = $user->lang['ACCOUNT_ADDED'];
					$email_template = 'user_welcome';
				}

				if ($config['email_enable'])
				{
					include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

					$messenger = new messenger(false);

					$messenger->template($email_template, $data['lang']);

					$messenger->to($data['email'], $data['username']);

					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

					$messenger->assign_vars(array(
						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
						'USERNAME'		=> htmlspecialchars_decode($data['username']),
						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
					);

					if ($coppa)
					{
						$messenger->assign_vars(array(
							'FAX_INFO'		=> $config['coppa_fax'],
							'MAIL_INFO'		=> $config['coppa_mail'],
							'EMAIL_ADDRESS'	=> $data['email'])
						);
					}

					$messenger->send(NOTIFY_EMAIL);

					if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
					{
						// Grab an array of user_id's with a_user permissions ... these users can activate a user
						$admin_ary = $auth->acl_get_list(false, 'a_user', false);
						$admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();

						// Also include founders
						$where_sql = ' WHERE user_type = ' . USER_FOUNDER;

						if (sizeof($admin_ary))
						{
							$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
						}

						$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
							FROM ' . USERS_TABLE . ' ' .
							$where_sql;
						$result = $db->sql_query($sql);

						while ($row = $db->sql_fetchrow($result))
						{
							$messenger->template('admin_activate', $row['user_lang']);
							$messenger->to($row['user_email'], $row['username']);
							$messenger->im($row['user_jabber'], $row['username']);

							$messenger->assign_vars(array(
								'USERNAME'			=> htmlspecialchars_decode($data['username']),
								'U_USER_DETAILS'	=> "$server_url/memberlist.$phpEx?mode=viewprofile&u=$user_id",
								'U_ACTIVATE'		=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
							);

							$messenger->send($row['user_notify_type']);
						}
						$db->sql_freeresult($result);
					}
				}

				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
				trigger_error($message);
			}
		}

		$s_hidden_fields = array(
			'agreed'		=> 'true',
			'change_lang'	=> 0,
		);
        
		$s_hidden_fields = build_hidden_fields($s_hidden_fields);

		$confirm_image = '';

		// Visual Confirmation - Show images

		if ($config['enable_confirm'])
		{
			if ($change_lang)
			{
				$str = '&change_lang=' . $change_lang;
				$sql = 'SELECT code
						FROM ' . CONFIRM_TABLE . "
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
							AND confirm_type = " . CONFIRM_REG;
				$result = $db->sql_query($sql);
				if (!$row = $db->sql_fetchrow($result))
				{
					$confirm_id = '';
				}
				$db->sql_freeresult($result);
			}
			else
			{
				$str = '';
			}
			if (!$change_lang || !$confirm_id)
			{
				$user->confirm_gc(CONFIRM_REG);
					
				$sql = 'SELECT COUNT(session_id) AS attempts
					FROM ' . CONFIRM_TABLE . "
					WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
						AND confirm_type = " . CONFIRM_REG;
				$result = $db->sql_query($sql);
				$attempts = (int) $db->sql_fetchfield('attempts');
				$db->sql_freeresult($result);

				if ($config['max_reg_attempts'] && $attempts > $config['max_reg_attempts'])
				{
					trigger_error('TOO_MANY_REGISTERS');
				}

				$code = gen_rand_string(mt_rand(5, 8));
				$confirm_id = md5(unique_id($user->ip));
				$seed = hexdec(substr(unique_id(), 4, 10));

				// compute $seed % 0x7fffffff
				$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

				$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
					'confirm_id'	=> (string) $confirm_id,
					'session_id'	=> (string) $user->session_id,
					'confirm_type'	=> (int) CONFIRM_REG,
					'code'			=> (string) $code,
					'seed'			=> (int) $seed)
				);
				$db->sql_query($sql);
			}
			$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
			$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
		}

		//
		$l_reg_cond = '';
		switch ($config['require_activation'])
		{
			case USER_ACTIVATION_SELF:
				$l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
			break;

			case USER_ACTIVATION_ADMIN:
				$l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
			break;
		}
		
	   $error_display = (sizeof($error)) ? implode('<br />', $error) : '';
	   echo $error_display;

       echo '<form action="./register.php" method="post">        
              Username: <input type="text" name="username" /><br />
              E-mail address: <input type="text" name="email" size="25" maxlength="100" /><br />
              Confirm E-Mail address: <input type="text" name="email_confirm" size="25" maxlength="100"><br />
              Password: <input type="password" name="new_password" size="25" /><br />
              Confirm Password: <input type="password" name="password_confirm" size="25" /><br />
              '.$confirm_image.'
              <input type="text" name="confirm_code" size="8" maxlength="8" /><br />'.$s_hidden_fields.'<br />
              <input type="submit" name="submit" value="Submit" />
              </form>';
	    
    
I got this error using the above code:

Fatal error: Cannot redeclare deregister_globals() (previously declared in C:\wamp\www\local\phpBB\phpBB3\common.php:32) in C:\wamp\www\local\phpBB\phpBB3\common.php on line 94
Tom
Former Team Member
Posts: 2665
Joined: Tue Jun 20, 2006 2:12 am
Name: Tom
Contact:

Re: Integrating phpBB3 with site-wide authorization system

Post by Tom »

I'm bumping this topic because I could really use this script. I hope that someone can reply and answer why the script posted by nickb611 gave an error.

EDIT: I tested the posted script and received no errors. I wonder why you were getting an error with this script, Budde.
Tom C. - Former Moderator Team Member
phpBB3 Smiley Pak Generator | Legend Repositioning MOD | My GitHub | My Site
Post Reply

Return to “phpBB Discussion”