External use of phpBB session(s)

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
WackOo
Registered User
Posts: 8
Joined: Sat Jan 27, 2018 3:05 pm

External use of phpBB session(s)

Post by WackOo » Wed Oct 16, 2019 9:10 am

Hello everyone,

Before I stared, I've used phpBB Support Toolkit and probably ran every option I had to get back to basics, I've then updated from PHP 5.6.40 and phpBB 3.0.13-PL1 to PHP 7.3.10 and phpBB 3.2.8 which works fine as far as the phpBB part goes.
I'm also trying to link it to my custom made front-end website, which gives me a hassle.

I'm simply using the following code below, which has worked fine for several years in combination with 3.0.13-PL1 and several older versions:

Code: Select all

<?php
/* phpBB Session */
define('IN_phpBB', true);
$phpbb_root_path = (defined('phpBB_ROOT_PATH')) ? phpBB_ROOT_PATH : './forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
@include($phpbb_root_path . 'common.' . $phpEx);
@include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
@include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
When I'm logged in into the updated forum, the sessions works and stays active when browsing the forum(s).
But as soon as I go to my custom made front-end and refresh that page, the session destroys even for the forum ( 3.2.8 ).

I've narrowed it down, by stripping my own code and just leaving the following code in 'index-test.php':

Code: Select all

<?php
/* phpBB Session */
define('IN_phpBB', true);
$phpbb_root_path = (defined('phpBB_ROOT_PATH')) ? phpBB_ROOT_PATH : './forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
@include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if($user->data['user_id'] != ANONYMOUS) {
	echo '<h4>Hello  '.$user->data['user_id'].'&nbsp;!</h4>';
} else {
	echo '<h4>Please <a target="_blank" href="'.$phpbb_root_path.'ucp.php?mode=login">login</a></h4>';
}
echo '<hr><a href="./index-test.php">refresh</a>';
?>
So, my guess is that it seems to be something within phpBB that in this specific case destroys the session.
So with that in mind I've also tested a clean install on a subdomain with the same 'index-test.php' file and PHP version (7.3.10), which works fine which seems to confirm that guess on the updated phpBB part.

I've thought about just replacing all the files of phpBB 3.2.8 by overwriting them, but could I break something doing that?
Has anyone else have to deal with this before? Or do you have a suggestion I could try?

User avatar
david63
Registered User
Posts: 16718
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: External use of phpBB session(s)

Post by david63 » Wed Oct 16, 2019 10:10 am

WackOo wrote:
Wed Oct 16, 2019 9:10 am
PHP 7.3.10 and phpBB 3.2.8 which works fine as far as the phpBB part goes
Are you sure about that?

phpBB 3.2.8 is not compatible with PHP 7.3
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

WackOo
Registered User
Posts: 8
Joined: Sat Jan 27, 2018 3:05 pm

Re: External use of phpBB session(s)

Post by WackOo » Wed Oct 16, 2019 8:26 pm

@david63 i am as sure as phpBB shows the information and works fine so far, cant attach my mobile screenshots as they are to large. I'll add them later.

User avatar
warmweer
Registered User
Posts: 3055
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: External use of phpBB session(s)

Post by warmweer » Wed Oct 16, 2019 8:55 pm

WackOo wrote:
Wed Oct 16, 2019 8:26 pm
@david63 i am as sure as phpBB shows the information and works fine so far, cant attach my mobile screenshots as they are to large. I'll add them later.
The keywords here are : so far.
Also support for php 7.3 is not envisaged for the 3.2 series so future minor updates will probably not be tested with php 7.3 and incompatibilities may remain undiscovered (in testing). Support questions will probably be answered with : downgrade the php version
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

User avatar
AmigoJack
Registered User
Posts: 5642
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: External use of phpBB session(s)

Post by AmigoJack » Thu Oct 17, 2019 9:08 am

WackOo wrote:
Wed Oct 16, 2019 9:10 am
link it to my custom made front-end website
Usual HTTP knowledge applies: phpBB saves session info in cookies, when available - this cookie must be accessible to both parts: if sub-domains differ, cookies must be stored top-wise.

Usual phpBB knowledge applies: for all links use append_sid() which ensures the session key is appeneded as parameter if not being available thru the cookie already (which is at least the case after the login, or otherwise with wrongly configured installations).

You can make sure you've followed the basics by
  • modifying one of the phpBB files to also use append_sid() on the link to your test and
  • your test page being in the same directory as all phpBB pages (i.e. memberlist.php, viewtopic.php...) and
  • also using append_sid() in your test page to link back to one of phpBB's pages (i.e. memberlist.php)
...which should carry thru sessions without problems.
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

WackOo
Registered User
Posts: 8
Joined: Sat Jan 27, 2018 3:05 pm

Re: External use of phpBB session(s)

Post by WackOo » Mon Oct 21, 2019 2:51 pm

warmweer wrote:
Wed Oct 16, 2019 8:55 pm
Support questions will probably be answered with : downgrade the php version
Downgrading isn't an issue, I've downgraded to PHP 7.2.23
AmigoJack wrote:
Thu Oct 17, 2019 9:08 am
Usual HTTP knowledge applies: phpBB saves session info in cookies, when available - this cookie must be accessible to both parts: if sub-domains differ, cookies must be stored top-wise.
This got me thinking and I compared the cookie settings with my updated phpBB and the old one and found out that the "Cookie path" was set to "/forums/", changed that to "/" and it works like I expect it to work.
I've never used append_sid on my own coded part, but I'll try to use that, just to be sure the session part stays as phpBB expects it to be.

Thanks for thinking with me and helping me out!

Post Reply

Return to “phpBB Custom Coding”