In theory all those changes can be undone. Practically you surely mean
user_add()
and based on how many functions you use off phpBB you can write your own file as slimmed substitution for files like /common.php and /includes/startup.php. Either way you have to go thru the code and just see what's changed to later change it back.You could write your own PHP file which is then called simply thru something like
Code: Select all
$output= file_get_contents( 'http://www.example.com/myfile.php?mode=add&user=name&pass=123' );
Glad we sorted that.
Wouldn't this have a very high probability of breaking with an update of phpBB?
That would be a big drawback of this solution and rule it out. (Of course it should not be hard writing a .htaccess file only allowing requests from localhost for this file - but I think everyone agrees this is a very hacky solution.)
Of course I meant because exec() and similar functions are not available at all, they are also not available for this particular task
There is already an extension that will do that
Both of those are core features of phpBB
Probably. We have a website with two applications, our own code and phpBB. Registrations in phpBB are disabled, users may only register through the main website, which then adds the users to the phpBB database. Until now, we did this by executing SQL statements on the phpBB tables directly. That has lead so some database corruption as we were doing this naively without considering side effects. (Updating the last registered username and so on...)
Code: Select all
define('FORUM_ADD', true);
define('IN_PHPBB', true);
define('IN_PORTAL', true);
define('PHPBB_ROOT_PATH', './scripte/forum/');
define('USERS_TABLE', "phpbb_users");
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . '/includes/functions_user.' . $phpEx);
No - the script just has to authorize access, which can be as simple as "is a specific parameter given and does its value equal to a given pass phrase". There you have your API and both input and output can be done completely to your will - you just have to call it thru HTTP.
Code: Select all
$request->enable_super_globals();
set_error_handler(NULL);