Integration of phpBB API into existing page

[dbj]

Hi,

we would like to use the phpBB API for an existing page instead of modifying the tables directly (which, after some years of operation, has lead to some database corruption...)

But: Including the necessary phpBB files to be able to call functions like add_user breaks the existing page because phpBB makes severe changes to the runtime environment (superglobals, error reporting etc.)

So we are currently stuck with two options:

1.) Always call the phpBB functions last, i.e. at the end of the script of the existing page. But this is very unflexible and makes error-handling impossible.

2.) Rebuild the functions like add_user and user_update_name to work without including all the "phpBB stuff". But this seems like a very complex tasks because those functions depend on other functions which then would also be required to be rebuilt/copied...

Is there any other way? Is it somehow possible to "encapsulate" the call to the phpBB API? (No, using exec() or other system calls to another script which handles this is not an option because using exec() is not an option.)

[AmigoJack]

Including the necessary phpBB files to be able to call functions like add_user breaks the existing page because phpBB makes severe changes to the runtime environment (superglobals, error reporting etc.)

In theory all those changes can be undone. Practically you surely mean user_add() and based on how many functions you use off phpBB you can write your own file as slimmed substitution for files like /common.php and /includes/startup.php. Either way you have to go thru the code and just see what's changed to later change it back.

Is there any other way?

You could write your own PHP file which is then called simply thru something like

Code: Select all

$output= file_get_contents( 'http://www.example.com/myfile.php?mode=add&user=name&pass=123' );

which comes along with questions about securing access to that file.

using exec() ... is not an option because using exec() is not an option

Glad we sorted that.

[dbj]

you can write your own file as slimmed substitution for files like /common.php and /includes/startup.php.

Wouldn't this have a very high probability of breaking with an update of phpBB?
So I would have to scan through these files after every update to see if I need to make changes to my files.
Same argument of course goes for imitating what user_add() is doing - if an update changes how these functions are working, I must change my "copy" of it.

which comes along with questions about securing access to that file.

That would be a big drawback of this solution and rule it out. (Of course it should not be hard writing a .htaccess file only allowing requests from localhost for this file - but I think everyone agrees this is a very hacky solution.)

using exec() ... is not an option because using exec() is not an option

Glad we sorted that.

Of course I meant because exec() and similar functions are not available at all, they are also not available for this particular task

So the question is, what is the best way to interact with phpBB from another application

• That does not break with an update unless the API itself changes (e.g. phpbb_hash() removed in upcoming version)
• That does not impose further security considerations (e.g. restricting access to particular files)
• That does not break an existing application (by modifying the runtime environment)

I guess such a way does not exist?

[david63]

I think that the point is that phpBB does not, at the moment, have an "API" in the true sense otherwise you would be able call any function you wanted without any need to modify code.

Depending on what it is that you are trying to do it might be a possibility to create your requirements as an extension where you will have access to all of phpBB's functionality without the problem of having to deal with update.

[dbj]

We need to do three things:

• Add users to phpBB
• Change user details like nickname, password, e-mail
• Remove/delete users

Generally speaking, we need "full access" to the phpBB user database.

How would an extension handle this?
I would need to somehow include this extension in my other application, right?
But then again this extension would likely load all the phpBB stuff?
I'm not familiar with developing extensions for phpBB, so I might be off here.

[Mick]

I’ve moved this to the custom coding forum where you are quite at liberty to discuss your coding requirements. In the meantime I suggest you make an extension request, it costs nothing and someone may take up the challenge.

[david63]

Add users to phpBB

There is already an extension that will do that

Change user details like nickname, password, e-mail
Remove/delete users

Both of those are core features of phpBB

... or am I misunderstanding you?

[dbj]

... or am I misunderstanding you?

Probably. We have a website with two applications, our own code and phpBB. Registrations in phpBB are disabled, users may only register through the main website, which then adds the users to the phpBB database. Until now, we did this by executing SQL statements on the phpBB tables directly. That has lead so some database corruption as we were doing this naively without considering side effects. (Updating the last registered username and so on...)

So we looked at the following: https://wiki.phpbb.com/Add_users

But in order for this to work, we need to load phpBB-specific includes/code in our own non-phpBB software:

Code: Select all

        define('FORUM_ADD', true);
        define('IN_PHPBB', true);
        define('IN_PORTAL', true);
        define('PHPBB_ROOT_PATH', './scripte/forum/');
        define('USERS_TABLE', "phpbb_users");
        $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
        $phpEx = substr(strrchr(__FILE__, '.'), 1);
        include($phpbb_root_path . 'common.' . $phpEx);
        include($phpbb_root_path . '/includes/functions_user.' . $phpEx);

But this breaks our application, for example because superglobals are disabled. Thus the questions asked in this post come to mind.

[AmigoJack]

I think everyone agrees this is a very hacky solution

No - the script just has to authorize access, which can be as simple as "is a specific parameter given and does its value equal to a given pass phrase". There you have your API and both input and output can be done completely to your will - you just have to call it thru HTTP.

[dbj]

This could probably indeed be realized as an extension implementing some kind of REST API.

I've seen there is already some kind of activity... http://area51.phpbb.com/phpBB/viewtopic ... 08&t=42731

But it looks like this will never go live, so waiting for it will most likely not be fruitful.

[Mick]

waiting for it will most likely not be fruitful.

In the meantime I suggest you make an extension request, it costs nothing and someone may take up the challenge

[dbj]

Thanks for your support. For now we found that these two lines are sufficient to make our page working again after interacting with phpBB.

Code: Select all

$request->enable_super_globals();
set_error_handler(NULL);