Login Integration 3.2.X

Post by **bonelifer** » Mon Dec 10, 2018 12:10 am

I've moved it to custom coding as that seems to me to be more appropriate. You state in your first post that people can visit a link to test it live, but there is no content on that link other than a blank directory listing. The link is fine as long as the URL it points to allows the user to test a live version as you state:

If you want a live version of this to test and such

Index of /
Name Last modified Size Description

ZyrusOfficial · Post by **ZyrusOfficial** » Mon Dec 10, 2018 1:30 am

bonelifer wrote: ↑Mon Dec 10, 2018 12:10 am I've moved it to custom coding as that seems to me to be more appropriate. You state in your first post that people can visit a link to test it live, but there is no content on that link other than a blank directory listing. The link is fine as long as the URL it points to allows the user to test a live version as you state:
If you want a live version of this to test and such

Index of /
Name Last modified Size Description

Sorry, I was doing maintenance. It is working now.

sanekplus · Post by **sanekplus** » Sun May 02, 2021 7:07 pm

I did some login integration for a simple standalone PHP app. The goal is to use phpBB engine for user identification in the app. Also it is possible to get database credentials from phpBB and get all groups of user (not only primary group). It seems to work fine with phpBB 3.3.X. In my testing environment phpBB engine is available at https://myforum.com/ and the app is located at https://myapp.myforum.com/, automatic redirection to phpBB login page and back works fine.

demo.php - the simplest demonstration app

Code: Select all

<?php
include('./phpbb.php');

$fields = ['username_clean', 'db','group_ids'];
// Add session_id to enable non-registered users
// $fields []= 'session_id';
// Set 1 to automatically redirect non-registered users to phpbb login page and back
$redirect = 0;
$user = get_phpbb_user($fields);
if (!$user) {
    // Not authorized
    $url = get_phpbb_login_url();
    if ($redirect) {
        header("Location: $url");
        exit;
    }
    print <<<EOT
<html>
    <head>
    </head>
    <body>
        <h2 align=center>Some Information</h2>
        <hr>
        <h2 align=center><a href="$url">Login or signup please</a></h2>
    </body>
</html>
EOT;
    exit;
}

printf("User: %s %s %d<br>\n", $user['username_clean'],$user['username'],$user['user_id']);
printf("Groups: %s<br>\n", join(",", $user['group_ids']));
printf("Session: %s<br>\n", $user['session_id']);
printf("DB: %s<br>\n", print_r($user['db'], TRUE));
if (@$user['username_clean'] != 'anonymous')
    printf("<a href=\"%s\">Logout</a><br>\n", get_phpbb_logout_url());
?>

phpbb.php - connector to phpBB engine, set correct path to engine in $phpbb_root_path

Code: Select all

<?php
// Based on https://www.phpbb.com/support/docs/en/3.3/kb/article/phpbb3-sessions-integration
$phpbb_root_path = '/home/webmaster/forum/';

function get_phpbb_user($fields = []) {
    global $phpbb_user_info, $phpbb_root_path;
    if (!isset($phpbb_user_info)) {
        // Remember already created globals
        $old_names = get_current_global_names();
        // These vars will be used for getting info
        global $user, $auth, $config, $request, $db;
        // Globalisation of these vars enable phpbb to work in local scope
        global $phpbb_container, $phpbb_dispatcher, $table_prefix;

        // Get session info using phpBB
        define('IN_PHPBB', true);
        $phpEx = 'php';
        $common = $phpbb_root_path . 'common.' . $phpEx;
        if (!file_exists($common))
            return FALSE;
        include_once($common);
        $user->session_begin();
        $auth->acl($user->data);
        $user->setup();
        // Enable superglobals like $_SERVER for non-phpBB usage
        $request->enable_super_globals();
        $phpbb_url = get_phpbb_root_url($config);

        $allow_anon = in_array('session_id', $fields);
        $phpbb_user_info = array();
        $base_fields = array('user_id', 'group_id', 'username', 'session_id', 'is_registered');
        foreach ($base_fields as $f)
            if (!in_array($f, $fields))
                $fields []= $f;
        // Set original root phpBB URL as phpbb_url user field
        $phpbb_user_info['phpbb_url'] = $phpbb_url;
        if (in_array('db', $fields)) {
            $phpbb_user_info['db'] = get_phpbb_db_acc_imp($phpbb_root_path . 'config.' . $phpEx);
            $fields = array_diff($fields, array('db'));
        }
        if (is_array($user->data)) {
            // Default user fields
            foreach ($fields as $field) {
                $phpbb_user_info[$field] = @$user->data[$field];
            }
        }
        if (in_array('group_ids', $fields)) {
            $phpbb_user_info['group_ids'] = get_all_group_ids($db, intval($phpbb_user_info['user_id']));
            $fields = array_diff($fields, array('group_ids'));
        }

        // Get and unset newly created globals
        // Typical newly created globals:
        // SID, _ENV, _EXTRA_URL, _REQUEST, _SERVER, _SID, __composer_autoload_files,
        // auth, cache, config, db, language, msg_long_text, msg_title, phpEx, phpbb_container,
        // phpbb_dispatcher, phpbb_extension_manager, phpbb_filesystem, phpbb_hook, phpbb_log,
        // phpbb_path_helper, phpbb_root_path, request, symfony_request, table_prefix, template, user
        $new_names = get_current_global_names(array_merge($old_names));
        foreach ($new_names as $new_name)
            unset($GLOBALS[$new_name]);
        // phpBB handler use global objects like $phpbb_container and $phpbb_log
        restore_error_handler();
    }
    // Allow registered users or explicit anonymous user request
    return (@$phpbb_user_info['is_registered'] || @$allow_anon) ? $phpbb_user_info : FALSE;
}

// Administrator or supermoderator
function is_forum_admin($group_id) {
    return in_array($group_id, ["4", "5"]);
}
function get_all_group_ids($db, $user_id) {
    $result = [];
    $r = $db->sql_query("SELECT group_id FROM phpbb_user_group WHERE user_id = $user_id");
    while ($a = mysqli_fetch_array($r)) {
        $result []= intval($a["group_id"]);
    }
    return $result;
}

function get_phpbb_db_acc_imp($config_file) {
    // Dirty hack to get DB account
    include($config_file);
    $acc['host'] = $dbhost;
    $acc['port'] = $dbport;
    $acc['name'] = $dbname;
    $acc['user'] = $dbuser;
    $acc['passwd'] = $dbpasswd;
    return $acc;
}

function get_phpbb_db_acc() {
    global $phpbb_root_path;
    $config_file = $phpbb_root_path . 'config.php';
    if (file_exists($config_file))
        return get_phpbb_db_acc_imp($config_file);
    return NULL;
}

function get_current_url() {
    return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
}

function get_phpbb_root_url($config) {
    $phpbb_url = $config['server_protocol'].$config['server_name'];
    if (($config['server_protocol'] == 'https://' && $config['server_port'] != 443) ||
        ($config['server_protocol'] == 'http://' && $config['server_port'] != 80))
        $phpbb_url .= ':'.$config['server_port'];
    $phpbb_url .= $config['script_path'];
    if (substr($phpbb_url, -1, 1) == '/')
        $phpbb_url = substr($phpbb_url, 0, -1);
    return $phpbb_url;
}

function get_phpbb_login_url() {
    global $phpbb_user_info;
    if (!@$phpbb_user_info)
        return NULL;
    return sprintf("%s/ucp.php?mode=login&redirect=%s", $phpbb_user_info['phpbb_url'], urlencode(get_current_url()));
}

function get_phpbb_logout_url() {
    global $phpbb_user_info;
    if (!@$phpbb_user_info)
        return NULL;
    return sprintf("%s/ucp.php?mode=logout&sid=%s", $phpbb_user_info['phpbb_url'], $phpbb_user_info['session_id']);
}

function get_current_global_names($exclude = NULL) {
    $globals = array_keys($GLOBALS);
    if (isset($exclude)) {
        $globals = array_diff($globals, $exclude);
    }
    sort($globals);
    return $globals;
}
?>

phpBB core patch to enable subdomain redirect

Code: Select all

--- includes/functions.php	2020-06-25 06:54:52.171427629 +0300
+++ includes/functions.php	2020-06-25 23:45:50.777356214 +0300
@@ -1737,8 +1737,8 @@
 	}
 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
 	{
-		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
-		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
+		// Attention: only able to redirect within the same domain or domain -> subdomain if $disable_cd_check is false
+		if (!$disable_cd_check && !($url_parts['host'] === $user->host || (substr($url_parts['host'], -strlen($user->host) - 1) === '.'.$user->host)))
 		{
 			trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
 		}
@@ -1778,11 +1778,6 @@
 	// Clean URL and check if we go outside the forum directory
 	$url = $phpbb_path_helper->clean_url($url);
 
-	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
-	{
-		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
-	}
-
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
 	{