Page 1 of 1

External script to authenticate?

Posted: Mon Dec 10, 2007 1:43 am
by ironmagma
Hi, this isn't about writing a MOD per sé, but I was wondering if anybody knows of a (relatively) simple way to use an external PHP script to log in a user, given their username and password? It would be preferable to do this actually within the script, not just making a form which points to ucp.php?mode=login.

Thanks!

Re: External script to authenticate?

Posted: Mon Dec 10, 2007 2:45 pm
by ameeck
Something like this? Please do not take it as a finished code, but something you can work with :) It could be easily abused :)

Code: Select all

<?php
/**
*
* Login script for phpBB using username/password
* Used for website authentication
*
*/
define('IN_PHPBB', true);
$phpbb_root_path = dirname(__FILE__) . '/./';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include("common.php");
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

$username = request_var('username', '');
$password = request_var('password', '');

if(isset($username) && isset($password))
{
  $auth->login($username, $password, true);
}
?>

Re: External script to authenticate?

Posted: Mon Dec 10, 2007 8:21 pm
by ironmagma
Ah, excellent! Thanks :D

I just have two more questions, though... how would I tell if the user is logged in or not and what their username is, and how could I log them out if I needed to?

Thanks in advance :)

Re: External script to authenticate?

Posted: Mon Dec 10, 2007 8:41 pm
by A_Jelly_Doughnut
$user->data['username']
$user->data['is_registered']

$user->session_destroy();

I'm guessing the names of those three items are descriptive enough to tell you which questions they answer, if not, feel free to ask :D

Re: External script to authenticate?

Posted: Tue Dec 11, 2007 3:11 am
by ironmagma
Thanks! At first I tried it and was error'ed, but I figured it out; session_destroy should actually be session_kill.

Again, thanks!

Re: External script to authenticate?

Posted: Mon Dec 17, 2007 12:18 am
by NBOne
I have a problem With changing the PHPBB User Passwort with a SQL Query form another PHP Application.

At first the password is saved (its an with MD5 enrycted String), but after the Login with the New password the password is always changed to something like: DB$H$9g/Yl5ZZb5Sc2zn9bMR3Kmofsmvb0L in the DB.

Why is it done? What Type of encryption is this and why is the password change called while Login?


Thanks for your help,

NBOne

Re: External script to authenticate?

Posted: Mon Dec 17, 2007 3:03 am
by A_Jelly_Doughnut
The login script is set up that way to facilitate a password conversion (you have the password in plaintext during login).

Here is information on the phpBB password scheme: http://www.phpbb.com/community/viewtopi ... 1&t=585387 (It is essentially custom)

Re: External script to authenticate?

Posted: Mon Dec 17, 2007 5:40 pm
by thorst
Thanks, this topic helped me get the external login working...

I saw that the $user->session_destroy(); should be kill but i still cant get it to work. It is the first thing that runs, nothing is sent to the browser yet if that matters.

Basically if that line is commented the page displays fine, if it is uncommented the page doesnt render at all. here is the code

Code: Select all

<?php

$Page='';
if (isset($_GET['p']) == true) {
	$Page=$_GET['p'];
}



define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : 'forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('viewforum');


if ($Page=='logout'){
user->session_destroy();

}

.....rest of php

?>

Re: External script to authenticate?

Posted: Mon Aug 23, 2010 5:18 pm
by Shturmfogell
I am trying to make the script to parse a code from a locked forum using this code, but it can't read the locked forum, while if it's pointed to an open forum it's reading ok. What am I doing wrong? Tnx.

Code: Select all

<?php

define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('viewforum');


header('Content-type: text/html; charset=utf-8');
print ('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head></head><body style="font-family: Tahoma; font-size: 8pt; color: #727272"><table>');
$url = "/test-t3694.html";
$unique_start = "oper6>";
$unique_end = "<oper6z";
function weather($url, $unique_start, $unique_end) {
$code = file_get_contents($url);
preg_match('/'.preg_quote($unique_start,
'/').'(.*)'.preg_quote($unique_end, '/').'/Us', $code, $match);
$result = strip_tags($match[1], '<br>');
return $match[1];
}
echo weather($url, $unique_start, $unique_end);
print ('</table></body></html>');
?>

Re: External script to authenticate?

Posted: Thu Apr 28, 2011 10:00 am
by vagex
Can someone help me. I have this code in a php file. I then go to the php file in my browser. Then refresh the forum. Shouldn't I be logged in as testname2?

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = 'members/forum/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');


$password='test1234';
$username='testname2';

    // Start session management
   $user->session_begin();
$auth->acl($user->data);
$user->setup();
$username = request_var($username, '');
$password = request_var($password, '');

if(isset($username) && isset($password))
{
  $auth->login($username, $password, true);
}
    ?>