Automatic login to phpBB from my site's login script

[inceebee]

I have an existing site with it's own security system. What I want to do is: Whenever a user logs into our site with the current security tools, they will also automatically be logged into phpBB. I've been pointed to this page (http://www.phpbb.com/kb/article/phpbb2- ... tegration/) several times while reading the forums here. The first problem is that I'm using phpBB3 and the second is that this talks about sending the user to a login screen. I don't want to send them to a second login screen, I just want to log them in based on the fact that they passed our site's own authentication. I've found lots of examples that come close, but nothing that answers my specific situation. I can't imagine I'm the only one who wants to do this.

Any ideas?
Thanks,
Nate

[Noxwizard]

You can use a form like this:

Code: Select all

Please log in:<br />
<form method="POST" action="./ucp.php?mode=login">
<p>Username: <input type="text" name="username" size="40"><br />
Password: <input type="password" name="password" size="40"><br />
Remember Me?: <input type="checkbox" name="autologin"><br />
<input type="submit" value="Submit" name="login"></p>
</form>

It will directly log them in.

[inceebee]

But the problem is, I need to log into both my current site security system and the phpbb site at the same time. One form to do both. This would appear to just log a user into the phpBB site. Am I missing something?

[Noxwizard]

Here's a simple script which should do what you want:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if($user->data['is_registered'])
{
    //User is already logged in
}
else
{
    $username = request_var('username', '', true);
    $password = request_var('password', '', true);

    $result = $auth->login($username, $password);

    if ($result['status'] == LOGIN_SUCCESS)
    {
        //User was successfully logged into phpBB
    }
    else
    {
        //User's login failed
    }
}
?>

[inceebee]

Wow! Thanks for the great and quick replies. So I can execute this code inside my normal login script, correct? I'll give it a try.

Thanks again!

[Noxwizard]

Yes, it should. You'll need to probably tweak variable names and paths so that it matches what you already have.

[tcardoso]

That give me this error:

Fatal error: Cannot redeclare class user in /home/myhome/public_html/forum/includes/session.php on line 1939

Edit: Never mind, I just remember I have already a class user in my site and its all over the place. So now what sould I change 1 millions occurrences or 2 millions

Any idea??

[Noxwizard]

If you've got conflicting class names, you're going to have to change one of them. Whichever's easiest for you to change would be the best option.

[tcardoso]

Its giving me "//User's login failed"

in what file its this method verification the password. Its verification probably on phpbb_users and I don't want to use that table to authentication, but my own.

[Noxwizard]

If you're using DB authentification (default), then it will call includes/auth/auth_db.php which uses the phpbb_check_hash() function to check the password (includes/functions.php).

[tcardoso]

Yes, but how can I do to use my own table of username/password, or should I insert users on phpbb3 users when someone register on my site

[Noxwizard]

It would probably be best to have one table with their data, and a common password system. You could probably modify the auth_db.php to pull the data from your own table, and do your own check in there.

[zalhain]

So, I've managed to hack this thing into my current site needs. Next thing I am wondering on is if you can get the login to direct you back to the main page(using the first html form posted btw.).

[Noxwizard]

Try adding this into the <form>.

Code: Select all

<input type="hidden" name="redirect" value="../index.html">

Where ../index.html is the path to the file you want to redirect to.

[zalhain]

Code: Select all

[phpBB Debug] PHP Notice: in file /includes/session.php on line 885: Cannot modify header information - headers already sent by (output started at /home/k2/public_html/main/newindex.php:19)

Seems to come up when people are not authenticated, but then disappears once a user authenticates.

Relevent code from newindex.php:

Code: Select all

	</div>
	<div id="leftcontent" class="leftcontent">
		<?php include('./../main/inc/inc_left.php') ?>	
	        <div id="minignews" class="minignews">
        ... 
        </div>

code from inc_left.php:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = './../forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
 
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if (!$user->data['is_registered'])
{
?>
		<div id="loginbox" class="loginbox">
<form method="POST" action="./../forums/ucp.php?mode=login" >
<p>Username: <input type="text" name="username" size="20"><br />
Password: <input type="password" name="password" size="20"><br />
Remember Me?: <input type="checkbox" name="autologin"><br />
<input type="submit" value="Submit" name="login"></p>
<input type="hidden" name="redirect" value="./../main/newindex.php">
</form>
<?php
}
else
{
?>
<div id="userbox" class="userbox">
<?php
echo 'Hello &nbsp;', $user->data['username'],' &nbsp; You are logged in!';
}
?>
</div>