Almost got semi-manual integration of phpBB3 & 68classifieds

Discussion forum for MOD Writers regarding MOD Development.
Locked
User avatar
gussie
Registered User
Posts: 92
Joined: Wed Nov 27, 2002 1:26 am

Almost got semi-manual integration of phpBB3 & 68classifieds

Post by gussie »

I have noticed a number of integration discussions here, so I hope this is the correct place to post this. If it is not, please forgive me

I'm using phpBB 3.0.2 and 68classifieds 4.0.9. I want my phpBB users to be able to log into 68c with their phpBB login details (we have over 3,000 active forum users). To do this, I have created a seperate registration approval webpage that allows me to do several things at once:
  1. First, it loads a list of all the inactive registrations in my forum
  2. Then, it presents each inactive ID in a row with a checkbox and a texarea
  3. I can then tick which inactive IDs I want to activate, and add a personalized welcome note for each one. There is additional boilerplate text that is appended to each welcome note - the boilerplate includes reminders about our web community's rules and tips on happenings on the website and offline IRL
When I press SUBMIT at the bottom of this webpage, 3 things happen:
  1. the phpbb_user table is updated so that the user_type field of only those I've selected is changed to 0
  2. the custom email messages are sent to the respective new users
  3. a new user row is created in my 68classifieds user table and the username, password and email address (plus some basic info like user type) are inserted
I call this my "semi-manual" user integration approach, which is fine since ours is a pretty well defined community. We only get about 10~20 new users a day. And we had this working pretty well with phpBB 2.0.18 and phpclassifieds - credit for that goes to my buddy, Malc Higgins

Now all this works like a charm, EXCEPT for getting the password from phpBB_users to 68c's user table. By browsing both this forum and that at 68classifieds.com, I've learned about MD5 encryption and phpBB_hash: how 68c simply uses one-way direct md5, and how phpBB3 uses salted encryption (plus how to check the encrypted password using the handy phpBB_check_hash function)

Since I have chosen to make phpBB3 my primary user registration, I don't have to worry about adding passwords (and hashing them) to phpBB when a new user is created. All my script has to do is change that user_type field. But it is getting that password over to 68c that has foiled me

I can't unhash it and then insert is with md5 encryption into 68c - or can I unhash it somehow? Inserting it with md5 encrpytion doesn't seem to be the problem - since the md5 function is already in php5

I've added a field in my phpbb_user table to hold a new 68c_md5_password field, which is filled in at phpBB's function user-add(), where I encrypt it using md5($user_row['user_password']). The idea here was to have my Integration Script pull out the already md5-encrypted password so it would just have to inject it straight into 68c's database. It seemed to work when I checked the phpBB_user table after doing a test registration: after I went thru my registration process, the entry that wound up in my 68c user table looked nothing like the md5-looking password that was in the 68c_md5_password field back at phpbb_user

So I'm stumped. And I'm real close (I think? I hope!). What I think needs to be done is:

1. my integration script pulls out the chosen user's password from phpbb_user
2. it decrypts it (using phpbb_hash?!)
3. then it encrypts it again using md5
4. the md5-encrypted password is inserted into the users newly created user row in 68c's user table



There is an additional challenge to this script: what happens when a forum user changes their password or email address? Well, our old script (2.0.18+phpclassifieds) did not handle that. This time around, I figure I need to add a function that, well, simply reads the new password from the phpbb_user table, decrypts it, then encrypts it with md5 and inserts it anew into 68c's user table (sounds familiar? :))

So I'm hoping someone can point me in a direction that allows me to solve BOTH these issues at once

Btw, fwiw, I found these threads very helpful in getting me to this point:
http://www.phpbb.com/community/viewtopi ... &t=1230915
http://www.phpbb.com/community/viewtopi ... &t=1218105
http://www.phpbb.com/community/viewtopi ... &t=1210105
http://www.phpbb.com/community/viewtopi ... &t=1198945
http://www.phpbb.com/community/viewtopi ... 0#p3232048 (this classic)

http://area51.phpbb.com/docs/code/phpBB ... phpbb_hash

http://www.68classifieds.com/forums/pre ... cript.html
http://www.68classifieds.com/forums/v4- ... tions.html

Actually, there were more (here and at 68c's forum), but these helped me most recently in getting an understanding of the issues at hand
Res tantum valet quantum vendi potest
Do not hire Christian Bullock - he will not finish the job and he will not return your money.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52169
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Almost got semi-manual integration of phpBB3 & 68classifieds

Post by Brf »

No. You cannot unhash a password. You would have to insert your password into the other table before it gets hashed by phpBB.
User avatar
gussie
Registered User
Posts: 92
Joined: Wed Nov 27, 2002 1:26 am

Re: Almost got semi-manual integration of phpBB3 & 68classifieds

Post by gussie »

Brf wrote:No. You cannot unhash a password
Thanks

So then I want to store the a copy of the new_password in an unencrypted field in the phpbb_user table

I've looked at the ucp.php, ucp_register.html, and functions_user.php files to find where the registration inputs are inserted into the phpbb_user table, but I'm lost. I can see that the form on ucp_register.html passes form parameters to ucp.php?mode=register, but where in ucp.php does it go from there? All I can see in ucp.php is that mode=register takes you to the registration form! I'm going around in circles

I want to add a line so that I can add a field to the phpbb_user table. Earlier I modified the user_add() function in function_user.php (in red)
$sql_ary = array(
'username' => $user_row['username'],
'username_clean' => $username_clean,
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),
'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
'group_id' => $user_row['group_id'],
'user_type' => $user_row['user_type'],
'user_68classifieds_password'=> $user_row['user_password'],
);
...but this only seems to add a hashed password to user_68classifieds_password (and upon inspection, it is indeed the same hashed password in the user_password field)

1. From what file is user_add() being called?
2. Where is phpbb_hash() being invoked to hash the password?

Brf wrote:You would have to insert your password into the other table before it gets hashed by phpBB.
It is at that point that I will want to store the unhashed password so I can store it unencrypted in the phpbb_user table
Res tantum valet quantum vendi potest
Do not hire Christian Bullock - he will not finish the job and he will not return your money.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52169
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Almost got semi-manual integration of phpBB3 & 68classifieds

Post by Brf »

gussie wrote: So then I want to store the a copy of the new_password in an unencrypted field in the phpbb_user table
No. You dont "store" the unhashed password. You just hash and store in your other table at the same time as you store in phpBB's table.

The logical place to look for the user_add for registration is in includes/ucp/ucp_register.php (whoda thunk?).

This is the line that hashes the password:

Code: Select all

				'user_password'			=> phpbb_hash($data['new_password']),
at that point you could hash you own password from $data['new_password'] and store it in your other user table.
User avatar
gussie
Registered User
Posts: 92
Joined: Wed Nov 27, 2002 1:26 am

Re: Almost got semi-manual integration of phpBB3 & 68classifieds

Post by gussie »

Brf wrote:
gussie wrote: So then I want to store the a copy of the new_password in an unencrypted field in the phpbb_user table
No. You dont "store" the unhashed password. You just hash and store in your other table at the same time as you store in phpBB's table.

The logical place to look for the user_add for registration is in includes/ucp/ucp_register.php (whoda thunk?).

This is the line that hashes the password:

Code: Select all

				'user_password'			=> phpbb_hash($data['new_password']),
at that point you could hash you own password from $data['new_password'] and store it in your other user table.
Thanks for the neighborly reply - at least I found the template (sheesh) :roll:
Res tantum valet quantum vendi potest
Do not hire Christian Bullock - he will not finish the job and he will not return your money.
User avatar
gussie
Registered User
Posts: 92
Joined: Wed Nov 27, 2002 1:26 am

Re: Almost got semi-manual integration of phpBB3 & 68classifieds

Post by gussie »

btw, jfyi, we've decided to abandon this effort abnd dios-integrate the 2 sites :(
Res tantum valet quantum vendi potest
Do not hire Christian Bullock - he will not finish the job and he will not return your money.
Locked

Return to “[3.0.x] MOD Writers Discussion”