This section contains detailed articles elaborating on some of the common issues phpBB users encounter while using the product. Articles submitted by members of the community are checked for accuracy by the relevant phpBB Team. If you do not find the answer to your question here, we recommend looking through the Support Section as well as using the Site Wide Search.

phpBB3 Cross-site Sessions Integration

Description: A small tutorial on integrating phpBB3 sessions into a website (eg; shared logins information).

In Categories:

Link to this article: Select All
[url=https://www.phpbb.com/support/docs/en/3.0/kb/article/phpbb3-cross-site-sessions-integration/]Knowledge Base - phpBB3 Cross-site Sessions Integration[/url]

Introduction
    This tutorial will guide you through some basic steps at integrating shared logins and userdata into your own site's login and potentially userdata array.

    A few things to note with the site that I did it for, I changed some settings in PHP itself.

    Home site is hosted www.* and such, where as forums were forum.* on the same domain, so I made sure to configure phpBB3 and PHP itself (in the php.ini file) to share the same cookie names (and made sure they were on the .domain.tld aspect so the cookies would be accessable on the main FQDN and any subdomains)

    So basically the prefix for both sites/domains were the same (where as phpBB appends the _u, _k, _sid itself based on php.ini's session name directive.

    The site and forum are also hosted on the same box and maintained/owned by the same user account (eg; /home/user/site & /home/user/forums

    Note: this will not log users into your site if they login to phpBB3, for the site I did this for, I used my own login system, phpBB3's login and logout system redirect to the main website's login/logout controls, so you would need to do something similar to have full site-wide effect, else modify phpBB3 to do it vice-versa.

Implementation
    Now the simplest way I did this was via an already-good structure of code, having a centralized config.php file that every script on the site called, so its easiest if you do it similar, have a central script of some sort, and make a new php file (such as maybe phpbb.php), and include_once() or require_once() it into that central script if you use one.

    Now within this phpbb.php script (or whatever you may have named it), you want to have the following code;

    Code: Select all

    define('IN_PHPBB', true);
    define('ROOT_PATH', "/path/to/forums");

    if (!defined('IN_PHPBB') || !defined('ROOT_PATH')) {
        exit();
    }

    $phpEx = "php";
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : ROOT_PATH . '/';
    include($phpbb_root_path . 'common.' . $phpEx);

    $user->session_begin();
    $auth->acl($user->data);


    Now with that code there and included, wherever you may have your logins/logouts done you would use the following code (remember if you do your logins through a function or object to include it through global/globals so the $auth variable / class is available in said functions/objects.

    The following command would login a user through the phpBB system along with your system if done at the same time;

    Code: Select all

    $auth->login($username, $password, $remember, 1, 0)


    $username would be the exact username that would be found in the phpBB user table.

    $password would be the string to match by (pre-hash, this should be just the original text, the $auth->login() function takes care of converting it into a comparable hash)

    $remember is a boolean value, false if no remember me choice, true if user is going to have a 'remembered' session

    On the logout end of things, you'd wanna use two controls, similar to (well exactly how phpBB3 does it as of the original 3.0.0 format I looked at);

    Code: Select all

    $user->session_kill();
    $user->session_begin();


    These making use of the $user object will kill the session and reset it, thus clearing the session on both sides if done effectively.

Notes
    Take note this obviously will still need work on your end to fit exactly into your code.

    Also note the variables passed into $auth->login() I can't recall if they get 'Sanitized' within phpBB itself, but I myself I sanitized the strings with my own code before hand just to basically be on the safe side, so you might wanna do the same really.

    Given more time I may try to update this with a download for a all-in-one script package that has a login system and such for those of you who want a basis to create your own login/session integrations for a site from scratch.