1.7.2 Authentication using phpBB username/password

phpBB integration forum

1.7.2 Authentication using phpBB username/password

Postby Munazz » Wed Jan 17, 2007 5:37 pm

This is quite a bit of work, and it is more than a "work around." I had previously written a work-around which was adopted by most and even by the developers. I found some snipets of my code in the latest 1.7.2 update.php code.

I want to simplify my website for our users so I originally wrote it so that users would not have to use multiple usernames and passwords to do thing on our site. And I wanted to make it easy for our users to upload their data (otherwise they might not update at all).

So- when Roster 1.7.2 was released, they re-did a lot of the code including adding a RosterLogin class. However, as I was reading through the code I saw that it wasn't uniformly adopted into the functionality of the different pages.

I've re-written my previous code and made it in the form of the RosterLogin class. I also had to make some tweaks to other files as I went along, to further add the options that I wanted.

Specifically- I modified the way that authentication works. I added an option to require username/password for character updates as well as for guild updates. That required changing the RosterLogin class itself so that instead of getAuthorized() there is now getAuthorizedUser() and getAuthorizedAdmin(). And the changes to the pages that use this was quick and easy.

The other things I did was modify the settings in the config table of the database to better specify what the variables we are using do. I changed the meaning of "authenticated_user" to be on/off whether you want to require a login for character updating. I added a setting of "update_enabled" to turn on/off all updating. (and made the necessary code changes in update.php) I also added a setting of what login script to use.

Then I modified settings.php to follow those settings we just created.

I also modified the login.php file to better use the getLoginForm function.

I added some lines to the language file, but only the english texts because I don't know any other languages well enough to make those translations.

Then finally I ported my old code into the new RosterLogin library format to make it compatiable.

<whew>

Alright, so I have included my phpBB_login.php file along with a listing of all the file changes I had to make to make this work. I hope that you find it usefull and I hope that the devs integrate this into their next version.
Attachments
phpbb_login.zip
The new login.php and phpbb_login.php files along with a text file of instructions on changes that need to be made to your code
(10.5 KiB) Downloaded 358 times
Last edited by Munazz on Mon Feb 19, 2007 1:40 am, edited 1 time in total.
Image
User avatar
Munazz
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 36
Joined: Mon Jul 31, 2006 7:50 am
Location: Fairfax, VA

Authentication using phpBB username/password

Postby Carasak » Thu Jan 18, 2007 9:27 am

worked perfect on 1st try!

edit:
well almost
i changed
Code: Select all
trim(strtolower($userdata['user_groups_of'][$j]['group_name']

to
Code: Select all
trim(strtolower($userdata['user_groups_of'][$j]['group_id']


to avoid conflicts with usergroups having "," in the name.
using the group IDs instead
Last edited by Carasak on Thu Jan 18, 2007 10:56 am, edited 1 time in total.
User avatar
Carasak
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 114
Joined: Tue Aug 15, 2006 2:33 am
Location: Spain

Re: Authentication using phpBB username/password

Postby Munazz » Thu Jan 18, 2007 4:46 pm

Found one bug with my program. It is in SigGen

They call "require_once(login.php)" which is all well and good unless we have included a different file- then it tries to redeclare the RosterLogin class.

So, need to comment out line 98 in addons/siggen/index.php


And yeah, I used group names because I think they are easier for the common user to find. But if you have commas and know the group ids that would probably be better.

Just make sure you change that on BOTH lines (the authentication loop is in there twice, once if they are looged in with a session and once if they just passed the username/password combo).
Last edited by Munazz on Fri Jan 19, 2007 12:24 pm, edited 1 time in total.
Image
User avatar
Munazz
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 36
Joined: Mon Jul 31, 2006 7:50 am
Location: Fairfax, VA

Authentication using phpBB username/password

Postby Niryk » Thu Feb 15, 2007 2:42 am

So, how do things integrate now that roster is 1.7.3? Same changes, or what? I'd like to be able to start getting people on my rosters uploading their profiles and having them associate with their phpBB accounts so that I can simplify some account/character integrations I have planned...
User avatar
Niryk
WR.net Apprentice
WR.net Apprentice
 
Posts: 33
Joined: Fri Nov 17, 2006 5:31 am

Authentication using phpBB username/password

Postby arcadin » Fri Feb 16, 2007 1:11 am

Brilliant! Exactly what I was looking for.

How does it cope with UniUploader though? If you pass username and password variables with your CharacterProfiler.Lua file will these be used? Sometimes I have members who aren't logged into the forums but have UniUploader set to auto upload on changes to their CharacterProfiler data file.

Arc.
Last edited by arcadin on Fri Feb 16, 2007 1:17 am, edited 1 time in total.
arcadin
WR.net Apprentice
WR.net Apprentice
 
Posts: 32
Joined: Thu Sep 14, 2006 3:20 pm

Re: Authentication using phpBB username/password

Postby arcadin » Fri Feb 16, 2007 4:39 am

:-( I must have stuffed up implementing the changes from your zip file or 1.7.3 breaks this, I'm getting a "Update.php access has been disabled" and no login prompts.

With the changes in update.php quite a few of these entries did not match on line numbers but I worked it out by cross referencing 1.7.2 to 1.7.3, but maybe I missed something or there are fresh changes needed.

It would be great if you could include the full modified files in your zip if you have a 1.7.3 port, rather than just the changes, then we could just drop the replacements in :thumright:

Arc.
arcadin
WR.net Apprentice
WR.net Apprentice
 
Posts: 32
Joined: Thu Sep 14, 2006 3:20 pm

Authentication using phpBB username/password

Postby Munazz » Mon Feb 19, 2007 1:39 am

Erm, yeah I haven't looked at 1.7.3 yet. :/

I was told the login system was going to be completely revamped, so I will have to look at it soon.
Image
User avatar
Munazz
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 36
Joined: Mon Jul 31, 2006 7:50 am
Location: Fairfax, VA

1.7.2 Authentication using phpBB username/password

Postby zanix » Mon Feb 19, 2007 5:15 am

The login system wasn't changed in 1.7.3
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5546
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Re: 1.7.2 Authentication using phpBB username/password

Postby Munazz » Mon Feb 19, 2007 3:56 pm

zanix wrote:The login system wasn't changed in 1.7.3


Ah right, that is going to be Roster Version 2

Well, I still need to look at the new code and see how to make the appropriate changes.

arcadin wrote:How does it cope with UniUploader though? If you pass username and password variables with your CharacterProfiler.Lua file will these be used? Sometimes I have members who aren't logged into the forums but have UniUploader set to auto upload on changes to their CharacterProfiler data file.


Yes, I use UniUploader on my site and it accepts the username and passsword fields and attempts to verify the user as a registered phpBB user.
Image
User avatar
Munazz
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 36
Joined: Mon Jul 31, 2006 7:50 am
Location: Fairfax, VA

1.7.2 Authentication using phpBB username/password

Postby drake2k » Mon Feb 19, 2007 11:52 pm

Without trying to sound like a complete idiot...How do we install this?
Does it go in the addons folder and work automatically, or we replace the phpbb files with the corresponding names, or what?


Your concept of keeping things simple for your users is absolutly fantastic. I've been trying to tell people that for years. If it's not easy for THEM, they just simply won't use it.
drake2k
WR.net Apprentice
WR.net Apprentice
 
Posts: 2
Joined: Mon Feb 19, 2007 10:36 pm

1.7.2 Authentication using phpBB username/password

Postby arcadin » Tue Feb 20, 2007 7:10 am

I have just applied your changes to a fresh copy of 1.7.3 on my dev mirror and I'm still getting a "Update.php access has been disabled" and no login prompts.

BTW in your text document within the archive for lib/login.php you mention changing line 48, 51 and 56 then to delete lines 45-62. I though it was a bit odd to change lines which you delete. I've just used your replacement file here.

In update.php where you suggest changing lines 463-470, the match I could find for a 1.7.3 source file (based off a 1.7.2 diff) was lines 497-504, then line 473 becomes 507 and line 509 becomes 543 etc.

I'm really keen to get this installed because I've disabled update access to our prod site due to some data being overwritten until I can get secure username/password uploading working.

A.
arcadin
WR.net Apprentice
WR.net Apprentice
 
Posts: 32
Joined: Thu Sep 14, 2006 3:20 pm

1.7.2 Authentication using phpBB username/password

Postby arcadin » Tue Feb 20, 2007 8:59 am

I backported to 1.7.2 and implemented the changes...but I think there is an assumption that wowroster and phpbb share the same database. My set up didn't like it one bit and the roster died a horrid death accessing the roster/admin.php page

Code: Select all
Roster DB Layer 
 Invalid query result passed
Backtrace (most recent call last):
File: /var/www/htmlxyzzy/roster/lib/commonfunctions.lib.php
line 248
function called: backtrace
File: /var/www/htmlxyzzy/roster/lib/wowdb.php
line 196
function called: die_quietly
args: Invalid query result passed, Roster DB Layer
File: /var/www/htmlxyzzy/roster/lib/menu.php
line 29
function called: num_rows
args:
File: /var/www/htmlxyzzy/roster/admin.php
line 30
function called: include_once
args: /var/www/htmlxyzzy/roster/lib/menu.php


I exported the roster_config changes from your mod to my phpbb database but wowroster still hated it and died with the same messages as above for the admin page. The other pages were OK.

I ended up restoring a backup of the roster database :-(

A.
arcadin
WR.net Apprentice
WR.net Apprentice
 
Posts: 32
Joined: Thu Sep 14, 2006 3:20 pm

Re: 1.7.2 Authentication using phpBB username/password

Postby Munazz » Tue Feb 20, 2007 7:57 pm

arcadin wrote:BTW in your text document within the archive for lib/login.php you mention changing line 48, 51 and 56 then to delete lines 45-62. I though it was a bit odd to change lines which you delete. I've just used your replacement file here.


Yeah, I had included that information in the text file because I listed all the changes I made. I then decided that I should just provide the new copy of the login.php file and I forgot I had documented those changes. Those changes to the login.php file can be ignored if you copy the login.php file from the archive into your folder.

arcadin wrote:I have just applied your changes to a fresh copy of 1.7.3 on my dev mirror and I'm still getting a "Update.php access has been disabled" and no login prompts.

In update.php where you suggest changing lines 463-470, the match I could find for a 1.7.3 source file (based off a 1.7.2 diff) was lines 497-504, then line 473 becomes 507 and line 509 becomes 543 etc.


I am working on modifying the 1.7.3 version now. I have found all the corresponding line numbers and I will provide a new archive under a different topic thread (so as to reduce confusion).
Image
User avatar
Munazz
Roster AddOn Dev
Roster AddOn Dev
 
Posts: 36
Joined: Mon Jul 31, 2006 7:50 am
Location: Fairfax, VA

Re: 1.7.2 Authentication using phpBB username/password

Postby arcadin » Wed Feb 21, 2007 5:38 am

Moot now, but FYI I reinstalled wowroster 1.7.2 into the same database as phpbb and it works BEAUTIFULLY with your changes :-)

A.
arcadin
WR.net Apprentice
WR.net Apprentice
 
Posts: 32
Joined: Thu Sep 14, 2006 3:20 pm


Return to phpBB

Who is online

Users browsing this forum: No registered users and 0 guests

cron