Thanks for your answers. I think my Problem is another. My forum and my roster have their own subdomains. Can this make trouble for the sessionmanagement?

daddelkopp

edit: Now both use the same subdomain everything works fine A small suggestion. Is it possible automatic jump back to guildroster site after login?


edit2: I found it

Insert in every file (at the top) you want to be login protected:

Code: Select all

define('IN_PHPBB', true);
$phpbb_root_path = './../';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);

if (!$userdata['session_logged_in'] )
{
  redirect(append_sid("login.$phpEx?redirect=./roster/guildinfo.$phpEx", true));
}
   
//
// End page access based on logged in
//


Just edit the redirect stuff for every file. The example is for guildinfo.php. Roster was installed in /phpBB2/roster

There's another way to protect the roster?

i would like to use this solution too, but before i try, would it work if roster and phpbb are on the same host (localhost) but do not share the same mysl database?
the mysql is also on the same host, but database name and pw would be different. any way to make it work?

It *should* work since the feature that makes this all possible is the session management of the webserver.

Great stuff daddelkopp, nice approach.

Just on an afterthought I looked into the problem again. The thought of changing every function call of 'message_die' in all roster files did not sit well with me. So I did the following:

Copied phpbb's common.php to common2.php
Copied phpbbs includes/functions.php to includes/functions2.php
In common2.php changed the include of the includes/functions.php to includes/functions2.php
In common2.php changed all occurences of 'message_die' to 'message_die2'
In includes/functions2.php changed all occurences of 'message_die' to 'message_die2'

Just remember that you will have to do this every time you update phpbb to keep security risks in these two files covered

All of this I did because of my being too lazy to edit multiple roster files. I actually carried the laziness even further. I decided that the redirect, once the user is logged in, need not be to the requested page. I can live fine with a redirect to index.php.
It hit me that on every roster page I checked there is a require_once for settings.php. So I just inserted the by now well know code (posted above by daddelkopp) into one file alone, roster's settings.php.

Hope this helps,

Mashrokk

Nice way to create a common2.php to fix the message_die problem. I did a replace over all Files in Roster

I hope your suggestion with the settings.php works, too. That would make life much easier :rgreen: Please tell us your experiances.

Thanks for your ideas
daddelkopp

Putting it in settings.php should work. Settings.php initializes the roster DB and configuration variables. All roster files either have the roster_installed check, or include settings.php. The only 2 exceptions are install.php and upgrade.php.

All roster files either have the roster_installed check, or include settings.php. The only 2 exceptions are install.php and upgrade.php.

Sadly this is true for update.php, too.... So be advised that if you put the code into settings.php UniUploader will be redirected, too. Well, in my roster there now is a settings2.php without the code that is included in update.php... I should really, really, realllllly document this in case there is any update

Since I never said it before: Big thx to all people actively developing (or having developed) roster or any addons! I love this peace of code and most in my guild do so too...

I don't have a real clear view of how phpbb works (and I'm not interested in getting one) but I assume it's possible to look up which 2 post vars you have to put the user/pass in to have UU upload correctly.

I already had this problem once... almost the same when the roster phpbb-auth module was still included as an upload-protection. It turned out the phpbb password var and the roster office password used the same varname... if I remember correctly.
So whichever move you make, one more problem seems to appear over the horizon. This is why I can live with 2 versions of three files and an 'unprotected' update.php

Mashrokk

DaarianneDarkmoon wrote:i would like to use this solution too, but before i try, would it work if roster and phpbb are on the same host (localhost) but do not share the same mysl database?
the mysql is also on the same host, but database name and pw would be different. any way to make it work?

I have mine on separate MySQL databases and it works fine. It's still on localhost (same server) but just different databases.


I am having a problem where if a user who is registered but is not a part of a group yet (guildies or officers) tries to view the roster, it tells them "Sorry, this page is reserved" but all the graphics aren't loading. When I look at the source html it's trying to pull from href="templates/<my template>/images/<image>

Only problem with that is that the roster is not in the same directory with phpBB so the directory structure is not going to work.

Is there a way to fix this other then creating that directory tree in my roster directory and copying the images over?