Firefox PHP

Use of existing member system [solved]

Posted by Terradon 
Re: Use of existing member system
October 21, 2010 05:50PM
Hi guitarman,

my app is a selfmade script,
$_SESSION in main appplication:
Array
(
[userID] => 7437
[username] => xxxxxxxx
[userEmail] => webmaster@xxxxx.nl
[login] => 1
[voorwaarden] => 0
[PREMIUM] => 1
[premTotDatum] => 27-12-2011
)
Other needed values can be easily set in the main application.

The admin account in phorum has the same username as used in my main application.
the other 18.000 accounts has not been imported yet.

What i have now:

if (!defined("PHORUM")) return; // do not remove

// no need to continue if the external app path is not set.
if (empty($PHORUM["phorum_mod_external_authentication"]["app_path"])) return $session_data;

// no need to move to external application??
//$curcwd = getcwd();

// no need to move to external application??
// chdir($PHORUM["phorum_mod_external_authentication"]["app_path"]);

## NO LIBRARY USED IN MAIN APPLICATION, JUST A SESSION VAR TO CHECK IF USER IS LOGGED IN.
// include the necessary code from your external application
//include_once("./example_user_api.php");

// get the session for the external application
### That is totally up to the main application. I presume that there is
### a login mechanism in place for that application. If you login,
### then that application will most likely setup a cookie to remember
### the session (possibly indirectly by means of a PHP session).
### What you need to do, is access the session information of the application.
### Forget the examples. Just find out what the main application uses itself
### for retrieving the logged in user.
###
### MAIN APP USES: $_SESSION['login'], OTHER SESSION VARS CAN BE SET EASYLY IF NEEDED...
/*
$_SESSION in main appplication:
Array
(
[userID] => 7437
[username] => same_as_in_phorum5
[userEmail] => webmaster@xxxxx.nl
[login] => 1
[voorwaarden] => 0
[PREMIUM] => 1
[premTotDatum] => 27-12-2011
)
*/

$session = (!empty($_COOKIE["external_app_session"])) ? $_COOKIE["external_app_session"] : $_SESSION["external_app_session"];

// no session active here??

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)
Re: Use of existing member system
October 21, 2010 10:04PM
reading some other examples in this phorum, which resulted in code beneath.
no result:(
Language: PHP
/* $_SESSION of main application: userid and password equal in mainapp and phorum in mainapp no md5 is used, so when trying to transfer password to phorum, i did md5($_SESSION['password']) checked md5 result in phorum table => ok   Array ( [login] => 1 [userID] => 7437 [username] => Terradon [userEmail] => webmaster@terradon.nl [password] => xxxxxxxxxx [voorwaarden] => 0 [PREMIUM] => 1 [premTotDatum] => 27-12-2011 ) */

This is my code for now, but still not working:(
Status: far beyond desperade now....
obviously i still do not understand the concept of phorum5....


Language: PHP
  1. // Make sure that this script is loaded inside the Phorum environment. DO NOT
  2. // remove this line
  3. if (!defined("PHORUM")) return;
  4.  
  5. // If you need to run php code located in the external application's server path
  6. // you can use the following code as an example
  7.  
  8. // no need to continue if the external app path is not set.
  9. if (empty($PHORUM["phorum_mod_external_authentication"]["app_path"])) return $session_data;
  10.  
  11. // save the working directory and move to the external application's directory
  12. ### GET WORKING DIR so later on, we can return to the Phorum dir. That
  13. ### is needed because Phorum 5.2 includes all its files relative to the
  14. ### installation directory. If you change the working directory, then
  15. ### Phorum won't be able to find its files.
  16.  
  17. // no need to move to external application??
  18. $curcwd = getcwd();
  19.  
  20. // no need to move to external application?? YES, to retrieve session vars??
  21. chdir($PHORUM["phorum_mod_external_authentication"]["app_path"]);
  22.  
  23. // get the session for the external application
  24. if(!$_SESSION)
  25. session_start(); // start session if not already started, prevents php warning?
  26.  
  27. //in main application, the userdata can be read from the session
  28.  
  29. $user_data = array();
  30. $user_data['user_id'] = $_SESSION['userID'];
  31. $user_data['user_name'] = $_SESSION['username'];
  32. $user_data['password'] = md5($_SESSION['password']);// no md5 in main application
  33. $user_data['email'] = $_SESSION['userEmail']; // do i really need this?
  34. $user_data['admin'] = '0';
  35.  
  36. //hardcoded: terradon user admin is admin in phorum
  37. if ($user_data['user_name'] == 'Terradon')
  38. $user_data['admin'] = 1;
  39.  
  40. // if there is no user data, then no need to continue
  41. if (empty($user_data["user_id"]))
  42. {
  43. // change back to the Phorum directory
  44. chdir($curcwd);
  45. // clear the previous session in case the user logged out of the external application and Phorum login is disabled
  46. if (!empty($PHORUM["phorum_mod_external_authentication"]["disable_phorum_login"]))
  47. {
  48. $session_data[PHORUM_SESSION_LONG_TERM] = FALSE;
  49. $session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;
  50. }
  51. return $session_data;
  52. }
  53.  
  54. //switch back to our working directory
  55. chdir($curcwd); // back in phorum directory
  56.  
  57.  
  58. // get the api code for various user-related functions
  59. include_once("./include/api/user.php");
  60.  
  61. // it is best to use the external application's username to authenticate to
  62. // Phorum as that should be unique and avoids the hassle of dealing with
  63. // Phorum's serquential user_id assignment for new users
  64. $username = $user_data['user_name'];
  65.  
  66. // use the external username to get a Phorum user_id
  67. $user_id = phorum_api_user_search("username",$username);
  68. // then get the Phorum user data from that user_id
  69. $phorum_user_data = phorum_api_user_get($user_id);
  70.  
  71. // if the Phorum user does not exist then we need to create them
  72. if (empty($phorum_user_data)) {
  73. $phorum_user_data = array(
  74. // The user_id must be NULL to create a new user
  75. "user_id" => NULL,
  76. "username" => $username,
  77. // by transferring the password, we are ensuring that the user will be
  78. // able to login if the admin enables Phorum login
  79. "password" => $user_data["password"],
  80. // Phorum requires an email. If the external application does not,
  81. // a fake email should be used.
  82. "email" => $user_data->email,
  83. // By default, create a non-admin user. Admin status is handled later.
  84. "admin" => 0,
  85. "active" => PHORUM_USER_ACTIVE,
  86. );
  87.  
  88. // if the admin wants to automatically transfer admin status
  89. if (!empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
  90. // and the user is an admin in the external application, then make the
  91. // phorum user an admin. Please note this is just and example. Each
  92. // application may have a different way to establish admin status
  93. if ($user_data["admin"]) {
  94. $phorum_user_data["admin"] = 1;
  95. }
  96. }
  97. // create the new user and get the user_id with which to create a session.
  98. // Please note, most applications will give you the md5 of the user's
  99. // password. The constant PHORUM_FLAG_RAW_PASSWORD tells Phorum that the
  100. // password is already in md5. If you need to create a user with a plain
  101. // text password, simply omit the second variable in this call
  102. $user_id = phorum_api_user_save($phorum_user_data, PHORUM_FLAG_RAW_PASSWORD);
  103.  
  104. // however, if the user exists but is not active, then we should not log them in
  105. } elseif (empty($phorum_user_data["active"])) {
  106. return $session_data;
  107. // or, if the user exists, then run some check on the user's data
  108. } else {
  109. // if the extenal application user's password has changed, update the phorum
  110. // user's password
  111. if ($phorum_user_data["password"] != $user_data["password"]) {
  112. $phorum_user_data["password"] = $user_data["password"];
  113. // save the updated user data, again with a preset md5 password
  114. $user_id = phorum_api_user_save($phorum_user_data,PHORUM_FLAG_RAW_PASSWORD);
  115. }
  116.  
  117. // if the admin wants to automatically transfer admin status and the
  118. // external user has been upgraded to admin, upgrade the phorum user, again
  119. // assuming the external application establishes admin status this way
  120. if ($user_data["admin"] && empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
  121. $phorum_user_data["admin"] = 1;
  122. // save the updates user data
  123. $user_id = phorum_api_user_save($phorum_user_data);
  124. // if the admin wants to automatically transfer admin status and the
  125. // external user has been downgraded from admin, downgrade the phorum user
  126. } elseif (!$user_data["admin"] && !empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
  127. $phorum_user_data["admin"] = 0;
  128. // save the updates user data
  129. $user_id = phorum_api_user_save($phorum_user_data);
  130. }
  131. }
  132.  
  133. //we have a legit user, so set there session info
  134. $session_data[PHORUM_SESSION_LONG_TERM] = $user_id;
  135. $session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)



Edited 1 time(s). Last edit at 10/21/2010 10:05PM by Terradon.
Re: Use of existing member system
October 21, 2010 11:01PM
YEEEEEEEEEEEEEEEEEEEEEEEEEES

I can login in my site and then i can go to phorum and phorum recognizes me, wow!

i haven't disabled the login/register and logout system.
but.....i just cannot logout from phorum now?

and i do have the feeling i have used too much code, for just transferring some session vars tp phorum??
i do NOT want people can register at phorum, my own app should keep the phorum userslist up to date??
can i just do this during registering on my site? (filling the phorum tables the same time they register at my site?

thanks anyway for all the support i got here, perfect!

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)
Re: Use of existing member system
October 21, 2010 11:21PM
You cannot logout, because technically you have not logged in ;-) What the module does, is inherit the authentication session from your main application. If you logout of your main application, then you logout of Phorum too. They are tightly coupled now.

You definitely used too much code. The things that are related to changing directories and such is not needed. If you post your final version of the code here, I will go over it and trim out all unneeded stuff for you.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Use of existing member system
October 21, 2010 11:25PM
Thanks in advance Maurice!
i really appreciated your ongoing comments in the last 4 days:)

if no user in phorum is found, then no new user should be created (it does in this code??)


here is my final code:

Language: PHP
// Make sure that this script is loaded inside the Phorum environment. DO NOT // remove this line if (!defined("PHORUM")) return;   // Initialize the session data as "not logged in". $session_data[PHORUM_SESSION_LONG_TERM] = FALSE; $session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;   // Start the PHP sessioni management when it's not already started. if (!session_id()) session_start();   // In the main application, the user data is stored in the session. // If no user is set, then we are done here. if (empty($_SESSION['userID'])) return $session_data;   // Build a Phorum compatible user data array. $active_user_data = array( 'user_id' => $_SESSION['userID'], 'username' => $_SESSION['username'], 'password' => '*NOT SET*', // not needed for regular users 'email' => $_SESSION['userEmail'], // needed for e-mail notifications 'admin' => 0, 'active' => PHORUM_USER_ACTIVE );   // Hardcoded: user "Terradon" is admin in phorum if ($active_user_data['username'] == 'Terradon') { $active_user_data['admin'] = 1; $active_user_data['password'] = md5($_SESSION['password']); }   // Load the Phorum api code for various user-related functions. include_once "./include/api/user.php";   // Check if a Phorum user exists for the active username. $user_id = phorum_api_user_search("username", $active_user_data['username']);   // The user exists in Phorum. Load the existing data. if ($user_id) { $phorum_user_data = phorum_api_user_get($user_id); } // The user does not exist. Create a new user. else { $user_id = phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD); $active_user_data['user_id'] = $user_id; $phorum_user_data = $active_user_data; }   // If the user is not active, then do not log them in. if ($phorum_user_data['active'] !== PHORUM_USER_ACTIVE) { return $session_data; }   // Since we have a simple admin setup (a fixed user), we take care of // syncing the admin user by simply always saving data for this user. if ($active_user_data['admin']) { phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD); }   // We have a legit user, so set the session info. $session_data[PHORUM_SESSION_LONG_TERM] = $user_id; $session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)



Edited 4 time(s). Last edit at 10/22/2010 10:34AM by Terradon.
Re: Use of existing member system
October 22, 2010 12:23AM
I updated the code in your message. Unneeded code was stripped and I added a few improvements. Of course it is untested, but this should be about the core of what is needed to get things going for you.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Use of existing member system
October 22, 2010 12:33PM
many, many thanks for all the help i got here.

your code did not work, but i compare my original code with yours and strip piece by piece my own code, until it is simular with yours. That would not be a problem for me. I will post my final code here.

I have called my plugin: comm_external_auth_plugin (common external authentication plugin)
It only contains 2 files:
hook_user_session_restore.php
info.php

All websites which does not use a particular CMS/framework, work with just simple $_SESSION variables to check if an user is logged in. I think this (kind of) plugin can/should be added to the External Authentication Module.
(credits are for this forum, not for me. I just did what people like you told me to do)
I really think, a lot of webmasters will be very happy with this! I certainly am not the only one who got a headache with struggling to integrate this phorum in an existing system.

The only thing which should be added, is a logic method to create the Phorum compatible user data array. The alternative is to handcode this part in hook_user_session_restore.php, but i can imagine that there is a better way to do this?

Todo: synchronizing exiting user data with phorum data.

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)
Re: Use of existing member system
October 22, 2010 01:07PM
About synchronizing exiting users: the way in which I handle this myself on my own website, is that I always create and update the Phorum user from my own user management code. When a user signs up, I insert a new user. When the user updates some setting that is also stored in Phorum, I update the user. When the user leaves, I delete the user. All this through the use of Phorum User API functions, so everything is kept nice and clean in the Phorum database.

Did you get an error when using my code or did it silently fail to log you in? The code was not tested by me, only live updated in the message, so there might be typos in there that cause the issue.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Use of existing member system
October 22, 2010 06:06PM
hi maurice,
i did not get an error. it just fails silently failed to login.
when i use my own code, it works and i cant logout from phorum (as you explained.)
when i replace my code with yours, and (still logged in with my own code) i hit Home, i still am logged in and can use the logout button to logout from phorum.

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)
Re: Use of existing member system
October 22, 2010 06:20PM
Check out the attached single file module. There were a few minor issues in the example code from above. I have tested this one locally, using some fake session data, and it worked for me.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Attachments:
open | download - mod_inherit_authentication_from_session.php (2.9 KB)
Sorry, only registered users may post in this forum.

Click here to login