Use of existing member system [solved]

Hi guitarman,

my app is a selfmade script,
$_SESSION in main appplication:
Array
(
[userID] => 7437
[username] => xxxxxxxx
[userEmail] => webmaster@xxxxx.nl
[login] => 1
[voorwaarden] => 0
[PREMIUM] => 1
[premTotDatum] => 27-12-2011
)
Other needed values can be easily set in the main application.

The admin account in phorum has the same username as used in my main application.
the other 18.000 accounts has not been imported yet.

What i have now:

if (!defined("PHORUM")) return; // do not remove

// no need to continue if the external app path is not set.
if (empty($PHORUM["phorum_mod_external_authentication"]["app_path"])) return $session_data;

// no need to move to external application??
//$curcwd = getcwd();

// no need to move to external application??
// chdir($PHORUM["phorum_mod_external_authentication"]["app_path"]);

## NO LIBRARY USED IN MAIN APPLICATION, JUST A SESSION VAR TO CHECK IF USER IS LOGGED IN.
// include the necessary code from your external application
//include_once("./example_user_api.php");

// get the session for the external application
### That is totally up to the main application. I presume that there is
### a login mechanism in place for that application. If you login,
### then that application will most likely setup a cookie to remember
### the session (possibly indirectly by means of a PHP session).
### What you need to do, is access the session information of the application.
### Forget the examples. Just find out what the main application uses itself
### for retrieving the logged in user.
###
### MAIN APP USES: $_SESSION['login'], OTHER SESSION VARS CAN BE SET EASYLY IF NEEDED...
/*
$_SESSION in main appplication:
Array
(
[userID] => 7437
[username] => same_as_in_phorum5
[userEmail] => webmaster@xxxxx.nl
[login] => 1
[voorwaarden] => 0
[PREMIUM] => 1
[premTotDatum] => 27-12-2011
)
*/

$session = (!empty($_COOKIE["external_app_session"])) ? $_COOKIE["external_app_session"] : $_SESSION["external_app_session"];

// no session active here??

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)

reading some other examples in this phorum, which resulted in code beneath.
no result:(

Language: PHP
/*
$_SESSION of main application:
userid and password equal in mainapp and phorum
in mainapp no md5 is used, so when trying to transfer password to phorum, i did md5($_SESSION['password'])
checked md5 result in phorum table => ok
 
Array
(
    [login] => 1
    [userID] => 7437
    [username] => Terradon
    [userEmail] => webmaster@terradon.nl
    [password] => xxxxxxxxxx
    [voorwaarden] => 0
    [PREMIUM] => 1
    [premTotDatum] => 27-12-2011
)
*/

This is my code for now, but still not working:(
Status: far beyond desperade now....
obviously i still do not understand the concept of phorum5....

Language: PHP
// Make sure that this script is loaded inside the Phorum environment.  DO NOT 
// remove this line
if (!defined("PHORUM")) return;
 
// If you need to run php code located in the external application's server path 
// you can use the following code as an example
 
// no need to continue if the external app path is not set.
if (empty($PHORUM["phorum_mod_external_authentication"]["app_path"])) return $session_data;
 
// save the working directory and move to the external application's directory
### GET WORKING DIR so later on, we can return to the Phorum dir. That
### is needed because Phorum 5.2 includes all its files relative to the
### installation directory. If you change the working directory, then
### Phorum won't be able to find its files.
 
// no need to move to external application??
$curcwd = getcwd();
 
// no need to move to external application?? YES, to retrieve session vars??
chdir($PHORUM["phorum_mod_external_authentication"]["app_path"]);
 
// get the session for the external application
if(!$_SESSION)
    session_start(); // start session if not already started, prevents php warning?
 
//in main application, the userdata can be read from the session
 
$user_data = array();
$user_data['user_id'] = $_SESSION['userID'];
$user_data['user_name'] = $_SESSION['username'];
$user_data['password'] = md5($_SESSION['password']);// no md5 in main application
$user_data['email'] = $_SESSION['userEmail']; // do i really need this?
$user_data['admin'] = '0';
 
//hardcoded: terradon user admin is admin in phorum
if ($user_data['user_name'] == 'Terradon') 
	 $user_data['admin'] = 1;
 
// if there is no user data, then no need to continue
if (empty($user_data["user_id"]))
{
    // change back to the Phorum directory
    chdir($curcwd);
    // clear the previous session in case the user logged out of the external application and Phorum login is disabled
    if (!empty($PHORUM["phorum_mod_external_authentication"]["disable_phorum_login"]))
		{
        $session_data[PHORUM_SESSION_LONG_TERM] = FALSE;
        $session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;
    }
    return $session_data;
}
 
//switch back to our working directory
chdir($curcwd); // back in phorum directory
 
 
// get the api code for various user-related functions
include_once("./include/api/user.php");
 
// it is best to use the external application's username to authenticate to
// Phorum as that should be unique and avoids the hassle of dealing with 
// Phorum's serquential user_id assignment for new users
$username = $user_data['user_name'];
 
// use the external username to get a Phorum user_id
$user_id = phorum_api_user_search("username",$username);
// then get the Phorum user data from that user_id
$phorum_user_data = phorum_api_user_get($user_id);
 
// if the Phorum user does not exist then we need to create them
if (empty($phorum_user_data)) {
    $phorum_user_data = array(
        // The user_id must be NULL to create a new user
        "user_id" => NULL,
        "username" => $username,
        // by transferring the password, we are ensuring that the user will be
        // able to login if the admin enables Phorum login
        "password" => $user_data["password"],
        // Phorum requires an email.  If the external application does not, 
        // a fake email should be used.
        "email" => $user_data->email,
        // By default, create a non-admin user.  Admin status is handled later.
        "admin" => 0,
        "active" => PHORUM_USER_ACTIVE,
        );
 
    // if the admin wants to automatically transfer admin status
    if (!empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
        // and the user is an admin in the external application, then make the 
        // phorum user an admin.  Please note this is just and example.  Each 
        // application may have a different way to establish admin status
        if ($user_data["admin"]) {
            $phorum_user_data["admin"] = 1;
        }
    }
    // create the new user and get the user_id with which to create a session.
    // Please note, most applications will give you the md5 of the user's 
    // password.  The constant PHORUM_FLAG_RAW_PASSWORD tells Phorum that the 
    // password is already in md5.  If you need to create a user with a plain
    // text password, simply omit the second variable in this call
    $user_id = phorum_api_user_save($phorum_user_data, PHORUM_FLAG_RAW_PASSWORD);
 
// however, if the user exists but is not active, then we should not log them in    
} elseif (empty($phorum_user_data["active"])) {
    return $session_data;
// or, if the user exists, then run some check on the user's data
} else {
    // if the extenal application user's password has changed, update the phorum 
    // user's password
    if ($phorum_user_data["password"] != $user_data["password"]) {
        $phorum_user_data["password"] = $user_data["password"];
        // save the updated user data, again with a preset md5 password
        $user_id = phorum_api_user_save($phorum_user_data,PHORUM_FLAG_RAW_PASSWORD);
    }
 
    // if the admin wants to automatically transfer admin status and the 
    // external user has been upgraded to admin, upgrade the phorum user, again 
    // assuming the external application establishes admin status this way
    if ($user_data["admin"] && empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
        $phorum_user_data["admin"] = 1;
        // save the updates user data
        $user_id = phorum_api_user_save($phorum_user_data);
    // if the admin wants to automatically transfer admin status and the 
    // external user has been downgraded from admin, downgrade the phorum user
    } elseif (!$user_data["admin"] && !empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) {
        $phorum_user_data["admin"] = 0;
        // save the updates user data
        $user_id = phorum_api_user_save($phorum_user_data);
    }
}
 
//we have a legit user, so set there session info
$session_data[PHORUM_SESSION_LONG_TERM] = $user_id;
$session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)



Edited 1 time(s). Last edit at 10/21/2010 03:05PM by Terradon.

YEEEEEEEEEEEEEEEEEEEEEEEEEES

I can login in my site and then i can go to phorum and phorum recognizes me, wow!

i haven't disabled the login/register and logout system.
but.....i just cannot logout from phorum now?

and i do have the feeling i have used too much code, for just transferring some session vars tp phorum??
i do NOT want people can register at phorum, my own app should keep the phorum userslist up to date??
can i just do this during registering on my site? (filling the phorum tables the same time they register at my site?

thanks anyway for all the support i got here, perfect!

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)

You cannot logout, because technically you have not logged in ;-) What the module does, is inherit the authentication session from your main application. If you logout of your main application, then you logout of Phorum too. They are tightly coupled now.

You definitely used too much code. The things that are related to changing directories and such is not needed. If you post your final version of the code here, I will go over it and trim out all unneeded stuff for you.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Thanks in advance Maurice!
i really appreciated your ongoing comments in the last 4 days:)

if no user in phorum is found, then no new user should be created (it does in this code??)


here is my final code:

Language: PHP
// Make sure that this script is loaded inside the Phorum environment.  DO NOT 
// remove this line
if (!defined("PHORUM")) return;
 
// Initialize the session data as "not logged in".
$session_data[PHORUM_SESSION_LONG_TERM] = FALSE;
$session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;
 
// Start the PHP sessioni management when it's not already started.
if (!session_id()) session_start();
 
// In the main application, the user data is stored in the session.
// If no user is set, then we are done here.
if (empty($_SESSION['userID'])) return $session_data;
 
// Build a Phorum compatible user data array.
$active_user_data = array(
    'user_id' => $_SESSION['userID'],
    'username' => $_SESSION['username'],
    'password' => '*NOT SET*', // not needed for regular users
    'email' => $_SESSION['userEmail'], // needed for e-mail notifications
    'admin' => 0,
    'active' => PHORUM_USER_ACTIVE
);
 
// Hardcoded: user "Terradon" is admin in phorum
if ($active_user_data['username'] == 'Terradon') {
    $active_user_data['admin'] = 1;
    $active_user_data['password'] = md5($_SESSION['password']);
}
 
// Load the Phorum api code for various user-related functions.
include_once "./include/api/user.php";
 
// Check if a Phorum user exists for the active username.
$user_id = phorum_api_user_search("username", $active_user_data['username']);
 
// The user exists in Phorum. Load the existing data.
if ($user_id) {
    $phorum_user_data = phorum_api_user_get($user_id);
}
// The user does not exist. Create a new user.
else {   
    $user_id = phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD);
    $active_user_data['user_id'] = $user_id;
    $phorum_user_data = $active_user_data;
}    
 
// If the user is not active, then do not log them in.
if ($phorum_user_data['active'] !== PHORUM_USER_ACTIVE) {
    return $session_data;
}
 
// Since we have a simple admin setup (a fixed user), we take care of
// syncing the admin user by simply always saving data for this user.
if ($active_user_data['admin']) {
    phorum_api_user_save($active_user_data, PHORUM_FLAG_RAW_PASSWORD);
}
 
// We have a legit user, so set the session info.
$session_data[PHORUM_SESSION_LONG_TERM] = $user_id;
$session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)



Edited 4 time(s). Last edit at 10/22/2010 03:34AM by Terradon.

I updated the code in your message. Unneeded code was stripped and I added a few improvements. Of course it is untested, but this should be about the core of what is needed to get things going for you.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

many, many thanks for all the help i got here.

your code did not work, but i compare my original code with yours and strip piece by piece my own code, until it is simular with yours. That would not be a problem for me. I will post my final code here.

I have called my plugin: comm_external_auth_plugin (common external authentication plugin)
It only contains 2 files:
hook_user_session_restore.php
info.php

All websites which does not use a particular CMS/framework, work with just simple $_SESSION variables to check if an user is logged in. I think this (kind of) plugin can/should be added to the External Authentication Module.
(credits are for this forum, not for me. I just did what people like you told me to do)
I really think, a lot of webmasters will be very happy with this! I certainly am not the only one who got a headache with struggling to integrate this phorum in an existing system.

The only thing which should be added, is a logic method to create the Phorum compatible user data array. The alternative is to handcode this part in hook_user_session_restore.php, but i can imagine that there is a better way to do this?

Todo: synchronizing exiting user data with phorum data.

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)

About synchronizing exiting users: the way in which I handle this myself on my own website, is that I always create and update the Phorum user from my own user management code. When a user signs up, I insert a new user. When the user updates some setting that is also stored in Phorum, I update the user. When the user leaves, I delete the user. All this through the use of Phorum User API functions, so everything is kept nice and clean in the Phorum database.

Did you get an error when using my code or did it silently fail to log you in? The code was not tested by me, only live updated in the message, so there might be typos in there that cause the issue.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

hi maurice,
i did not get an error. it just fails silently failed to login.
when i use my own code, it works and i cant logout from phorum (as you explained.)
when i replace my code with yours, and (still logged in with my own code) i hit Home, i still am logged in and can use the logout button to logout from phorum.

<hr />
usually manuals are written by experts,
so.....that's the reason why i do not understand the manuals)

Check out the attached single file module. There were a few minor issues in the example code from above. I have tested this one locally, using some fake session data, and it worked for me.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce