PHPArcadeScript integration

hello I am trying to centralize my login for phorum and phparcadescript. I have been trying for a few nights now to implment the user_session_restore posts that I found in this forum but I just don't get it quite yet. I want to learn how to do this and I am sure that I will with the other plans that I have for inegrating other portions of phorum on my site but right now I am stumped.

This is the login function from my site untouched:

Language: PHP
function login_user($base_url,$username,$password,$frompage,$cookieme){
 
 
    $sql = "SELECT userid,friendrequests,friends,userstatus from users where username = ';$username'; AND password = ';$password'; AND userstatus != ';2'; AND userstatus!=';0';";
    $result = mysql_query($sql);
    $num = mysql_numrows($result);
 
    if ($num != "0") {
    		while($row = mysql_fetch_array($result))
        {
        $userid = $row[';userid';];
        $friendrequests = $row[';friendrequests';];
        $friends = $row[';friends';];
        $userstatus=$row[';userstatus';];
 
    	  }
 
        if($userstatus==3){ 
               $_SESSION[';status';] = "<B>ACCOUNT NOT CONFIRMED</B>";
               header(';Location: ';.$base_url.';index.php?action=register';); 
               exit(); } 
 
    		$_SESSION[';loggedin';] = 1;
    		$_SESSION[';loggedinuser';] = $username;
 
        $_SESSION[';loggedinuserid';] = $userid;
        $_SESSION[';friends';] = $friends;
 
        $fr=0;
        $friendrequests = explode("|",$friendrequests);
            foreach($friendrequests as $friendrequest){
              if($friendrequest>0){
              $fr++;
              }
            }
 
        $_SESSION[';friendrequests';] = $fr;
 
 
 
        // If User wants to keep their info in a cooke then set the cookies
        if ($cookieme == 1){
        // 7776000 = 90 days
        setcookie("un", "$username", time()+7776000);
        setcookie("unp", "$password", time()+7776000);
        }
        // End Cookie Setting
 
        $now = time();
        $result = mysql_query( "update users
                            set laston = ';$now';
                            where userid = ';$userid';");
 
        phorum_user_session_restore();
        header(';Location: ';.$frompage.';';);
        exit;
        }
 
    else { 
       $_SESSION[';status';] = "<B>Invalid Login</B><br/><br/>If you forgot your password, <a href=\"".$base_url."index.php?action=passwordrecovery\">click here to reset it</a>!";
       header(';Location: ';.$base_url.';index.php?action=register';); 
       exit(); } 
 
 
}

If I could get walked through the process in laymens terms I would appriciate it. It seems like I should be able to do this but I just don't know what I am doing wrong.

Have a look at the Phorum API.

Specifically look at the UserAPI section and the function phorum_api_session_create() and phorum_user_set_active_user().

Brian - Cowboy Ninja Coder - Personal Blog - Twitter

If you want to push the authentication from your login function to Phorum, then do as Brian says and use those functions. Using the session restore function won't help you, because that is the part that is called by Phorum, to see if a user is logged in or not. It is the wrong half of the stick therefore.

Note that you also will need to create the user in the Phorum users table. You need to have the user in there to make the authentication work. I don't see code for that in your login function. You would have to call phorum_api_user_save() to make that work. You can create the users using the same user id as the one that you use in your own user database.

The user_session_restore hook implements user authentication the other way around. Instead of pushing your auth towards Phorum, that hook allows to pull the authentication from your main system. If you'd implement a module to handle the authentication, you would look at $_SESSION['loggedinuser'] from the hook code and map that to the Phorum user_id that should be authenticated. Or if you create the Phorum users using the same user id, you can also look at $_SESSION['loggedinuserid'] directly. The user_id for the authenticated user can be returned by the hook to jumpstart the user authentication.

If you want some more reading on the philosophy of user_session_restore, then you might want to check out this thread.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

OK I got the registration putting the account in both databases and that part works now.

I can't get the login to work properly though. Here is the code I am working with... It is just the login function obviously.

Language: PHP
if ($action == "login" && $member_login==1){
 
$username = clean_string($_POST[';loginuser';]);
$password = md5(clean_string($_POST[';loginpassword';]));
$cookieme = clean_string($_POST[';saveme';]);
$frompage = $_SERVER[';HTTP_REFERER';];
 
 
			//PHORUM INTEGRATION ******************************
 
$curcwd = getcwd();
chdir(';../forum';);
define(';phorum_page';,';create_user';);
include_once("./common.php");
 
$PHORUM[';use_cookies';] = PHORUM_NO_COOKIES;
phorum_api_user_set_active_user (PHORUM_FORUM_SESSION, $username , 0) ;
phorum_api_user_session_create (PHORUM_FORUM_SESSION, 0); 
 
 
chdir($curcwd);
 
			// END PHORUM INTEGRATION ******************************
 
login_user($base_url,$username,$password,$frompage,$cookieme);
 
}

From what I have read in the documentation I think I am doing this right. I will comb the forums some and see if I can find the solution on my own as well but if I am making a sophmoric mistake please let me know.


I am still trying to grasp how to use user_session_restore as well. It doesn't matter to me which way I go honestly pushing in the login or pulling it in I can understand feeding info in but having phorum go and grab something would be good I will have to read up on it some as well. I am a serious novice at this stuff so if/when I ask stupid questions I am usually asking them and then looking at the forum instead of the other way around and I know I should be stoned for that.



Edited 1 time(s). Last edit at 10/29/2008 10:06PM by jacksmack.

Quote
jacksmack
$PHORUM['use_cookies'] = PHORUM_NO_COOKIES;
phorum_api_user_set_active_user (PHORUM_FORUM_SESSION, $username , 0) ;
phorum_api_user_session_create (PHORUM_FORUM_SESSION, 0);

Disabling cookies? But how do you suspect Phorum to keep your session active then? Phorum needs either a cookie or a session id that is encapsulated in the URL (URI authentication). By disabling the cookies, Phorum will be using the URI authentication scheme, but since your own website doesn't work with that, the session will get lost here. So do not disable the cookies.

Furthermore, the phorum_api_user_set_active_user() call does not take a username as its argument. From the API doc:

 * @param mixed $user
 *     The user_id or the full user data array for the user that has to be
 *     the active user or NULL if the active user has to be set to the
 *     anonymous user (the default).

So in your case, it's probably best to pass the user_id instead.

If setting the cookies is problematic for your system (headers already sent or so?), then either add an ob_start() to the start of your code or look some more at the user_session_restore solution. That one does not require cookies or session management at all, since it grabs the authenticated user from the main system at every request.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

ok so as I said I don't really know much and this is all learning for me :) I'm sure you will scratch your head and laugh at my mistakes but I am trying and as long as I make progress on some aspect of the work I am happy.


I should do another call the the phorum data table and get the User ID and then pass that to the login script to get the session to recognise then.

My current site's UserID is unique, I can copy the userID information over and not worry right? Nothing is going to overwrite anything because it goes up incrementally so If I passed 5000 userID's in there the next new user id would be out of that range right? this wouldn't be a problem if I just duplicated the current info I have into phorum so peeps didn't have to sign up for a new account to use the forum.

I didn't have time to work on this tonight I was busy fixing a game and working on other aspects of the site a bit more. I will be hitting this tomorrow though for sure.

Quote
jacksmack
ok so as I said I don't really know much and this is all learning for me :) I'm sure you will scratch your head and laugh at my mistakes but I am trying and as long as I make progress on some aspect of the work I am happy.

Not laughing at you at all. We never said that integration was an easy subject. We salute you for the effort instead! ;-)

Quote
jacksmack
I should do another call the the phorum data table and get the User ID and then pass that to the login script to get the session to recognise then.

My current site's UserID is unique, I can copy the userID information over and not worry right? Nothing is going to overwrite anything because it goes up incrementally so If I passed 5000 userID's in there the next new user id would be out of that range right? this wouldn't be a problem if I just duplicated the current info I have into phorum so peeps didn't have to sign up for a new account to use the forum.

I'm not sure how you are looking at this. The best way is to have only one user registration. In your case, your site's user registration. The easiest and safest thing to do, is to take the userID from your site's user database and use that one to create / update the user in the Phorum table. Phorum's phorum_api_user_save() function does not mind if you hand over a user id for a new user. It will happily create the new user with the provided user id. That way, it's quite easy to keep the systems in sync, because the user ids between the two have a perfect mapping.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce