Custom integration in a members area

So, I'm using Phorum inside a members area of a site. The actual Phorum install was done about a year ago by someone else and they're asking me to go in and make it single-sign-on. I don't need to check for active forum users, or even use passwords, as this forum is behind an authentication system; If the user is inactive - they'd never see the forum to begin with.

I found some examples throughout these forums, but I feel like something isn't being set right. Doing a print_r($sessions) gives me a blank 3-item array, like so :

Language: PHP
Array
(
    [phorum_session_v5] => 
    [phorum_session_st] => 
    [phorum_admin_session] => 
)

Here's the code I'm using (DB details removed, of course) :

Language: PHP
<?php
 
/* phorum module info
title: External Authentication
desc: External Authorization
version: 1.0
release_date: May 1st, 2010
hook: user_session_restore|ext
*/
 
function query($string)	{
	$result = mysql_query($string) or die(mysql_error());
	return($result);
	}
 
function fetch($result)	{
	$array = mysql_fetch_array($result, MYSQL_ASSOC);
	return $array;
	}
 
if (! defined("PHORUM")) return;
 
if (!session_id()) session_start();
 
function ext($sessions) {
	$phorum_user_id = empty($_SESSION[';phorum_user_id';]) ? FALSE : $_SESSION[';phorum_user_id';];
 
	// testing variables here for debug purposes
	print_r($sessions);
	print_r($_SESSION);
	$user_id = $_SESSION[';user_id';];
	$user = phorum_api_user_get($user_id);
	$memberName = $_SERVER[';PHP_AUTH_USER';];
	print("\n user? : ".$user);
	print("\n member? : ".$memberName);
 
	// lookup user details in members DB
	mysql_connect("DB SERVER", "DB USER", "DB PASS");
	mysql_select_db("MEMBERS DB");
	$query_dcUser = "SELECT * FROM members WHERE username=';$membername';";
	$dcUser = query($query_dcUser);
	$row_dcUser = mysql_fetch_assoc($dcUser);
	$user_name = $row_dcUser[';username';];
	$user_email = $row_dcUser[';email';];
	if($user_email == "admin@**********.com") {
		$admin = 1;
	} else {
		$admin = 0;
	}
 
	// lookup forum user
	mysql_connect("localhost", "PHORUM DB USER", "PHORUM DB PASS");
	mysql_select_db("phorum");
	$query_dcPhorum = "SELECT * FROM phorum_users WHERE username=';$user_name';";
	$dcPhorum = query($query_dcPhorum);
	$row_dcPhorum = mysql_fetch_assoc($dcPhorum);
	print_r("rows? : ".print_r($row_dcPhorum));
	$user = array(
	     "user_id"   => $row_dcPhorum[';user_id';],
	     "username"  => $user_name,
	     "email"     => $user_email,
	     "admin"     => $admin,
	     "active"    => 1
	 );
 
	phorum_api_user_save($user);
 
	$phorum_user_id = $row_dcPhorum[';user_id';];
	$sessions[PHORUM_SESSION_SHORT_TERM] = $phorum_user_id;
	$sessions[PHORUM_SESSION_LONG_TERM] = $phorum_user_id;
	$sessions[PHORUM_SESSION_ADMIN] = $admin;
 
	return $sessions;
}
 
?>

I don't know much about Phorum, but would "phorum_api_user_save($user)" create a new user if no user_id is returned? Right now, just enabling the script causes it to die just before "return $sessions", but I'm not sure what error is being thrown (even with "error_reporting(E_ALL)" turned on).

Any ideas?

You first need to make sure that your member users are synched with the phorum user table (ie you need a phorum record for every user)

If you use cookies, you can store the phorum_session_v5 in trheir cookie.

For some other threads on this topic see:
[www.phorum.org]

The api "phorum_api_user_session_restore" is your friend for single login.

Quote
DavidVB
You first need to make sure that your member users are synched with the phorum user table (ie you need a phorum record for every user)

Quick question - the userNAMES are in synch, but user IDs are (probably) not. Is that going to be a major issue?

Yes
$user_id = $_SESSION['user_id'];
$user = phorum_api_user_get($user_id);
will break
It's easier if they are the same, but you probably don't have that option now. User names will need to be unique.
$memberName is not the same as $membername so $query_dcUser = "SELECT * FROM members WHERE username='$membername'"; won't work.



Edited 1 time(s). Last edit at 05/03/2010 08:10PM by DavidVB.

Yeah, my dumbass forgot to capitalize the "N" in $memberName for a bit there ;)

After that, it was a matter of making some changes to actually set a session for a logged-in user instead of making 2 DB calls on every page load, and... voila! Code's a little messy, but it gets the job done.

Thank you so much for all your help. If anyone else needs a nudge in the right direction, here's my final code (I commented out my print statements that I was using for debugging) :

Language: PHP
<?php
 
/* phorum module info
title: External Authentication
desc: External Authorization
version: 1.0
author: Mitcz
release_date: May 1st, 2010
hook: user_session_restore|ext
*/
 
function query($string)	{
	$result = mysql_query($string) or die(mysql_error());
	return($result);
	}
 
function fetch($result)	{
	$array = mysql_fetch_array($result, MYSQL_ASSOC);
	return $array;
	}
 
if (! defined("PHORUM")) return;
 
if (!session_id()) session_start();
 
function ext($sessions) {
	$phorum_user_id = empty($_SESSION[';phorum_user_id';]) ? FALSE : $_SESSION[';phorum_user_id';];
	$user = phorum_api_user_get($phorum_user_id);
	$memberName = $_SERVER[';PHP_AUTH_USER';];
 
	/*
	print_r($sessions);
	print_r("\n session : ".print_r($_SESSION));
	print("\n user? : ".print_r($user));
	print("\n member? : ".$memberName);
	*/
 
	if(empty($user)) {
		date_default_timezone_set(';America/Los_Angeles';);
		mysql_connect(';USER DB SERVER';, ';USER DB LOGIN';, ';USER DB PASS';);
		mysql_select_db("USER DB");
		$query_dcUser = "SELECT * FROM members WHERE username=';$memberName';";
		$dcUser = query($query_dcUser);
		while($row = fetch($dcUser)) {
			$user_name = $row[';username';];
			$user_email = $row[';email';];
			if($user_email == "admin@***********.com") {
				$admin = 1;
			} else {
				$admin = 0;
			}
		}
		mysql_connect("PHORUM DB SERVER", "PHORUM DB USER", "PHORUM DB PASS");
		mysql_select_db("phorum");
		$query_dcPhorum = "SELECT user_id FROM phorum_users WHERE username=';$user_name';";
		$dcPhorum = query($query_dcPhorum);
		if(mysql_num_rows($dcPhorum) < 1) {
			$newUserQuery = query("INSERT INTO phorum_users SET username=';$user_name';,email=';$user_email';,admin=$admin,active=1");
			$new_user_id = mysql_insert_id();
		} else {
			while($row = fetch($dcPhorum)) {
				$new_user_id = $row[';user_id';];
			}
		}
 
		$user = array(
		     "user_id"   => $new_user_id,
		     "username"  => $user_name,
		     "email"     => $user_email,
		     "admin"     => $admin,
		     "active"    => 1
		 );
 
		phorum_api_user_save($user);
		$_SESSION[';phorum_user_id';] = $new_user_id;
 
	} else {
		$new_user_id = $phorum_user_id;
		$_SESSION[';phorum_user_id';] = $new_user_id;
	}
 
	$phorum_user_id = $new_user_id;
 
	$sessions[PHORUM_SESSION_SHORT_TERM] = $phorum_user_id;
	$sessions[PHORUM_SESSION_LONG_TERM] = $phorum_user_id;
	$sessions[PHORUM_SESSION_ADMIN] = $admin;
 
	return $sessions;
}
 
?>

Go through with this code ..........
add this after your code ...@ registration.php (consider your page) & get mysql_insert_id() ,
assign it for $uid , and remaining things ur post values like $_POST['username']; ,etc

---------------
Surely it will works

$curcwd = getcwd();
$dir = $curcwd . "/phorum";
chdir( $dir );

define("PHORUM", 1);
global $PHORUM;

//Phorum Includes

include_once("./include/db/config.php");
include_once("./include/db/mysql.php");
include_once("./include/api/base.php");
include_once("./include/api/user.php");



$user = array(
"user_id" => $uid,
"username" => $username,
"password" => md5($_POST['uname']),
"email" => $_POST['email'],
"admin" => '',
"active" => '1'
);

phorum_api_user_save($user, PHORUM_FLAG_RAW_PASSWORD);

chdir($curcwd);