Another integration question

I also would like to use my standard login on my homepage as the main source for logging in but still have the ability to use phorum but without logging in, just a straight homepage to phorum approach. I understand it's all about passing the right session variable to phorum.

This is part of my login code where I set my sessions and this is where the phorum session probably should be created to,

session_start();
$_SESSION['user_id']= $id;
$_SESSION['user_name'] = $user_name;
//phorum sessions here?

but what are the correct phorum sessions to set? Any help/guidance would be greatly appreciated..

Phorum uses a different approach. It lets Phorum check the session of the main application, so Phorum and main app always use the same session.

Check out the external authentication module and search the forums for user_session_restore for more info.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

If it uses a different approach then what is

$session_data[PHORUM_SESSION_LONG_TERM] = $user_id;
$session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;

for? Why wouldn't I be able to use that in my login form to pass it to phorum?

Thanks in advance and look forward to your response..

No, you cannot use that. You do not setup a Phorum session from your login code. Instead, you let Phorum restore a session based on your main application's session. So in your case, from within Phorum you would check the $_SESSION data of your main app and tell Phorum to restore a session for the user_id that you found. "From within Phorum" here means "From a custom Phorum module".

It seems generally hard to understand this, so don't worry about that. Most applications handle the single sign on issue by setting up session data for child applications. I don't know why though. The Phorum way is definitely better.

* No hacking in the main app required
* Clean module solution for Phorum
* Sessions are always perfectly in sync

Here's a recent thread that handles the same issue. It also shows a tiny example module for letting Phorum inherit a $_SESSION data based session from a main app.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Ok, very helpful information. Some more questions though so I can finish figuring this out. When I create my own hook_user_session_restore file and create a new plugin folder in the external authentication mod and add my hook_user_session_restore file, I set the default settings on the modules page, choose the new folder I created for my hook, change the setting for the external path to my site where users login and it should be up and running? Just want to make sure i'm not missing anything, if I use that same code from that forum post for my hook will it still work, from the code I don't see why it wouldnt as my session is set on the login page the same as that, $_SESSION['user_id'], the code was..

Language: PHP
function phorum_mod_your_user_session_restore($sessions)
{   
    // Phorum does not start a session, so we have to start it
    // here to be able to access the main application';s $_SESSION data.
    // The session_id() is checked to not to call session_start() twice.
    if (!session_id()) session_start();
    // If the user is logged into the main session, then tell Phorum
    // to use the user_id from the session.  
    if (!empty($_SESSION[';user_id';])) {
        $sessions[PHORUM_SESSION_SHORT_TERM] = $_SESSION[';user_id';];
        $sessions[PHORUM_SESSION_LONG_TERM] = $_SESSION[';user_id';];
    }
 
    return $sessions;
}

the example module given doesn't require the external authentication module at all.

---

Thomas Seifert

As Thomas already states, I posted a simple module to inherit the user id from $_SESSION['user_id']. It was not an example file for the external authentication module. If you want to use that module, then do not put a function in the hook_user_session_restore.php file. Instead, put the body of my code in there. The external authentication module includes those hook files from its own hook implementations, so if you put a function in there, all you'll be doing is define a new function without really executing any code.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Yea, I seem to be missing something somewhere because when i login from my homepage and click my forum link in my nav it takes me to my phorum forum but it must not be passing my session, I tried both ways above with no luck. I made it it's own module(repeated login from homepage), tried using the external authentication way without the function with no luck as well. I have one user in both user tables, my users table and the phorum_users table with the same id, same username, same password. Do the sessid_lt, sessid_st need to be cleared of the data inside them for this to work?

I appreciate both of your patience, again any help or guidance would be greatly appreciated.

So this is the new code i'm using that I dug out of the archives here..

Language: PHP
<?php
 
/* phorum module info
hook:  user_session_restore|external_authentication
title: External Authentication
desc:  This module uses a external authentication system to log user into Phorum.
*/
 
// Check if we are loaded from the Phorum code.
// Direct access to this file is not allowed.
if (! defined("PHORUM")) return;
 
    // Override the session handling for front end forum sessions.
    // Retrieve a session from a standard PHP session by first
	// starting a PHP session if that was not done yet...
    if (!session_id()) session_start();
 
    // ...and then retrieving the user_id of the current user
    // from the PHP session data. The user_id is really the
    // only thing that needs to be remembered for a Phorum
    // session, because all other data for the user is stored
    // in the database. If no user id was set in the session,
    // then use FALSE to flag this to Phorum.
    $phorum_user_id = empty($_SESSION[';user_id';])
                    ? FALSE : $_SESSION[';user_id';];
 
    // The other two need to be updated. If the main system does
    // not use the concept of one long and one short term cookie
    // (named "tight security" by Phorum), then simply assign
    // the user_id to both PHORUM_SESSION_LONG_TERM and
    // PHORUM_SESSION_SHORT_TERM.
    $sessions[PHORUM_SESSION_SHORT_TERM] = $phorum_user_id;
    $sessions[PHORUM_SESSION_LONG_TERM] = $phorum_user_id;
	$sessions[PHORUM_SESSION_ADMIN] = FALSE; // ignores any previous admin sessions
 
	// If user is admin, fill out the following. This changes
	// the default behaviour for external logins.
	if ($phorum_user_id) {
		// check admin flag
		$user_data = phorum_api_user_get($phorum_user_id);
		if ($user_data && ($user_data[';admin';] > 0)) {
			// user is admin
			$sessions[PHORUM_SESSION_ADMIN] = $phorum_user_id;
		} 
	}
 
    return $sessions;
?>

This is in a file called hook_user_session_restore.php, inside of mods/external_authentication/plugins_bin/tgl(my folder)/hook_user_session_restore.php.

My users are synced in both tables by user id and username and in the phorum_users are set to active = 1.

With this explanation do you guys see anything that would be causing the phorum to not log my users into the phorum?

The external authentication module uses a different variable name for storing the sessions. Also, at the end you won't have to return it. Just set the active sessions in the variable as provided by external authentication. It was something like $phorum_sessions I think, but check the examples as included in the bundle to check if this is correct.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce