Firefox PHP

Login site integration trick

Posted by Scott 
Login site integration trick
December 12, 2003 09:09AM
If your site already has login capability and uses cookies, here's an easy fix to integrate the phorum with the rest of the site with a minimal amount of modding.
STEP 1:
When someone first signs up on your site, add this to your existing signup code:
$forumpasswd=md5($passwd);//only if you don't crypt your password already
$sql="insert into forums_auth(id, username, password, name, email) values
($id,'$user','$forumpasswd','$first_name','email')";
$result=mysql_query($sql);
This will put the user in the phorum auth db. Don't worry about the other variables, as users can add those in later if they click on edit profile.
This is fine and dandy if you are just starting a site, but if you already have users, you should put some code in your site login section that checks if the user is in forum_auth(or whatever you named the table) and if they aren't to add them using something like the code above.
STEP 2:
Set the auth cookie during site login.
Example if your login function takes user and pass as parameters:
$sessionID="$user:".md5($pass);
SetCookie("phorum_cookieauth", "$sessionID", time()+86400*365);
Make sure you do this at the top level so the path is "/" and it's available to the phorum in your forum directory.
STEP 3
In header.php which should contain the top of your site page, you will check for user login in whatever fashion you do on the rest of your site.
For example if you're using classes:
$logged=$user->checklog();
If the user isn't logged in, you don't let them view the forum. Maybe something like this:
if(!$logged){ echo "You must be logged in before you can use the phorum!!!";
include phorum_get_file_name('footer'); exit;}
STEP 4
Lastly since the only time a user will view the forum is when he is logged in, you don't want him to log out from the forum, only from your main site. You don't have to do anything extra in your logout since it isn't neccessary to delete the forum auth cookie. You'll need to comment out one line of code from your main phorum files. ie
list.php, read.php, post.php, profile.php, and register.php. Here's the line:
addnav($menu2, $lLogOut, "login.$ext?logout=1$GetVars");
Now the logout option won't show up. You should have a main logoff somewhere on your site.

The security setting should be on need login to post.
However, as you can see your mods prevent anyone who is logged in from access to the forum.

Cheers
[:]DRINK[/:]
Re: Login site integration trick
December 12, 2003 09:12AM
Oh, you might want to move the login and signup pages out of the forum directory since they won't be used. It will also prevent someone from trying to access them directly.
Re: Login site integration trick
December 21, 2003 06:47PM

great tip.. i think i just might do that.. thanks.

anyone know if this will work the same with phorum 5? i am thinking of upgrading right away too..

r.
Anonymous User
Re: Login site integration trick
December 22, 2003 04:10PM
phorum5 is really different, in many ways.

A question...
December 31, 2003 12:43PM
You said in the header.php file, yes? I only see that in Admin, so is that the one I must change?
Re: Login site integration trick
January 25, 2004 03:40PM
Just want to thank Scott for the tip, and let others know that it does the trick. This was exactly what I was looking for. I guess it spared me a great deal of hacking myself :)

Cheers mate!
dotBoB
Re: Login site integration trick
May 18, 2004 05:29AM
Superb!

You've just saved me hours of coding.

Thanks very much.
richardh
Re: Login site integration trick
May 19, 2004 12:52PM
I don't suppose this would work with phpnuke would it?

I've looked at the files but it's a little complicated to locate the auth login cookie etc..
can you offer any help?

ta

Richard
Re: Login site integration trick
May 20, 2004 08:47PM
For some reason I had a lot of problems getting my site to accept the above changes.
What I found is that if I added the 'setcookie' line with my user and md5 pass to the include/header.php of phorum, everything worked again. I have phorum in a subdirectory so it might have had something to do with the cookie path.
This might be useful for the nuke people too.
Ross.

(Don't forget to duplicate the user and md5 pass into phorum_auth)
Richardh
Re: Login site integration trick
May 22, 2004 06:21PM
Er..
could you do a point by point instruction guide as i don't follow :)
ta
Re: Login site integration trick
June 15, 2004 11:25AM
Hi,

nice trick but what about a server side solution? it sucks to relate on cookies. isn't there a way to set the username and login in a session variable at site login time and use that values from these session variables when the user opens a phorum page?`

speci
Sorry, you do not have permission to post/reply in this forum.