Hello, please sign in or register
You are here: Home

Merging PHPBB login data and sessions

On this perplexed site i have created a login session which is completely seperate from the forum PHPBB - it came later. However its inconvenient to users to have two seperate logins for functions on the same site. So this article describes the process of merging the two.

Prerequisites for this article: An undertanding of, basic logins with sessions, mysql and have a working configuration of PHPBB2 installed.

What i want to do?

Share the same session
This means that i want one login system with no unnessesary cookies stored on the clients browser.
No user data duplication
I do not want to have to edit two sources of the same data. Whilst this might be the simple thing, it just seems messy.
Minimal Change
I do not want to plague the current PHPBB2 forum code by rewriting pages upon pages of it. For one, this makes it easier to implement updates that th PHPBB crew come up with. So i'm prepared to instead rewrite my current code to fit in with PHPBB. The benefit of this is that i know my own code and know what i would have to change. And i literally include a file on the pages i want protecting. So my login functions do not get called seperatly.

How does PHPBB handle sessions and login?

The file which handles logins is located in ./includes/sessions.php. It contains four functions.

session_begin()
Called to initiate a new session
session_pagestart()
Called to reinitiate an existing session. I.e. already having logged in.
session_end()
Ends a login session
append_sid()
Append session id, used to include the session id to a URL where cookies do not exist.

The file ./includes/sessions.php appears to be included via the common library ./common.php --line 194, and is prepended at the start of each viewable page in PHPBB2. To avoid duplicating we shall have to make this file with its four functions accessible to other parts of pages within the website. Therefore by changing the line 194 to represent the new location of this file.

What are the PHPBB Cookies?

Although we'll be changing these i thought i'd mention them so i can simply refer to them later.

When a browser goes to a PHPBB forum site they'll recieve two cookies prefixed with a name the admininistrator sets and suffixed with either...

'_data'
Contains serialized data on 'auto login' and a 'userid'. Last's on the client browser for a year.
'_sid'
Last's the duration of the open browser and simply keeps a session_id.

The above cookies are called and set in ./include/sessions.php and called within ./viewtopic.php.

NOTE: PHPBB sets additional cookies which are not concerned with login.

I've always used php session_start(), whilst PHPBB sets generates a session_id (sid) and uses set_cookie to store the sid on client, and Mysql to link the session to the user. I believe the reason sessions are stored in a table is to identify the users online at any one time.

The function session_begin()

Aforementioned this function handles logins and is called from ./login.php or from within the other function introduced session_pagestart(). It is passed the variables, as shown in this snipt. [CODE=./include/sessions.php | line 27] function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; [/CODE]

None of the global variables mentioned above are changed when the function is called. The variables which are passed to session_begin(), are described here.

[CODE=./login.php | line 81] $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); [/CODE]

The variables:

$row['user_id'] int
Taken from the record in the table.
$user_ip string(8)
Is a hexadecimal interpretation of the users IP number
PAGE_INDEX int(1)
Is an arbitary integer.
$autologin int{0'1}
Sets a parameter on the cookie to log a user in automatically
$admin int{0,1}
Sets a parameter on the cookie.

The function session_begin() has two functions. It sets cookie information for both the session and the permanent cookie And returns an array of the user settings. e.g. username, user_id, ...

The function session_pagestart()

This function is passed the variables.

[CODE=./include/sessions.php | page 218] function session_pagestart($user_ip, $thispage_id) { global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; [/CODE]

This function uses information set in the user cookies to match to records within the session table, if the session table recognises the session number as active then the user is logged-in. Akin to session_begin() returns the $userdata.

How mysite creates logins!

I think my way is simpler and therefore better - but each to his own.

Firstly i am just going to use one cookie which will expire when the client browser is closed. And this will solely contain a session id (SID) which will store data in a file on the server. PHP is good because it does all this for you. And its literally a few lines of code. Plus we'll need to pluck a few configs from the user_table and return them in an array... and thats it!

Additionally the way i initiate the script to handle sessions is different. Instead of calling the scripts on the pages which i am concerned about i instead include a file which handles the logins.

Steps

Preliminery

The only PHPBB files you will need to edit are...

  • ./viewtopic.php
  • ./include/sessions.php

Sharing the same tables between databases

  • users
  • sessions
  • banlist

I have choosen to migrate my customer records to the PHPBB forum table phpbb_users. The PHPBB user table has all the fields that one could ever wish to store about a user, e.g. name, location, username, password etc... The only difference with PHPBB and my site is the way that PHPBB stores passwords using the php MD5 encryption. I hadn't encrypted my passwords, so i'll need to start. This mean i wont be able to email a password to a user if they forget it. So anyway. I migrate my users to the table in perplexedforum.phpbb_users

Now to be able to access my users table as perplexed.users in my current system, i already have a table called but i want to share it with my other user table perplexedforum.phpbb_users. Which i achieve by removing my previous users table perplexed.users and replacing it by way of symbiotic links

If you havent seen how MySQL stores data files, this might look odd.

[CODE=shell] cd /var/lib/mysql/ # my forum database name is `forum` # my normal database is named `perplexed` cd ./perplexed/ # create symbolic links ln --symbolic ../forum/phpbb_users.frm users.frm ln --symbolic ../forum/phpbb_users.MYI users.MYI ln --symbolic ../forum/phpbb_users.MYD users.MYD ln --symbolic ../forum/phpbb_sessions.frm sessions.frm ln --symbolic ../forum/phpbb_sessions.MYI sessions.MYI ln --symbolic ../forum/phpbb_sessions.MYD sessions.MYD ln --symbolic ../forum/phpbb_banlist.frm banlist.frm ln --symbolic ../forum/phpbb_banlist.MYI banlist.MYI ln --symbolic ../forum/phpbb_banlist.MYD banlist.MYD [/CODE]

So now the `perplexed` database will be fooled into thinking it contains the tables users, banlist and session which are infact stored in the location of the other database.... you following this? Continue : re-read.

Re-writing session_begin()

Comments

solerjim
when will you update this sir?
Created 15/07/10
Offer from Mods
Created 03/04/12
Title
dead kittens
Created 09/11/12
Karen
Nice post. Keep on sharing. http://www.essayscampus.com/
Created 23/01/16
ninestab123
ninest123 One canada goose pas cher gucci outlet thing
Created 21/07/16
Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

Andrew Dodson
Since:Feb 2007

Comment | flag

Categories

Bookmark and Share