phpBB 3.2 Bridge for Custom Login
Posted July 29th 2017, 1:08pm
I am developing an account system for my website. As part of my website, I want to include a phpBB-based forum. To make use of the forum as simple as possible for the users, I would like to create a custom bridge between my account system and phpBB's login system. The requirements that I have for the system are outlined below.

  • I do not want to use phpBB's registration or login pages at all. All registrations or logins must be performed through my site's registration and login pages.
  • I have noticed that some bridges only create accounts if the user tries to use the platform that is involved in the bridge. For this bridge however, I want the phpBB account to be created automatically at the same time that the user registers on the site.
  • I want data that is stored about the user by the website to always be in sync with what is stored by phpBB.
    (for example, if the user changes their username, I want it to change on both my site as well as on phpBB)
  • Any users who have their site account banned should also have their phpBB account banned. The reason listed for the ban should also be identical.

My site is not based around phpBB, or any other CMS platform. With that in mind, how would I go about achieving what I mentioned above? I would imagine that for most of the things mentioned, a simple query to the phpBB database would suffice, but I am not sure how more complicated aspects such as authentication would work.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted July 31st 2017, 9:59am
What you're requesting is a lot of work, but it can be done. The easiest way to get this done is to have your application load phpBB and call its user/session management functions. Most old (and some new) WordPress-phpBB bridges work in this fashion. That method, however, leads to server load issues as well as code conflicts.

The best solution is for your application to contain the necessary code to manage users in phpBB. Disabling registrations in phpBB can be done in the ACP; disabling logins in phpBB may require a hack to its ucp.php file.

You'll need to decide how to handle profile-based things such as signatures and avatars, and I suspect that will be the most difficult code to write. I'd also suggest forcing users to use cookies, because that will make the bridging to phpBB an order of magnitude simpler.
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted July 31st 2017, 3:00pm
Yeah, I figured it was probably going to be very difficult. Here's what I have in mind for the basic setup.

For account registrations, I am going to disable registration in phpBB and have my site's registration process call https://wiki.phpbb.com/Function.user_add.

To disable phpBB logins, I was just going to remove all links to the login page and modify ucp_login_link.html so that if someone tries to access it directly, the login page will not display the login form. I understand that technically, it would still be possible to log in if someone took the standard phpBB login form HTML and used browser dev tools to paste it into a page, but I'm not really all that concerned about that. I had considered perhaps setting up the registration process to add several additional characters to the password that is submitted to phpBB's registration function as a means of preventing that trick from working though.

For logins, I suppose I could rely on phpBB's built-in authentication system as you suggested, and store whatever data that was not related to phpBB in my site's own database, but my original plan was to either use my own authentication system with phpBB, or use my own authentication system for the aspects that relate to my site, and use phpBB's system for the forum.

As for the use of signatures and avatars, I was going to leave those settings to work as part of phpBB's core since my site does not really require the use of avatars or signatures anywhere else. I suppose it might make sense to implement them on the main site for continuity though.

As far as forcing cookies on users, how would I go about doing that? I was not aware that phpBB could be configured to not force cookies on users.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted July 31st 2017, 4:35pm
phpBB will work without cookies -- it will append the session ID to every URL if cookies are disabled.

You can't disable the login template because it is used to log a user into the ACP. It is also displayed when a guest tries to access members-only pages, such as when clicking on a username to display that user's public profile, or when clicking "The Team" link at the bottom of the page. (I personally consider these links to be bugs in phpBB, but I guess the phpBB devs feel differently.) These issues are why I thought you might need to hack the ucp.php file...and thinking about it, you may also need to hack the login_box() function in includes/functions.php.

You also can't directly call the phpBB user_add() function because it depends on a large chunk of phpBB to already be loaded. You'll instead need to duplicate what that function does in your application. As I said, what you're trying to do is a lot of work!
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted July 31st 2017, 7:37pm
Yeah, the issue with the login pages is a good point. I did not think of that.

As for the user_add() function, I know I cannot call it independently of phpBB, but I thought that implementing the aspects of the phpBB code that were needed was as easy as doing this.

Also, I thought that starting with phpBB 3.1, I thought that you could more easily integrate your own authentication system into the forum. This is what I am referring to, but I am afraid that I do not understand it well enough to know if it suits my purpose.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted August 1st 2017, 9:08am
Implementing the code in your first link will load all of phpBB. As I mentioned above, it's the easiest way to accomplish what you want, but it tends to lead to server load issues and code conflicts.

Replacing the authentication module in phpBB will also work; I've seen that used for Joomla-phpBB and Drupal-phpBB bridges. This method is not used more widely for bridges because, like above, it requires both applications to be loaded.

If your account system is small, loading it and phpBB simultaneously might work. It's definitely something worth trying, and if it results in problems, you can then look at alternative solutions.
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted August 2nd 2017, 4:41pm
Okay well I've finally found the time to work on this, and I've barely made any progress before running in to some problems. The only part that I have bothered to tackle so far is the registration portion. Right now, my website registers the account in the site's own database with this:

$mysqli->query("INSERT INTO `accounts` (username, email, password) VALUES ('$username', '$email', '$hashedPassword')");

From there, I tried doing this in the code to create a new phpBB user.

define('IN_PHPBB', true);
$phpbb_root_path = './forums'; // This line was modified to account for the actual location of the forum.
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();


Doing that did not work. I got the following error:

Fatal error: Uncaught Error: Call to a member function getParameter() on null in X:\forums\phpbb\cache\driver\file.php:37 Stack trace: #0 X:\forums\cache\production\container_a82b10cdbcb9665e9ef7f01903fbd93e.php(696): phpbb\cache\driver\file->__construct() #1 X:\forums\vendor\symfony\dependency-injection\Container.php(314): phpbb_cache_container->getCache_DriverService() #2 X:\forums\vendor\symfony\dependency-injection\ContainerBuilder.php(455): Symfony\Component\DependencyInjection\Container->get('cache.driver', 2) #3 X:\forums\common.php(132): Symfony\Component\DependencyInjection\ContainerBuilder->get('cache.driver') #4 X:\template\php\accountRegistration.php(10): include('C:\\inetpub\\wwwr...') #5 X:\template\body_register.php(4): accountRegistration->__construct( in X:\forums\phpbb\cache\driver\file.php on line 37

I tried to work around the problem by creating a new PHP file in the forum's root folder, and put this in it:

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.php');

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

function addForumAccount($username, $password, $email) {
// Creates a forum account to associate with the user's main site account. This function
// returns the new forum account's user ID, which is stored as part of the database entry
// for the account on the main site.
$user_row = array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => $email,
'group_id' => 2, // by default, the REGISTERED user group is id 2
'user_timezone' => (float) $data['tz'],
'user_lang' => $data['lang'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
'user_regdate' => time(),
);

// Register user...
return user_add($user_row);
}
?>


I called the function that I wrote in this separate file from within the file, and it successfully created a user, so I tried using `include()` to use the file in the main site's registration process, but I got this error instead of the result that I was hoping for.

Warning: include(./common.php): failed to open stream: No such file or directory in X:\forums\SITE_register.php on line 5

Warning: include(): Failed opening './common.php' for inclusion (include_path='.;C:\php\pear') in X:\forums\SITE_register.php on line 5

Warning: include(./includes/functions_user.php): failed to open stream: No such file or directory in X:\forums\SITE_register.php on line 6

Warning: include(): Failed opening './includes/functions_user.php' for inclusion (include_path='.;C:\php\pear') in X:\forums\SITE_register.php on line 6

Notice: Undefined variable: user in X:\forums\SITE_register.php on line 9

Fatal error: Uncaught Error: Call to a member function session_begin() on null in X:\forums\SITE_register.php:9 Stack trace: #0 X:\template\php\accountRegistration.php(7): include() #1 X:\template\body_register.php(4): accountRegistration->__construct(Object(mysqli)) #2 X:\register.php(58): include('C:\\inetpub\\wwwr...') #3 {main} thrown in X:\forums\SITE_register.php on line 9


At this point I am not sure what else to try. I had considered having my site POST the required data to this page after the main site's registration is complete, but my concern is that it would then be too easy to create bogus forum accounts simply by sending POST requests with a username, e-mail, and password to that page.

I actually spent some time looking around online to see if I could find a phpBB forum that does exactly what I want to do, and I think I have finally found one: the Waze Forums. I believe they are running an older version of phpBB though.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted August 2nd 2017, 10:46pm
Give some thought to looking at what the user_add() function does in phpBB. There is nothing stopping you from doing the same DB inserts into the phpBB database from your own application.

If you are looking for ideas to bridge phpBB to another application, perhaps you can start with something I wrote:

https://wordpress.org/plugins/bridgedd/

You can see it in action here:

https://bridgedd.com
https://bridgedd.com/support
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted August 3rd 2017, 4:17pm
Yeah, that's a good point. I had not considered rolling my own `user_add()`.

As for my site, I am not trying to bridge phpBB to a CMS, as my site was built from scratch, but I will poke around in the BridgeDD code to see how you did things. Sadly, I am using phpBB 3.2 and I don't have BridgeDD Pro, so I will have to look at the 3.0 stuff, but that should be enough to give me some ideas. I may have to ask for more help with the authentication process, but at this point, I think I can handle the registration.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted August 4th 2017, 9:03pm
And I've successfully completed the registration bridge! I ended up writing my own function to complete the necessary tasks, although it is vaguely based on `user_add()`. I also did not use phpBB's built-in hash function for the passwords, so now I am definitely going to have to modify phpBB's built-in login function to account for that.

If you have any good ideas for how to handle the login process, please let me know. Right now, my plan to manage user logins is to modify the phpBB login function to redirect users to my site's login page unless the user is authenticating to the admin panel.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted August 8th 2017, 4:13pm
Success! It took a while, but I finally finished integrating phpBB with my website. Instead of using my authentication system with phpBB or using phpBB's authentication system with my site, I ended up using my own for my website, and modified phpBB's a bit so that my system could easily interact with it.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
phpBB 3.2 Bridge for Custom Login
Posted August 8th 2017, 5:46pm
Congratulations! You've come a long way in the past few years. :)
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted August 8th 2017, 6:16pm
Dion said:
Congratulations! You've come a long way in the past few years. :)

Thanks! I also created a custom theme for the forum so that the forum's appearance matches the site's appearance. I didn't write the whole thing on my own (it's based on proflat, which is based on prosilver), but it mostly looks different. I had to enable PHP in templates in order to get some of it to work properly though. For some reason, I've seen people posting on the phpBB forums that enabling PHP in templates is a security risk. I would assume that the reason for this concern is because people can see the code if they access your template files manually. This isn't a concern for me though because I have an .htaccess file with Deny from all in it. Other than manual access, is there any other way that using PHP in templates poses a security risk?
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
1
#14
phpBB 3.2 Bridge for Custom Login
Posted August 8th 2017, 8:45pm
Use of PHP in templates was a security risk when phpBB 3.0 was released in 2007. It is not a security risk in 2017 unless Apache and PHP have been configured in an incredibly stupid fashion. Since someone that stupid would not know how to access the Apache and PHP configuration, it's not going to happen. ;)

The issues with enabling PHP in templates is the possibility of your adding PHP code to the templates that does damage, and the possibility of a malicious MOD/extension doing nasty things if it finds PHP enabled in templates.
φ
Posts: 1599
Joined: March 12th 2009, 11:00pm
Location: Uncertain due to momentum
Likes Given: 26
Likes Received: 357
phpBB 3.2 Bridge for Custom Login
Posted August 8th 2017, 9:31pm
Dion said:
Use of PHP in templates was a security risk when phpBB 3.0 was released in 2007. It is not a security risk in 2017 unless Apache and PHP have been configured in an incredibly stupid fashion. Since someone that stupid would not know how to access the Apache and PHP configuration, it's not going to happen. ;)

The issues with enabling PHP in templates is the possibility of your adding PHP code to the templates that does damage, and the possibility of a malicious MOD/extension doing nasty things if it finds PHP enabled in templates.

Great! I have faith that the PHP that I added is safe, and as for malicious extensions, there are only two that I use, and both of them seem safe enough to me.
φ
Posts: 280
Joined: October 2nd 2011, 11:00pm
Likes Given: 27
Likes Received: 4
Post a reply
15 posts

Who is online

Users browsing this forum: No registered users and 1 guest