phpBB Forum Help

[Johnyq]

hi all.. i run a phpBB forum and i have a little problem.

This forum uses cookies in the login area.


i want to when someone logs in into my system to be automatically logged in into the forum.. in other words i want a url something like : \....login.php?sid=234Something

is this possible? the forum uses a post method at the login.

here is the login file in php






define("IN_LOGIN", true);



define('IN_PHPBB', true);

$phpbb_root_path = './';

include($phpbb_root_path . 'extension.inc');

include($phpbb_root_path . 'common.'.$phpEx);



//

// Set page ID for session management

//

$userdata = session_pagestart($user_ip, PAGE_LOGIN);

init_userprefs($userdata);

//

// End session management

//



$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';



if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )

{

//

// This appears to work for IIS5 CGI under Win2K. Uses getenv

// since this doesn't exist for ISAPI mode and therefore the

// normal Location redirector is used in preference

//

if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )

{

$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';

$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';



$sql = "SELECT user_id, username, user_password, user_active, user_level

FROM " . USERS_TABLE . "

WHERE username = '" . str_replace("\'", "''", $username) . "'";

if ( !($result = $db->sql_query($sql)) )

{

message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);

}



if( $row = $db->sql_fetchrow($result) )

{

if( $row['user_level'] != ADMIN && $board_config['board_disable'] )

{

header($header_location . append_sid("index.$phpEx", true));

exit;

}

else

{

if( md5($password) == $row['user_password'] && $row['user_active'] )

{

$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;



$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);



if( $session_id )

{

if( !empty($HTTP_POST_VARS['redirect']) )

{

header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));

exit;

}

else

{

header($header_location . append_sid("index.$phpEx", true));

exit;

}

}

else

{

message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);

}

}

else

{

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';



$template->assign_vars(array(

'META' => '<meta http-equiv=&quot;refresh&quot; content=&quot;3;url=' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot . '&quot;>')

);



$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=&quot;' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot . '&quot;>', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href=&quot;' . append_sid(&quot;index.$phpEx&quot . '&quot;>', '</a>');



message_die(GENERAL_MESSAGE, $message);

}

}

}

else

{

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : &quot;&quot;;



$template->assign_vars(array(

'META' => '<meta http-equiv=&quot;refresh&quot; content=&quot;3;url=' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot . '&quot;>')

);



$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=&quot;' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot . '&quot;>', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href=&quot;' . append_sid(&quot;index.$phpEx&quot . '&quot;>', '</a>');



message_die(GENERAL_MESSAGE, $message);

}

}

else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )

{

if( $userdata['session_logged_in'] )

{

session_end($userdata['session_id'], $userdata['user_id']);

}



if( !empty($HTTP_POST_VARS['redirect']) )

{

header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));

exit;

}

else

{

header($header_location . append_sid(&quot;index.$phpEx&quot;, true));

exit;

}

}

else

{

if( !empty($HTTP_POST_VARS['redirect']) )

{

header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));

exit;

}

else

{

header($header_location . append_sid(&quot;index.$phpEx&quot;, true));

exit;

}

}

}

else

{

//

// Do a full login page dohickey if

// user not already logged in

//

if( !$userdata['session_logged_in'] )

{

$page_title = $lang['Login'];

include($phpbb_root_path . 'includes/page_header.'.$phpEx);



$template->set_filenames(array(

'body' => 'login_body.tpl')

);



if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )

{

$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];



if( preg_match(&quot;/^redirect=(.*)$/si&quot;, $forward_to, $forward_matches) )

{

$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];



$forward_match = explode('&', $forward_to);



if(count($forward_match) > 1)

{

$forward_page = '';



for($i = 1; $i < count($forward_match); $i++)

{

if( !ereg(&quot;sid=&quot;, $forward_match[$i]) )

{

if( $forward_page != '' )

{

$forward_page .= '&';

}

$forward_page .= $forward_match[$i];

}

}



$forward_page = $forward_match[0] . '?' . $forward_page;

}

else

{

$forward_page = $forward_match[0];

}

}

}

else

{

$forward_page = '';

}



$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';



$s_hidden_fields = '<input type=&quot;hidden&quot; name=&quot;redirect&quot; value=&quot;' . $forward_page . '&quot; />';



make_jumpbox('viewforum.'.$phpEx, $forum_id);

$template->assign_vars(array(

'USERNAME' => $username,



// 'L_ENTER_PASSWORD' => $lang['Enter_password'],

// 'L_SEND_PASSWORD' => $lang['Forgotten_password'],



// 'U_SEND_PASSWORD' => append_sid(&quot;profile.$phpEx?mode=sendpassword&quot,



'S_HIDDEN_FIELDS' => $s_hidden_fields)

);



$template->pparse('body');



include($phpbb_root_path . 'includes/page_tail.'.$phpEx);

}

else

{

header($header_location . append_sid(&quot;index.$phpEx&quot;, true));

exit;

 

[iTST]

I'm Sorry, I didn't quite get what you mean... cu, Sascha

http://www.itst.org/

 

[Johnyq]

in order to login someone in my forum must complete a login form with a username and password. i want to know if there
is generated a kind of url an the user could use it directly to login.

http://www.sdf.com/forum/login.php?username=whatever&password=34

using this line or similar.. i want my members to login directly without showing the login form.

 

[AnakinPt]

why don't you use cookies?

when he logins you set the login and password of the user in a cookie. when you open any page, just check is there's a user loggedin in that session. If not, check if there's a cookie. If so, use the values in the cookie to do the loging aumomaticaly.


Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com

 

[Johnyq]

..that wont do! i want to generate a url that the user could login at any time anywhare without using cookies

 

[AnakinPt]

that's the same thing ... put the login and password in the URL and check credentials when you got them in the URL.
Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com

 

[danielhozac]

Just a small note, that kind of URL is a security breach. The URL is saved in the history files, and anyone using the same computer could easily gain access to your forum. //Daniel

 

[iTST]

Hi all

phpBB can handle cookies. Tell you users to click the &quot;Remember me&quot; checkbox in the login form.

cu, Sascha

BTW, as Anikin pointed out, a URL containing user id's and passwords is a rather unsecure solution. You would have to rewrite some of the phpBB auth code to do that, because phpBB checks wehter data is sent from a form (post method) or via URL (get method). cu, Sascha

http://www.itst.org/