1. Create the auth module
Lets say I want to call the module 'symfony'. I create a file called auth_symfony.php and drop it in the phpbb /includes/auth folder.
2. Write the autologin method
Because I want my forums to be on the same domain, I have saved the phpbb files in web/forum. This way I have access to the session variables stored in my symfony app. So when a user goes into the forums, the autologin method can be used to interrogate my smyfony session.
In a nutshell, the autologin method needs to verify the user's session, grab their details and log them into phpbb. So as to avoid having to manage forum users from my symfony app, I also create new phpbb users here if one doesn't already exist for the current user.
Note that phpbb needs its own session, so we need to switch between sessions here as well.
/**
* Autologin function
*/
function autologin_symfony()
{
include_once('includes/functions_user.php');
global $db, $config, $user;
$sess = session_name();
session_name('symfony');
session_start();
$sfSession = $_SESSION['symfony/user/sfUser/attributes']['userData'];
@session_name($sess);
@session_start();
if (isset($_REQUEST['admin'])){
$_SESSION['admin'] = $_REQUEST['admin'];
}
if (isset($_SESSION['data'])){
return $_SESSION['data'];
}elseif (!isset($sfSession['username']) &&
!isset($_SESSION['admin'])){
header("Location: /");
exit;
}elseif (isset($sfSession['username'])){
$user_row = array(
'username' => $sfSession['username'],
'user_password' => phpbb_hash($sfSession['username']),
'user_email' => $sfSession['email'],
'user_type' => USER_NORMAL,
'group_id' => 2
);
$sql ='SELECT *
FROM ' . USERS_TABLE . "
WHERE user_email = '"
. $db->sql_escape(utf8_clean_string($sfSession['email']))
."'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row){
// Successful login...
$data = array_merge($row,array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'autologin' => 1,
'user_row' => $row
));
$_SESSION['data'] = $data;
return $data;
}else{
//check for existing name
$sql ='SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '"
. $db->sql_escape(utf8_clean_string($sfSession['username']))
."'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row){
//randomise username if duplicate found
$user_row['username'] = $user_row['username']
. " - " . rand(1000,9999);
}
//create new user
$user_id = user_add($user_row);
$user_row['user_id'] = $user_id;
$data = array_merge($user_row,array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'autologin' => 1,
'user_row' => $user_row,
'user_type' => USER_NORMAL,
'group_id' => 2
));
$_SESSION['data'] = $data;
return $data;
}
}
}
Note also that the $_SESSION['data'] array is used to avoid hitting the database everytime the user loads a new page in phpbb.
3. Create admin login
You might have noticed that the above code looks for a session var called 'admin'. I use this to track whether a user has come from the backend. This is used to display the phpbb login form. Otherwise the user is simply sent back to the symfony app login.
/**
* Login function
*/
function login_symfony($username, $password)
{
global $db, $config, $user;
$sql ='SELECT * FROM ' . USERS_TABLE
. " WHERE username_clean = '"
.$db->sql_escape(utf8_clean_string($username))
."' and user_password = '".md5($password)."'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row){
$data = array_merge($row,array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row
));
$_SESSION['data'] = $data;
return $data;
}else{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
4. Create logout method
This simply wipes both sessions and redirects the user to the symfony app homepage.
/**
* Logout function
*/
function logout_symfony($user_row)
{
$sess = session_name();
session_name('symfony');
session_start();
session_destroy();
@session_name($sess);
@session_start();
@session_destroy();
header("Location: /");
exit;
}
5. Create validate session method
Last but not least this method is used to check that the current user session is valid. Not 100% required, but a good precaution.
/**
* Validate session function
*/
function validate_session_symfony()
{
$sess = session_name();
session_name('symfony');
session_start();
$auth = $_SESSION['symfony/user/sfUser/authenticated'];
@session_start($sess);
@session_start();
//always redirect to home
$admin = isset($_SESSION['admin']);
if ($admin || $auth){
return true;
}
return false;
}
6. Configure
You'll need to log into the phpbb ACP and set the authentication module to your custom module. Then you need to bypass symfony in the .htaccess for the /forum URL
RewriteRule ^forum/.*$ - [PT]
RewriteCond %{REQUEST_URI} !^/forum
And that's basically it :)
Comments are not available for this entry.
Avatar
