Jump to content

[DEV] phpBB AutoRegistration Script


Kieran

Recommended Posts

Hello,

This script is going well, but I have hit a brick wall for the time being.

It is near impossible to include BOTH the phpBB Config files AND the phpVMS config files.

This is because both of those config files contain further includes. No matter where you put this forum registration script, the sub-includes will always produce an error because they are missing.

eg. AutoReg.php is in /home/

ppBB's config is in /home/forum/includes/

when including phpBB's file, it wants something in includes/, but because it is in /home/, it looks in /home/includes/ which is not correct.

If anybody has advice on overcoming the issue then I would be grateful and release the script.

Kieran

  • Like 2
Link to comment
Share on other sites

  • Administrators

You should just be able to give the path like ->

include'forum/includes/yourfile.php';

If you need to move up to a directory above your phpVMS install you can add ../ for each directory up you need to go.

include'../forum/includes/yourfile.php';

  • Like 2
Link to comment
Share on other sites

I wish it was, but unfortunately, it isn't that simple...

The include files have includes inside those. Eg. includes/functions.php might look for a /config.php. Because includes/functions.php is in the 'includes' folder, then its OK.

But trying to access /home/forum/includes/functions.php externally means that it tries to look in /home/forum/config.php which, of course, is wrong.

  • Like 1
Link to comment
Share on other sites

  • Moderators

I had this working for phpbb, but the only addition that was needed was inclusion in a group, you can use the functions but you have to define these before hand ie,

<?php

define('IN_PHPBB', true);

$phpbb_root_path = 'pathtoroot/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);

include($phpbb_root_path . 'common.php');

include($phpbb_root_path . 'includes/functions_user.php');

include($phpbb_root_path . 'includes/ucp/ucp_register.php');

$password='pword';

$username='uname';

$username_clean=strtolower($username);

$user_email='email@email.net';

$sql_ary = array(

'username' => $username,

'username_clean' => $username_clean,

'user_password' => phpbb_hash($password),

'user_pass_convert' => 0,

'user_email' => $user_email,

'user_email_hash' => crc32(strtolower($user_email)) . strlen($user_email),

'group_id' => 2,

'user_type' => 0,

);

user_add($sql_ary);

?>

I kept getting a template error but never managed to find the time to sort it out. Clearly you would add in the variables from the defined vms data not whats above. :)

Link to comment
Share on other sites

Well first off, I would go by the method that phpBB has to create a user. Try this function to create one.

http://wiki.phpbb.com/Add_users

Now, to load phpBB's functions...

Since your saying you file is located in:

/home/

And you forums directory is:

/home/forum/

phpBB requires that you define a few things before you load it. You need this:


<?php
define('MY_ROOT', dirname(__FILE__));	//	This the the AutoReg.php file location.

define('IN_PHPBB', true);				//	Checked by phpBB
$phpEx = substr(strrchr(__FILE__, '.'), 1);	//	Needed by phpBB
$phpbb_root_path = MY_ROOOT . '/forum/';		//	The forums root.
include($phpbb_root_path . 'common.' . $phpEx);	//	The file loader.

include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');
//	Now do what you please....

From there, you can either user that user_add() function or whatever you would like. :D

Link to comment
Share on other sites

However we need to include core/codon.config.php as well.

I get this template error though...

Fatal error: Call to undefined method template::SetTemplatePath() in /home/kieranm1/public_html/lv/core/app.config.php on line 293

When trying to include /core/classes/Template.class.php, this happens:

Fatal error: Cannot redeclare class template in /home/kieranm1/public_html/lv/forum/includes/template.php on line 2

I think we need Nabeel's expertise on this one...

  • Like 1
Link to comment
Share on other sites

Well, the thing is that phpBB has a template class just as phpVMS does, so I guess you can't do it that way. You can just do a SQL query and insert the user into the DB. You can use MD5 as the hash because it is programmed to change it to the phpPass hash upon login. I post what I did for SimCOA if you'd like....

phpBB code doc - http://area51.phpbb.com/docs/code/

Link to comment
Share on other sites

For the MD5 hash, yes they use the phpPass class just as SimCOA does. But you can insert it in with a MD5 password and the system will update that password to the correct hash upon login. And yes there are a few tables, but I did manage to do it.

Link to comment
Share on other sites

  • Administrators

For VMS you just want to pull a user from the DB table? I guess you can pull that from the pilots table, that's essentially all findPilots() does anyway.

You have to do this though, to load in the config (sans API) for phpvms (haven't tested it, but it should be close) - place it in the root of the phpvms install (where index.php is)

To load configs for phpVMS

define('SITE_ROOT', dirname(__FILE__));

include SITE_ROOT.'/core/classes/Config.class.php';
include SITE_ROOT.'/core/local.config.php';

But an alternate solution might be this... this file called userregister.php, in the phpvms root (can be wherever, really, even in the phpBB root, but somewhere the public won't look, for security... /public_html/some/secret/path/userregister.php)

// Include phpBB stuff

$email = $_POST['email'];
$password = $_POST['password1'];
//etc

What you could do is this, from within your module/event listener, its registering the user, send the request to the above page

$cws = new CodonWebService();
$result = $cws->post('http://your-site.com/your/secret/path/userregister.php', $userinfo);
// For debug you can output $result, returns whatever the above page outputs

Which is sending $_POST (basically a form submit) to the userregister.php file. Not the most secure thing, unless you setup an htaccess to allow only your local webserver access to the userregister file. I'm sure there are better ways to sandbox the userregister, but the above comes out to be the simplest. If PHP had namespaces support earlier... oh well.

Two potential problems with this is configuration, but you'd have to do two things:

In userregister.php - make sure paths to phpBB are correct

In phpVMS - have the user add a setting called PHPBB_REGISTER_SCRIPT_URL which is the URL to the above script

And an htaccess to prevent outside access (which is tricky because you'd have to know the proper IP it will access from). I'll think about this some more and see if there's a better way.

Link to comment
Share on other sites

  • Administrators

Actually one solution to security might be, in local.config.php, also have them enter a secret password:

PHPBB_REGISTRATION_SECRET_WORD

Config::Set('PHPBB_REGISTRATION_SECRET_WORD', 'somethingsomethingdarkside');

Then also pass that:

[code]

$cws = new CodonWebService();
$userinfo['secret_key'] = Config::Get('PHPBB_REGISTRATION_SECRET_WORD');
$result = $cws->post('http://your-site.com/your/secret/path/userregister.php', $userinfo);

Then in the userregister:

if($_POST['secret_key'] !== 'somethingsomethingdarkside')
{
die();
}

// Otherwise continue the student add

So there's then three things the user needs to do to get it to work but it'll be a little more secure

Link to comment
Share on other sites

Thanks for pointing me in the right direction, i'll get back to you shortly...

There doesn't seem to be an event for when a user is approved...

We wouldn't want a declined user to have a forum account, now, would we?

Link to comment
Share on other sites

Do you think it might be safer to work through a database?

Ie. The reg script passes information to the table phpvms_forumRegForProcessing,

On registration approval, the script gets data from the table and uses it to create a phpBB forum account.

Might be safer than throwing variables all over the show.

  • Like 1
Link to comment
Share on other sites

  • Administrators

I can add an event, but it might be tricky since that's on the admin side, and the event system isn't setup to cross that way, I haven't tested it and might have to hack the core a bit.. which I'm a bit weary of (they're completely sectioned off, save for the data classes)... but I guess in worse case having to delete a user from the forum shouldn't be (too big) of a deal.

And what do you mean work through a database? It's best to go through the API whenever possible... on my side or the phpBB side. Pending users can change on my side (I'm planning on changing the tables, but I don't know for when). The example I gave you hands off data from the phpVMS API (through the user registration event), and then passes it to a script where you can use the phpBB api to complete it. It might be a bit of a pain initially, but it does beat having to manually update however many tables they write to... they wrote that code so let them handle it :)

Link to comment
Share on other sites

Just taking another glance at what you said earlier, about including both phpBB and phpVMS together.

The only conflict, at the moment, is a Template class (see the error above).

If we could somehow overcome this, then both APIs could work in harmony.

Link to comment
Share on other sites

<?php
// We're in phpBB
define('IN_PHPBB', true);
$phpbb_root_path = 'forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include('core/codon.config.php');
?>

This code is the part in question, it hasn't been modified since the thread started.

Link to comment
Share on other sites

  • Administrators

I mean the entire module... I mean, this is going into a registration hook module, right? You wouldn't have to include the codon.inc.php since it's within it.

I think the way I said would be the best route...

Link to comment
Share on other sites

  • 4 weeks later...

This is perhaps what I'm thinking...

Because I have to accept registrations manually, using the event + hook isn't ideal.

User 'Confirms Password' in a form on the prc somewhere > form details passed to external php script , along with email and username >

script creates account > script redirects to confirmation page.

Perhaps a bit of AJAX thrown in there to smooth it all out? AJAX isn't my strong point so I'd have to do a bit of research.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...