Jump to content
Kieran

[DEV] phpBB AutoRegistration Script

Recommended Posts

Hello,

This script is going well, but I have hit a brick wall for the time being.

It is near impossible to include BOTH the phpBB Config files AND the phpVMS config files.

This is because both of those config files contain further includes. No matter where you put this forum registration script, the sub-includes will always produce an error because they are missing.

eg. AutoReg.php is in /home/

ppBB's config is in /home/forum/includes/

when including phpBB's file, it wants something in includes/, but because it is in /home/, it looks in /home/includes/ which is not correct.

If anybody has advice on overcoming the issue then I would be grateful and release the script.

Kieran

  • Like 2

Share this post


Link to post
Share on other sites

You should just be able to give the path like ->

include'forum/includes/yourfile.php';

If you need to move up to a directory above your phpVMS install you can add ../ for each directory up you need to go.

include'../forum/includes/yourfile.php';

  • Like 2

Share this post


Link to post
Share on other sites

Well if you want to do it the down and dirty way, you could just include the config.php file and setup a MySQL connection that way, but that isn't very preferable since phpBB supports MySQL and a few other DB solutions. Let me look at this...

  • Like 1

Share this post


Link to post
Share on other sites

I wish it was, but unfortunately, it isn't that simple...

The include files have includes inside those. Eg. includes/functions.php might look for a /config.php. Because includes/functions.php is in the 'includes' folder, then its OK.

But trying to access /home/forum/includes/functions.php externally means that it tries to look in /home/forum/config.php which, of course, is wrong.

  • Like 1

Share this post


Link to post
Share on other sites

I had this working for phpbb, but the only addition that was needed was inclusion in a group, you can use the functions but you have to define these before hand ie,

<?php

define('IN_PHPBB', true);

$phpbb_root_path = 'pathtoroot/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);

include($phpbb_root_path . 'common.php');

include($phpbb_root_path . 'includes/functions_user.php');

include($phpbb_root_path . 'includes/ucp/ucp_register.php');

$password='pword';

$username='uname';

$username_clean=strtolower($username);

$user_email='email@email.net';

$sql_ary = array(

'username' => $username,

'username_clean' => $username_clean,

'user_password' => phpbb_hash($password),

'user_pass_convert' => 0,

'user_email' => $user_email,

'user_email_hash' => crc32(strtolower($user_email)) . strlen($user_email),

'group_id' => 2,

'user_type' => 0,

);

user_add($sql_ary);

?>

I kept getting a template error but never managed to find the time to sort it out. Clearly you would add in the variables from the defined vms data not whats above. :)

Share this post


Link to post
Share on other sites

Well first off, I would go by the method that phpBB has to create a user. Try this function to create one.

http://wiki.phpbb.com/Add_users

Now, to load phpBB's functions...

Since your saying you file is located in:

/home/

And you forums directory is:

/home/forum/

phpBB requires that you define a few things before you load it. You need this:


<?php
define('MY_ROOT', dirname(__FILE__));	//	This the the AutoReg.php file location.

define('IN_PHPBB', true);				//	Checked by phpBB
$phpEx = substr(strrchr(__FILE__, '.'), 1);	//	Needed by phpBB
$phpbb_root_path = MY_ROOOT . '/forum/';		//	The forums root.
include($phpbb_root_path . 'common.' . $phpEx);	//	The file loader.

include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');
//	Now do what you please....

From there, you can either user that user_add() function or whatever you would like. :D

Share this post


Link to post
Share on other sites

However we need to include core/codon.config.php as well.

I get this template error though...

Fatal error: Call to undefined method template::SetTemplatePath() in /home/kieranm1/public_html/lv/core/app.config.php on line 293

When trying to include /core/classes/Template.class.php, this happens:

Fatal error: Cannot redeclare class template in /home/kieranm1/public_html/lv/forum/includes/template.php on line 2

I think we need Nabeel's expertise on this one...

  • Like 1

Share this post


Link to post
Share on other sites

Well, the thing is that phpBB has a template class just as phpVMS does, so I guess you can't do it that way. You can just do a SQL query and insert the user into the DB. You can use MD5 as the hash because it is programmed to change it to the phpPass hash upon login. I post what I did for SimCOA if you'd like....

phpBB code doc - http://area51.phpbb.com/docs/code/

Share this post


Link to post
Share on other sites

Phpbb no longer uses md5 hashes, ans an SQL query is out of range because there are about 5 or 6 tables that get updated then a user registers.

Share this post


Link to post
Share on other sites

For the MD5 hash, yes they use the phpPass class just as SimCOA does. But you can insert it in with a MD5 password and the system will update that password to the correct hash upon login. And yes there are a few tables, but I did manage to do it.

Share this post


Link to post
Share on other sites

My testing suggests otherwise, putting an MD5 hash into the phpBB database will not work, as phpBB does not use MD5 at all.

I would rather stick to both the phpBB and phpVMS API if possible.

Share this post


Link to post
Share on other sites

You may be on a version of phpBB older than 3.0.6.

Now, they use phpBB's own cryptology method.

Share this post


Link to post
Share on other sites

For VMS you just want to pull a user from the DB table? I guess you can pull that from the pilots table, that's essentially all findPilots() does anyway.

You have to do this though, to load in the config (sans API) for phpvms (haven't tested it, but it should be close) - place it in the root of the phpvms install (where index.php is)

To load configs for phpVMS

define('SITE_ROOT', dirname(__FILE__));

include SITE_ROOT.'/core/classes/Config.class.php';
include SITE_ROOT.'/core/local.config.php';

But an alternate solution might be this... this file called userregister.php, in the phpvms root (can be wherever, really, even in the phpBB root, but somewhere the public won't look, for security... /public_html/some/secret/path/userregister.php)

// Include phpBB stuff

$email = $_POST['email'];
$password = $_POST['password1'];
//etc

What you could do is this, from within your module/event listener, its registering the user, send the request to the above page

$cws = new CodonWebService();
$result = $cws->post('http://your-site.com/your/secret/path/userregister.php', $userinfo);
// For debug you can output $result, returns whatever the above page outputs

Which is sending $_POST (basically a form submit) to the userregister.php file. Not the most secure thing, unless you setup an htaccess to allow only your local webserver access to the userregister file. I'm sure there are better ways to sandbox the userregister, but the above comes out to be the simplest. If PHP had namespaces support earlier... oh well.

Two potential problems with this is configuration, but you'd have to do two things:

In userregister.php - make sure paths to phpBB are correct

In phpVMS - have the user add a setting called PHPBB_REGISTER_SCRIPT_URL which is the URL to the above script

And an htaccess to prevent outside access (which is tricky because you'd have to know the proper IP it will access from). I'll think about this some more and see if there's a better way.

Share this post


Link to post
Share on other sites

Actually one solution to security might be, in local.config.php, also have them enter a secret password:

PHPBB_REGISTRATION_SECRET_WORD

Config::Set('PHPBB_REGISTRATION_SECRET_WORD', 'somethingsomethingdarkside');

Then also pass that:

[code]

$cws = new CodonWebService();
$userinfo['secret_key'] = Config::Get('PHPBB_REGISTRATION_SECRET_WORD');
$result = $cws->post('http://your-site.com/your/secret/path/userregister.php', $userinfo);

Then in the userregister:

if($_POST['secret_key'] !== 'somethingsomethingdarkside')
{
die();
}

// Otherwise continue the student add

So there's then three things the user needs to do to get it to work but it'll be a little more secure

Share this post


Link to post
Share on other sites

Thanks for pointing me in the right direction, i'll get back to you shortly...

There doesn't seem to be an event for when a user is approved...

We wouldn't want a declined user to have a forum account, now, would we?

Share this post


Link to post
Share on other sites

Do you think it might be safer to work through a database?

Ie. The reg script passes information to the table phpvms_forumRegForProcessing,

On registration approval, the script gets data from the table and uses it to create a phpBB forum account.

Might be safer than throwing variables all over the show.

  • Like 1

Share this post


Link to post
Share on other sites

I can add an event, but it might be tricky since that's on the admin side, and the event system isn't setup to cross that way, I haven't tested it and might have to hack the core a bit.. which I'm a bit weary of (they're completely sectioned off, save for the data classes)... but I guess in worse case having to delete a user from the forum shouldn't be (too big) of a deal.

And what do you mean work through a database? It's best to go through the API whenever possible... on my side or the phpBB side. Pending users can change on my side (I'm planning on changing the tables, but I don't know for when). The example I gave you hands off data from the phpVMS API (through the user registration event), and then passes it to a script where you can use the phpBB api to complete it. It might be a bit of a pain initially, but it does beat having to manually update however many tables they write to... they wrote that code so let them handle it :)

Share this post


Link to post
Share on other sites

Just taking another glance at what you said earlier, about including both phpBB and phpVMS together.

The only conflict, at the moment, is a Template class (see the error above).

If we could somehow overcome this, then both APIs could work in harmony.

Share this post


Link to post
Share on other sites

<?php
// We're in phpBB
define('IN_PHPBB', true);
$phpbb_root_path = 'forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include('core/codon.config.php');
?>

This code is the part in question, it hasn't been modified since the thread started.

Share this post


Link to post
Share on other sites

I mean the entire module... I mean, this is going into a registration hook module, right? You wouldn't have to include the codon.inc.php since it's within it.

I think the way I said would be the best route...

Share this post


Link to post
Share on other sites

This is perhaps what I'm thinking...

Because I have to accept registrations manually, using the event + hook isn't ideal.

User 'Confirms Password' in a form on the prc somewhere > form details passed to external php script , along with email and username >

script creates account > script redirects to confirmation page.

Perhaps a bit of AJAX thrown in there to smooth it all out? AJAX isn't my strong point so I'd have to do a bit of research.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×