Login Help

I have a login script I wrote, and I am trying to integrate a session script for PHPBB I found into it, Can someone help me with this, I cant figure out how to make it work as the session end is over my head. Ill list the 3 sections of code below. Thanks for any help. If it helps the session detection at the beginning works fine. This one (I found it on another site)
[php]

// Start session management
$userdata = session_pagestart($user_ip, PAGE_PROFILE);
init_userprefs($userdata);
// End session management
// session id check

if (!empty($HTTP_POST_VARS[‘sid’]) || !empty($HTTP_GET_VARS[‘sid’]))
{
$sid = (!empty($HTTP_POST_VARS[‘sid’])) ? $HTTP_POST_VARS[‘sid’] : $HTTP_GET_VARS[‘sid’];
}
else
{
$sid = ‘’;
}
//
[/php]

The Login Script
[php]

<?php define('IN_PHPBB', true); $phpbb_root_path = './forums/'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); include('PHPBB_Login.php'); mysql_connect("*****", "*****", "*****") or die(mysql_error()); mysql_select_db("*****") or die(mysql_error()); // Start session management $userdata = session_pagestart($user_ip, PAGE_PROFILE); init_userprefs($userdata); // End session management // session id check if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) { $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else { $sid = ''; } // if (isset($_POST['login'])) { if(!$_POST['username'] | !$_POST['password']) { die('You did not fill in a required field.'); } if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM phpbb_users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. Click Here to Register'); } while($info = mysql_fetch_array( $check )) { $_POST['username'] = stripslashes($_POST['username']); $_POST['password'] = stripslashes($_POST['password']); $info['user_password'] = stripslashes($info['user_password']); $info['username'] = stripslashes($info['username']); $_POST['password'] = md5($_POST['password']); if ($_POST['password'] != $info['user_password']) { echo "Incorrect password, please try again."; die; } else { if ($_POST['username'] == $info['username']) { //echo "Correct login"; // //!!!ENTER THE SESSION START HERE!!! ?>

Login Correct

<?php }

}
}
}
//
if ( $userdata[‘session_logged_in’] )
{
echo('Hi ’ . $userdata[‘username’] . ‘You are already logged in!’);
}
else
{
?>
Register


SLTrinkets
Member Login
Not Signed In.
Username
Password
 
<?php }

?>
[/php]

PHPBB_Login.php
[php]

<? /* * PHPBB_Login allows you to integrate your own login system * with phpBB. Meaning that you can have one login valid across * both your website and phpBB. * * To take full advantage of this PHPBB_Login class you just * need to modify your own login system to include a call * to the relevant methods in here. * * This system is reliant on the website username being exactly * the same as the phpBB username. To insure this, I recommend * disabling the ability to change usernames from within the * phpBB admin control panel. * * Distributed under the LGPL license: * http://www.gnu.org/licenses/lgpl.html * * Duncan Gough * 3rdSense.com * * Home http://www.suttree.com * Work http://www.3rdsense.com * Play! http://www.playaholics.com */ class PHPBB_Login { function PHPBB_Login() { } function login( $phpbb_user_id ) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; // Setup the phpbb environment and then // run through the phpbb login process // You may need to change the following line to reflect // your phpBB installation. require_once( './forum/config.php' ); define('IN_PHPBB',true); // You may need to change the following line to reflect // your phpBB installation. $phpbb_root_path = "./forum/"; require_once( $phpbb_root_path . "extension.inc" ); require_once( $phpbb_root_path . "common.php" ); return session_begin( $phpbb_user_id, $user_ip, PAGE_INDEX, FALSE, TRUE ); } function logout( $session_id, $phpbb_user_id ) { global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; // Setup the phpbb environment and then // run through the phpbb login process // You may need to change the following line to reflect // your phpBB installation. require_once( './forum/config.php' ); define('IN_PHPBB',true); // You may need to change the following line to reflect // your phpBB installation. $phpbb_root_path = "./forum/"; require_once( $phpbb_root_path . "extension.inc" ); require_once( $phpbb_root_path . "common.php" ); session_end( $session_id, $phpbb_user_id ); // session_end doesn't seem to get rid of these cookies, // so we'll do it here just in to make certain. setcookie( $board_config[ "cookie_name" ] . "_sid", "", time() - 3600, " " ); setcookie( $board_config[ "cookie_name" ] . "_mysql", "", time() - 3600, " " ); } } ?>

[/php]

The example logins given with session code
[php]

<? /* * These examples show you how to integrate the phpBB * login in and authentication system with your website. * * Since we quite like our login system and it's proven * itself to be very extensible, we don't want to replace * but we do want to have a universal login system for * both our website *and* the forum. * * To take full advantage of this PHPBB_Login class you'll * need to modify your own login system to include a call * to the relevant login or logout methods. * * This way, you can handle all of the website login as normal, * and also log the user into phpBB in the same step. * * This system is reliant on the website username being exactly * the same as the phpBB username. To insure this, I recommend * disabling the ability to change usernames from within the * phpBB admin control panel. * * Distributed under the LGPL license: * http://www.gnu.org/licenses/lgpl.html * * Duncan Gough * 3rdSense.com * * Home http://www.suttree.com * Work http://www.3rdsense.com * Play! http://www.playaholics.com */ /* Example 1: Logging in */ session_start(); /* First, login the user using your own login system, for example; */ $user = new User(); // username and password are implied here, // they will most likely be form variables $user->login( $username, $password ); // Then login the user to the forum $phpBB = new PHPBB_Login(); $phpbb->login( $user->id ); /* Example 2: Logging out */ session_id(); $user = new User(); /* First, logout the user from the forum */ $phpBB = new PHPBB_Login(); $phpbb->logout( session_id(), $user->id) ; /* Then logout the user from your own login system */ $user->logout( $user->id ); ?>

[/php]

have i undersood u right? u have a problem with copying and pasting 5 lines of code from the example to ur sctipt?

No, not quite, Copy and paste is fine, I have tried everything I can think of and it always gives me an error The most common is from $user = new User(); unless I make a User class it wont work and when I do it doesn’t work.

that class should be defined inside of extension.inc or common.php.

the code looks very old maybe phpBB has caged that name, or implemented the login totaly diffrent.

I will check into that. Thanks! Ill post any progress here Thanks

Here are the 2 files

extension.inc
[php]

<?php /*************************************************************************** * extension.inc * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group * email : [email protected] * * $Id: common.php,v 1.74.2.25 2006/05/26 17:46:59 grahamje Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ //if ( !defined('IN_PHPBB') ) //{ // die("Hacking attempt"); //} // error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // The following code (unsetting globals) // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files // PHP5 with register_long_arrays off? if (@phpversion() >= '5.0.0' && ([email protected]_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; $HTTP_SERVER_VARS = $_SERVER; $HTTP_COOKIE_VARS = $_COOKIE; $HTTP_ENV_VARS = $_ENV; $HTTP_POST_FILES = $_FILES; // _SESSION is the only superglobal which is conditionally set if (isset($_SESSION)) { $HTTP_SESSION_VARS = $_SESSION; } } // Protect against GLOBALS tricks //if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) //{ // die("Hacking attempt"); //} // Protect against HTTP_SESSION_VARS tricks //if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) //{ // die("Hacking attempt"); //} if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); // Not only will array_merge give a warning if a parameter // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); } // Merge all into one extremely huge array; unset // this later $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); unset($input['input']); unset($input['not_unset']); while (list($var,) = @each($input)) { if (in_array($var, $not_unset)) { die('Hacking attempt!'); } unset($$var); } unset($input); } // // addslashes to vars if magic_quotes_gpc is off // this is a security precaution to prevent someone // trying to break out of a SQL statement. // if( !get_magic_quotes_gpc() ) { if( is_array($HTTP_GET_VARS) ) { while( list($k, $v) = each($HTTP_GET_VARS) ) { if( is_array($HTTP_GET_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) { $HTTP_GET_VARS[$k][$k2] = addslashes($v2); } @reset($HTTP_GET_VARS[$k]); } else { $HTTP_GET_VARS[$k] = addslashes($v); } } @reset($HTTP_GET_VARS); } if( is_array($HTTP_POST_VARS) ) { while( list($k, $v) = each($HTTP_POST_VARS) ) { if( is_array($HTTP_POST_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) { $HTTP_POST_VARS[$k][$k2] = addslashes($v2); } @reset($HTTP_POST_VARS[$k]); } else { $HTTP_POST_VARS[$k] = addslashes($v); } } @reset($HTTP_POST_VARS); } if( is_array($HTTP_COOKIE_VARS) ) { while( list($k, $v) = each($HTTP_COOKIE_VARS) ) { if( is_array($HTTP_COOKIE_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ) { $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2); } @reset($HTTP_COOKIE_VARS[$k]); } else { $HTTP_COOKIE_VARS[$k] = addslashes($v); } } @reset($HTTP_COOKIE_VARS); } } // // Define some basic configuration arrays this also prevents // malicious rewriting of language and otherarray values via // URI params // $board_config = array(); $userdata = array(); $theme = array(); $images = array(); $lang = array(); $nav_links = array(); $dss_seeded = false; $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); exit; } include($phpbb_root_path . 'includes/constants.'.$phpEx); include($phpbb_root_path . 'includes/template.'.$phpEx); include($phpbb_root_path . 'includes/sessions.'.$phpEx); include($phpbb_root_path . 'includes/auth.'.$phpEx); include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); // We do not need this any longer, unset for safety purposes unset($dbpasswd); // // Obtain and encode users IP // // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as // private range IP's appearing instead of the guilty routable IP, tough, don't // even bother complaining ... go scream and shout at the idiots out there who feel // "clever" is doing harm rather than good ... karma is a great thing ... :) // $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); $user_ip = encode_ip($client_ip); // // Setup forum wide options, if this fails // then we output a CRITICAL_ERROR since // basic forum information is not available // $sql = "SELECT * FROM " . CONFIG_TABLE; if( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); } while ( $row = $db->sql_fetchrow($result) ) { $board_config[$row['config_name']] = $row['config_value']; } if (file_exists('install') || file_exists('contrib')) { message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); } // // Show 'Board is disabled' message if needed. // if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ) { message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); } ?>

[/php]

i know i sayd it has to be in one of them, but as the gile is including more files it has to bi in one of them:[php]include($phpbb_root_path . ‘includes/constants.’.$phpEx);
include($phpbb_root_path . ‘includes/template.’.$phpEx);
include($phpbb_root_path . ‘includes/sessions.’.$phpEx);
include($phpbb_root_path . ‘includes/auth.’.$phpEx);
include($phpbb_root_path . ‘includes/functions.’.$phpEx);
include($phpbb_root_path . ‘includes/db.’.$phpEx); [/php]

i would guess in auth. but i’m not sure.

Its next I already went trough the first 3. Thanks!

No class or function named users or login in any of those scripts, Perhaps your right and it went to an older version. Thanks

Sponsor our Newsletter | Privacy Policy | Terms of Service