[dado]

Hello everybody,

I'm trying to create a site with Yii which need to have a forum and i choose phpBB3.
I spent the last 2 days looking for a solution in order to use the same login and password for both, now i'm able to login from Yii with the user and password from the forum but i'm stucked here.
Now the question is, how i can share the same cookie from Yii to phpBB3 and viceversa?
I read some thread where was suggested to work with cookie and session value of Yii but i don't know how i can handle it, could please someone walk me through it?

Thanks,
Dado.

[Artificial]

You're going to need to look at how phpbb3 authenticates users and then migrate that code over to Yii. It should be fairly straightforward provided both the forum and your Yii application are hosted on the same domain.

Though, you do present an interesting dilemma - your Yii powered application now relies on phpbb3 methodology to authenticate and manage users, which I personally have a bit of an issue with I dislike the idea of modelling your website's code and functionality around a piece of 3rd party software, particularly if it's only a small extension of the site. I analysed possible solutions a couple of months ago, and decided to just write my ow in Yii - http://mixxi.com/forum (still WIP).

[dado]

I understand your dilemma but i'm forced to use phpBB3...
I thing i understand how i can handle this, phpBB3 store a cookie called "cookie-name"_sid which contain a string of character that is the session id, this string is also stored under the table `phpbb_sessions'.

I can read and modify this table, so my idea is the follow:

On site load check if there is an identity with the same sid stored inside the cookie (if present) under the table `phpbb_sessions', if yes user_id is identified.
If there's no sid stored you need to login, so on login create a sid with the assocated user_id inside table `phpbb_sessions' and also create a cookie.

I know this could be a forced solution but is the best i have found

How i can procede to translate this into a code?

Thanks,
Dado.

[tackle]

Dado, that solution sounds about right.

I'm currently implementing phpBB and Yii together. I'm building a site which will use the forum part (phpBB) as the login handling, so I'll only check for that cookie. I'll post a code example (or perhaps extension) for this later.

If you can live with having phpBB handling the login/logout part, you don't have to write your own cookies from Yii. That way, it's almost solved already!

Edit:

Here's a filter I'm using to auth my forum.domain.com vs my Yii site at www.domain.com.

AuthFilter.php:

<?php

class AuthFilter extends CFilter
{
    protected function preFilter($filterChain)
    {
    	$errorCode = 0;
		if(isset($_COOKIE['phpbb3_127vf_sid']) && isset($_COOKIE['phpbb3_127vf_u']))
		{
			$user = Yii::app()->db->createCommand()
			    ->select('user_id, username')
			    ->from('phpbb_users')
			    ->where('user_id=:id', array(':id'=>$_COOKIE['phpbb3_127vf_u']))
			    ->queryRow();
			$liveSession = Yii::app()->db->createCommand()
				->select('session_id,session_user_id')
				->from('phpbb_sessions')
				->where('session_id=:id', array(':id'=>$_COOKIE['phpbb3_127vf_sid']))
				->queryRow();
				
			if($liveSession['session_user_id'] == $user['user_id'] && $user['user_id'] != 1)
			{
				$errorCode=0;
			} else {
				$errorCode=1;
			}
			
		} else {
			$errorCode=1;
		}
		
		if($errorCode>0)
		{
			Yii::app()->getRequest()->redirect('/index.php?r=site/pleaselogin');
		} else {
			$filterChain->run();
		}
    }
 
}

As you can see it's extremely barebone and perhaps not secure, but it should get you started.
I'm not kidding, the code might actually be a bit confusing with all the errorCode stuff and whatnot that makes no sense.
If I put up something cleaner I'll report back.

[dado]

Thank you tackle, i don't even consider the possibility to create a filter
Actually now i'm working on a component that is an extension of CDbHttpSession and i'm closer to a final solution!

[itachi]

tackle, on 07 March 2012 - 04:19 PM, said:

Dado, that solution sounds about right.

I'm currently implementing phpBB and Yii together. I'm building a site which will use the forum part (phpBB) as the login handling, so I'll only check for that cookie. I'll post a code example (or perhaps extension) for this later.

If you can live with having phpBB handling the login/logout part, you don't have to write your own cookies from Yii. That way, it's almost solved already!

Edit:

Here's a filter I'm using to auth my forum.domain.com vs my Yii site at www.domain.com.

AuthFilter.php:

<?php

class AuthFilter extends CFilter
{
    protected function preFilter($filterChain)
    {
    	$errorCode = 0;
		if(isset($_COOKIE['phpbb3_127vf_sid']) && isset($_COOKIE['phpbb3_127vf_u']))
		{
			$user = Yii::app()->db->createCommand()
			    ->select('user_id, username')
			    ->from('phpbb_users')
			    ->where('user_id=:id', array(':id'=>$_COOKIE['phpbb3_127vf_u']))
			    ->queryRow();
			$liveSession = Yii::app()->db->createCommand()
				->select('session_id,session_user_id')
				->from('phpbb_sessions')
				->where('session_id=:id', array(':id'=>$_COOKIE['phpbb3_127vf_sid']))
				->queryRow();
				
			if($liveSession['session_user_id'] == $user['user_id'] && $user['user_id'] != 1)
			{
				$errorCode=0;
			} else {
				$errorCode=1;
			}
			
		} else {
			$errorCode=1;
		}
		
		if($errorCode>0)
		{
			Yii::app()->getRequest()->redirect('/index.php?r=site/pleaselogin');
		} else {
			$filterChain->run();
		}
    }
 
}

As you can see it's extremely barebone and perhaps not secure, but it should get you started.
I'm not kidding, the code might actually be a bit confusing with all the errorCode stuff and whatnot that makes no sense.
If I put up something cleaner I'll report back.

Actually there is an easier way to it. Phpbb also provides an api. None the less, without a filter, here's the approach.


in index.php of yii, right the following at the very top

<?php

define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './PHPBB3/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
$config_new = $config;

?>

as Yii has its own $config variable, its better to assign phpbbs $config to something else before Yii overwrites it. (it comes very handy if you use the api).



in the controller:

<?php

public function actionTest(){
    global $user;

    print_r($user->data);// will give you all the data associated with the logged in user or ANNONYMUS
}

?>

Here's what $user->data array contains:

user_id
user_type
group_id
user_permissions
user_perm_from
user_ip
user_regdate
username
username_clean
user_password
user_passchg
user_pass_convert
user_email
user_email_hash
user_birthday
user_lastvisit
user_lastmark
user_lastpost_time
user_lastpage
user_last_confirm_key
user_last_search
user_warnings
user_last_warning
user_login_attempts
user_inactive_reason
user_inactive_time
user_posts
user_lang
user_timezone
user_dst
user_dateformat
user_style
user_rank
user_colour
user_new_privmsg
user_unread_privmsg
user_last_privmsg
user_message_rules
user_full_folder
user_emailtime
user_topic_show_days
user_topic_sortby_type
user_topic_sortby_dir
user_post_show_days
user_post_sortby_type
user_post_sortby_dir
user_notify
user_notify_pm
user_notify_type
user_allow_pm
user_allow_viewonline
user_allow_viewemail
user_allow_massemail
user_options
user_avatar
user_avatar_type
user_avatar_width
user_avatar_height
user_sig
user_sig_bbcode_uid
user_sig_bbcode_bitfield
user_from
user_icq
user_aim
user_yim
user_msnm
user_jabber
user_website
user_occ
user_interests
user_actkey
user_newpasswd
user_form_salt
user_new
user_reminded
user_reminded_time
session_id
session_user_id
session_forum_id
session_last_visit
session_start
session_time
session_ip
session_browser
session_forwarded_for
session_page
session_viewonline
session_autologin
session_admin
is_registered
is_bot

Use the options as for your needs. (I am not fan of this global keyword but it is a easier solution)

I am only stucked in login part. The auth class in phpbb handles the main login procedure but it creates errors on including fils. I am a bit new to yii. How yii inclues files with what reference? Controller? Yiibase? I tried to use absolute path but even then it fails. If someone can point some direction on this, my own login is done.

[dizanu83]

Bump for justice!

[dado]

Hello guys, sorry if i'm not really present but i was a bit busy..
Anyway, i try your solution Itachi, if i understood correctly when i login from the forum i should get the user data inside $user->data varibale but i always get the user anonymous data not the user i logged in.

Thanks,
Dado.