Hi,
I am trying to integrate phpbbforum in my website. I have been successfull in adding the data of the user in the table of my website as well as my form user table.Now I am trying to make a single sign in for the user. It means that if the user sign in in my website the same session will be used for the forums also. I am trying to apply the logic with curl here is my code.

$post_data = $_POST;
$post_items = array();
foreach ( $post_data as $key => $value) {
    $post_items[] = $key . '=' . $value;
}
$post_string = implode ('&', $post_items);
$url = "http://example.com/forums/ucp.php?mode=login";
$ch = curl_init();

            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_HEADER, TRUE);
            curl_setopt($ch, CURLOPT_NOBODY, TRUE); // remove body
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
            $head = curl_exec($ch);
            $httpCode = curl_getinfo($ch);
            curl_close($ch); 
}

This is my response of the curl code executed

 Array
(
    [url] => http://example.com/forums/ucp.php?mode=login
    [content_type] => text/html; charset=UTF-8
    [http_code] => 200
    [header_size] => 634
    [request_size] => 86
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.123356
    [namelookup_time] => 0.000209
    [connect_time] => 0.000367
    [pretransfer_time] => 0.000377
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => 0
    [starttransfer_time] => 0.123264
    [redirect_time] => 0
    [certinfo] => Array
        (
        )

)

But it is not executing the code of login for forums.I am logged in my website but not in forums. Can anyonel help me that where I am wrong.Thanks in advance.

Recommended Answers

All 9 Replies

CURLOPT_NOBODY, TRUE executes a HEAD request, not a POST request.

So what should I use

Set NOBODY to False and add CURLOPT_POST, see here.

Nope,still no success I am using the following code now

$ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            //curl_setopt($ch, CURLOPT_HEADER, FALSE);
            curl_setopt($ch, CURLOPT_NOBODY, FALSE); // remove body
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            curl_setopt($ch, CURLOPT_POST,TRUE);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
            curl_setopt($ch, CURLOPT_FAILONERROR, true);
            $head = curl_exec($ch);
            $httpCode = curl_getinfo($ch);
            curl_close($ch); 

I have also echoed $head.It displays me the view of the login form of the forum but does no action.Can u help me where I am wrong.Thanks for replying

Are you sure that the login form does the post to itself? Perhaps you are using the wrong URL. Check the form's action attribute.

Yes it is redirecting to the same page the logic is here

case 'login':

        if ($user->data['is_registered'])
        {
            redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
        }


        login_box(request_var('redirect', "index.$phpEx"));
    break;

If it is the mcp file now if the user is logged in it will be redirected to the index page and if the user is not logged in it will go to the login_box function here is the code of login function

 function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
    global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;

    if (!class_exists('phpbb_captcha_factory'))
    {
        include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
    }

    $err = '';

    // Make sure user->setup() has been called
    if (empty($user->lang))
    {
        $user->setup();
    }

    // Print out error if user tries to authenticate as an administrator without having the privileges...
    if ($admin && !$auth->acl_get('a_'))
    {
        // Not authd
        // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
        if ($user->data['is_registered'])
        {
            add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
        }
        trigger_error('NO_AUTH_ADMIN');
    }

    if (isset($_POST['login']) OR (isset($_POST['action']) and $_POST['action']=='login'))
    {
        // Get credential
        if ($admin)
        {
            $credential = request_var('credential', '');

            if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32)
            {
                if ($user->data['is_registered'])
                {
                    add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                }
                trigger_error('NO_AUTH_ADMIN');
            }

            $password   = request_var('password_' . $credential, '', true);
        }
        else
        {
            $password   = request_var('password', '', true);
        }

        $username   = request_var('username', '', true);
        $autologin  = (!empty($_POST['autologin'])) ? true : false;
        $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
        $admin      = ($admin) ? 1 : 0;
        $viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline;

        // Check if the supplied username is equal to the one stored within the database if re-authenticating
        if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
        {
            // We log the attempt to use a different username...
            add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
            trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
        }

        // If authentication is successful we redirect user to previous page
        $result = $auth->login($username, $password, $autologin, $viewonline, $admin);

        // If admin authentication and login, we will log if it was a success or not...
        // We also break the operation on the first non-success login - it could be argued that the user already knows
        if ($admin)
        {
            if ($result['status'] == LOGIN_SUCCESS)
            {
                add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
            }
            else
            {
                // Only log the failed attempt if a real user tried to.
                // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
                if ($user->data['is_registered'])
                {
                    add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                }
            }
        }

        // The result parameter is always an array, holding the relevant information...
        if ($result['status'] == LOGIN_SUCCESS)
        {
            $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");
            $message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
            $l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx" || $redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);

            // append/replace SID (may change during the session for AOL users)
            $redirect = reapply_sid($redirect);

            // Special case... the user is effectively banned, but we allow founders to login
            if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER)
            {
                return;
            }

            $redirect = meta_refresh(3, $redirect);
            trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
        }

        // Something failed, determine what...
        if ($result['status'] == LOGIN_BREAK)
        {
            trigger_error($result['error_msg']);
        }

        // Special cases... determine
        switch ($result['status'])
        {
            case LOGIN_ERROR_ATTEMPTS:

                $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
                $captcha->init(CONFIRM_LOGIN);
                // $captcha->reset();

                $template->assign_vars(array(
                    'CAPTCHA_TEMPLATE'          => $captcha->get_template(),
                ));

                $err = $user->lang[$result['error_msg']];
            break;

            case LOGIN_ERROR_PASSWORD_CONVERT:
                $err = sprintf(
                    $user->lang[$result['error_msg']],
                    ($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
                    ($config['email_enable']) ? '</a>' : '',
                    ($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
                    ($config['board_contact']) ? '</a>' : ''
                );
            break;

            // Username, password, etc...
            default:
                $err = $user->lang[$result['error_msg']];

                // Assign admin contact to some error messages
                if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
                {
                    $err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
                }

            break;
        }
    }

    // Assign credential for username/password pair
    $credential = ($admin) ? md5(unique_id()) : false;

    $s_hidden_fields = array(
        'sid'       => $user->session_id,
    );

    if ($redirect)
    {
        $s_hidden_fields['redirect'] = $redirect;
    }

    if ($admin)
    {
        $s_hidden_fields['credential'] = $credential;
    }

    $s_hidden_fields = build_hidden_fields($s_hidden_fields);

    $template->assign_vars(array(
        'LOGIN_ERROR'       => $err,
        'LOGIN_EXPLAIN'     => $l_explain,

        'U_SEND_PASSWORD'       => ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
        'U_RESEND_ACTIVATION'   => ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
        'U_TERMS_USE'           => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
        'U_PRIVACY'             => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),

        'S_DISPLAY_FULL_LOGIN'  => ($s_display) ? true : false,
        'S_HIDDEN_FIELDS'       => $s_hidden_fields,

        'S_ADMIN_AUTH'          => $admin,
        'USERNAME'              => ($admin) ? $user->data['username'] : '',

        'USERNAME_CREDENTIAL'   => 'username',
        'PASSWORD_CREDENTIAL'   => ($admin) ? 'password_' . $credential : 'password',
    ));

    page_header($user->lang['LOGIN'], false);

    $template->set_filenames(array(
        'body' => 'login_body.html')
    );
    make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));

    page_footer();
}

Now I dont get why it is not logging in.

You are sending all variables needed? username, password, autologin and viewonline

No I am sending username,password and login.We dont need login and rememeber they are not mandatory

Have you tried with the COOKIEJAR or COOKIEFILE option?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.