Stupid phpbb3 integration with any site
Consider the standard task - on the site with existing users you need to add a forum. In this case, do not write the new module yourself, but put a ready-made popular solution like phpbb3 and synchronize the registration / authorization / user profiles of the site with the forum. It is minimally necessary that site users become forum users, and that an authorized site user automatically becomes an authorized forum user and vice versa, as well as synchronization takes place when a profile is changed.
The network has plugins to synchronize phpbb and wordpress ( WP-United ) and universal manuals ( 1 , 2 ), but the latter usually begin with the words “copy these ... twenty functions from functions.php" and "insert into these 3 tables here such data. "
Another integration method is to start using user tables and methods for them from phpbb on the rest of the site, but this usually requires significant system modifications.
')
I'll tell you about my method, which is slower than usual, but it requires minimal changes to the site and forum files (10 lines each to connect a file with a 5kb synchronizer class).
There is simply no place. We log in on the site - if successful, we make the corresponding request to the forum and put cookies in the answer. Everything. It remains to spy on the necessary requests (using firebug or LiveHTTPHeaders) and find places for inclusions.
The synchronizer consists of two files: site-> forum (included in the site files) and forum-> site (included in phpbb). They contain the static ForumSync and SiteSync classes, respectively. Each class has 2 public methods: checkToken and sync.
For my site site synchronizer-> forum - forumsync.class.php, forum-> site - functions_sitesync.php. These files, as well as the files that need to be changed, are posted here . The req class is also used to perform a series of queries; it lies here .
1. In many forms, phpbb adds the creation_time and form_token security variables. Their check is in forum / includes / functions.php-> check_form_key (), and it should be turned off when a synchronizer is requested. In the synchronizer class, we define the secret key, I have this
and at the beginning of check_form_key we add a check for compliance with a certain $ _REQUEST [sync_token] variable (the check is done in the SiteSync :: checkToken () method).
2. To avoid looping (a login on the site requests a login on the forum that requests a login on the site, etc.), before sending the request, we will check SiteSync :: checkToken (), if it exists, then this request is made by the synchronizer, and the synchronization is not started again need to.
Each site has its own, so I will describe only the changes that need to be made in phpbb files. This is not an exhaustive step by step guide, but only a general principle. Classes ForumSync and SiteSync still need to be changed individually for each site.
Registration: for simplicity, turn off the registration of users on phpbb (through the admin area). Registration will be only on the site. If the registration is successful, we will call ForumSync :: sync ("signup"). In phpbb, we allow registration for the synchronizer; to do this, change the line at the beginning of forum / includes / ucp / ucp_register.php-> ucp_register-> main () (where is the check for USER_ACTIVATION_DISABLE):
In addition, it would be nice to get the id of the new user. In the html-code of the page, given in case of successful registration, the user id is not specified anywhere. Therefore, below the line $ user_id = user_add (...) we add
Authorization: to synchronize the site-> forum in phpbb you do not need to change anything. For feedback, in forum / functions.php in login_box after login (check on LOGIN_SUCCESS) add
Output: to synchronize the forum-> site in forum / ucp.php case 'logout': add the line
Change password and profile: individually, depends on what information in which tables the user profiles on the site. And what are the forms of profile editing. The necessary actions are located in forum / includes / ucp / ucp_profile.php-> ucp_profile-> main (), at the end of the corresponding cases you need to add SiteSync :: sync.
The main disadvantage is the lack of transactions and at least a primitive api. Any errors that occur when the synchronizer requests to phpbb, have to look in the html-code. They depend on localization.
Transactions are supported in my system, but I did not find a standard mechanism in phpbb. If, for example, on a website the minimum password length is 6 and phpbb is 5, and the user enters a 5-character password in phpbb, phpbb changes the password, the site gives an error. It is necessary to roll back, but this is not only “add one line”. So far, my system breaks off in such cases, so I carefully followed the requirements for all synchronized fields to match.
The network has plugins to synchronize phpbb and wordpress ( WP-United ) and universal manuals ( 1 , 2 ), but the latter usually begin with the words “copy these ... twenty functions from functions.php" and "insert into these 3 tables here such data. "
Another integration method is to start using user tables and methods for them from phpbb on the rest of the site, but this usually requires significant system modifications.
')
I'll tell you about my method, which is slower than usual, but it requires minimal changes to the site and forum files (10 lines each to connect a file with a 5kb synchronizer class).
Idea
There is simply no place. We log in on the site - if successful, we make the corresponding request to the forum and put cookies in the answer. Everything. It remains to spy on the necessary requests (using firebug or LiveHTTPHeaders) and find places for inclusions.
The synchronizer consists of two files: site-> forum (included in the site files) and forum-> site (included in phpbb). They contain the static ForumSync and SiteSync classes, respectively. Each class has 2 public methods: checkToken and sync.
For my site site synchronizer-> forum - forumsync.class.php, forum-> site - functions_sitesync.php. These files, as well as the files that need to be changed, are posted here . The req class is also used to perform a series of queries; it lies here .
Subtleties
1. In many forms, phpbb adds the creation_time and form_token security variables. Their check is in forum / includes / functions.php-> check_form_key (), and it should be turned off when a synchronizer is requested. In the synchronizer class, we define the secret key, I have this
md5("lala".date("Ymd"))
and at the beginning of check_form_key we add a check for compliance with a certain $ _REQUEST [sync_token] variable (the check is done in the SiteSync :: checkToken () method).
2. To avoid looping (a login on the site requests a login on the forum that requests a login on the site, etc.), before sending the request, we will check SiteSync :: checkToken (), if it exists, then this request is made by the synchronizer, and the synchronization is not started again need to.
Details
Each site has its own, so I will describe only the changes that need to be made in phpbb files. This is not an exhaustive step by step guide, but only a general principle. Classes ForumSync and SiteSync still need to be changed individually for each site.
Registration: for simplicity, turn off the registration of users on phpbb (through the admin area). Registration will be only on the site. If the registration is successful, we will call ForumSync :: sync ("signup"). In phpbb, we allow registration for the synchronizer; to do this, change the line at the beginning of forum / includes / ucp / ucp_register.php-> ucp_register-> main () (where is the check for USER_ACTIVATION_DISABLE):
if ($config['require_activation'] == USER_ACTIVATION_DISABLE && !SiteSync::checkToken())
trigger_error('UCP_REGISTER_DISABLE');
In addition, it would be nice to get the id of the new user. In the html-code of the page, given in case of successful registration, the user id is not specified anywhere. Therefore, below the line $ user_id = user_add (...) we add
if (SiteSync::checkToken()) { echo "<!-- PHPBB_SYNC[user_id=$user_id] -->\n"; }
Authorization: to synchronize the site-> forum in phpbb you do not need to change anything. For feedback, in forum / functions.php in login_box after login (check on LOGIN_SUCCESS) add
SiteSync::sync("signin",array("username"=>$username,"password"=>$password,"autologin"=>$autologin)).
Output: to synchronize the forum-> site in forum / ucp.php case 'logout': add the line
SiteSync::sync("signout").Change password and profile: individually, depends on what information in which tables the user profiles on the site. And what are the forms of profile editing. The necessary actions are located in forum / includes / ucp / ucp_profile.php-> ucp_profile-> main (), at the end of the corresponding cases you need to add SiteSync :: sync.
Weak sides
The main disadvantage is the lack of transactions and at least a primitive api. Any errors that occur when the synchronizer requests to phpbb, have to look in the html-code. They depend on localization.
Transactions are supported in my system, but I did not find a standard mechanism in phpbb. If, for example, on a website the minimum password length is 6 and phpbb is 5, and the user enters a 5-character password in phpbb, phpbb changes the password, the site gives an error. It is necessary to roll back, but this is not only “add one line”. So far, my system breaks off in such cases, so I carefully followed the requirements for all synchronized fields to match.
Source: https://habr.com/ru/post/109116/
All Articles