A bunch of MODX Revolution and phpBB forum

updated 6 November 2012.
In the previous version was not done very well and were popping out the stones from under the water.
updated 7 November 2012.
minor bug fixed
updated 13 November 2012.
corrected the file /forum/includes/auth/auth_modx.php:

Version of phpBB: 3.0.11
Version MODX: 2.2.5-pl

Folder /
Folder forum: /forum

The database I have different, but you one to use, like everything should be the way.

Authorization occurs almost entirely on the side of MODX. The forum creates a backup of MODX users, but their data is automatically updated from MODX.


the Plugin authorization phpBB


For authorization on the forum is using the "plugin authorization", briefly about them.

To use the plug-in authorization, you have:

1. To come up with the name of the plug-in authorization, for example: modx
2. Create the file /forum/includes/auth/auth_modx.php (the file name suffix (modx) == plugin name)
3. In the file /forum/includes/auth/auth_modx.php must be at least one function login_modx (suffix == plugin name)
4. Disable registration on the forum: GENERAL - > user Registration - > Disable check
5. In the admin panel of the forum: GENERAL -> Authentication -> select from the list Modx

Code /file forum/includes/auth/auth_modx.php:
<?php

# /forum/includes/auth/auth_modx.php

if (!defined('IN_PHPBB')){
exit;
}

/**
* returns information about the current user
*/
function get_user_data(){

// Plug-in
define('MODX_API_MODE', true);
require dirname(dirname(dirname(dirname(__FILE__)))) . '/index.php'; // my forum is in /forum

// MODX redirects to your obrabotki errors, and forum messages are displayed crooked,
// so we need to assign back the  error  handler on a forum:
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');

// get user
if($modx->user->get('id') != 0){ // If not anonimous
$result['username'] = $modx->user->get('username');
$profile = $modx->user->getOne('Profile');
$result['user_email'] = $profile->get('email');
$fields = $profile->get('extended');
$result['user_from'] = (string) $fields['region']; // If the field is empty, it returns NULL and in the database of the forum may not be NULL
// Here you can add other profile fields, for example:
// $result['имя_столбца_в_БД_форума_в_таблице_иѕегѕ'] = Значение_поля_из_БД_modx;
// All the fields listed here are checked, and if changed in MODX, and change on the forum,
// example: Changed the user in MODX extended field region, is automatically changed in the database forum field user_from
// autorefresh occurs in a function validate_session_modx (below)
}

return $result;
}

/**
* Responsible for the authorisation.
*/
login_modx function(){

$auth = get_user_data();

// if authorization is not possible
if (!is_array($auth) || empty($auth))
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'ACCESS_DIRECTLY_DENIDED',
'user_row' => array('user_id' = > ANONYMOUS),
);
}

global $db;
$sql = 'SELECT user_id, username, user_password, user_email, user_from, user_type
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($auth['username'])) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

if ($row){

foreach($auth as $auK => $auV){
if($row[$auK] != $auV){ // If user field is not equal to  form  field from a modx (at least one)
// Do UPDATE
unset($auth['username']);
$sql = "UPDATE" . USERS_TABLE . "SET" . $db->sql_build_array('UPDATE', $auth) .
"WHERE user_id = '" . $db->sql_escape($row['user_id']) . "'";
$db->sql_query($sql);
break;
}
}

$res = array(
'status' = > LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => array(
'user_id' => $row['user_id'],
'username' => $row['username'], // Display name of the user
'user_email' => $row['user_email'], // user's E-mail if there is
'user_from' => $row['user_from'],
'user_type' => 0,
'group_id' => 2
)
);
return $res;
}

// To inform that the authorization was successful.
$res = array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => array(
"username" => $auth['username'], // Display name of the user
"user_email" = > $auth['user_email'], // user's E-mail if there is
"user_from" => $auth['user_from'],
"user_type" => 0,

),
);
return $res;

}

/**
* Responsible for registration and authorization of user at the first visit.
*/
autologin_modx function(){
$user_row = login_modx();
// if the user is not registered
if ($user_row['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
{
global $phpbb_root_path, $phpEx;
if (!function_exists('user_add'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$user_row['user_row']['user_id'] = user_add($user_row['user_row']);
}
// return user data
global $db;
$sql = 'SELECT * FROM' . USERS_TABLE . "WHERE user_id = '" . $db->sql_escape($user_row['user_row']['user_id']) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
return $row;
}

logout_modx function(){
// Connect modx API
define('MODX_API_MODE', true);
require dirname(dirname(dirname(dirname(__FILE__)))) . '/index.php';
$modx- > getService('error','error.modError');
$modx- > runProcessor('/security/logout');
//$modx- > cacheManager- > refresh();
}

validate_session_modx function($locUser){
$auth = get_user_data();

if($locUser['username'] == 'Anonymous'){
if($auth){
return false;
}else{
return true;
}
}else{
// Take user of modx, and if it is empty, then go on the forum
if(!$auth){
// Log out from forum
global $user;
$user->session_kill();
$user->session_begin();
}elseif(($auth['username'] != $locUser['username'])){
return false;
}
return true;
}
}
?>


Admin forum


Because the authorization almost entirely occurs on the side of MODX, the forum admin (the username admin) must be registered in MODX.

Now, let's say we have user admin in MODX, and have forum admin with same name admin.
The problem is that the forum administrator needs to confirm your password that can not check, because the authorization we have in MODX, instead of through the database of the forum.

image

So disable additional verification of the password of the administrator of the forum:
In file: /forum/adm/index.php
the 
// Have they authenticated (again) as an admin for this session?
if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
{
login_box(", $user- > lang['LOGIN_ADMIN_CONFIRM'], $user- > lang['LOGIN_ADMIN_SUCCESS'], true, false);
}

Change to:
the 
// Have they authenticated (again) as an admin for this session?
//if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
//{
// login_box(", $user- > lang['LOGIN_ADMIN_CONFIRM'], $user- > lang['LOGIN_ADMIN_SUCCESS'], true, false);
//}

After:
the 
if (!$auth->acl_get('a_'))
{
trigger_error('NO_ADMIN');
}

To add the line:
the 
$user- > data['session_admin'] = 1;

Login password recovery


In the file /forum/ucp.php, log in at the same time on the website and the forum using the login form on the forum:
Between case 'login': and break; (inclusive):
the 
 case 'login':
define('MODX_API_MODE', true);
require dirname(dirname(__FILE__)) . '/index.php';
$modx- > getService('error','error.modError');
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');

if($_REQUEST["username"] and $_REQUEST["password"]){
$data = array(
'username' => $_REQUEST["username"],
'password' => $_REQUEST["password"],
'rememberme' => 1,
'login_context' => 'web',
);
$response = $modx- > runProcessor('/security/login', $data);
if ($response->isError()) {
trigger_error($response->getMessage());
}
}

if ($user- > data['is_registered'])
{
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}

login_box(request_var('redirect', "index.$phpEx"));
break;

Even if the user was not in the database forum, it is automatically created.

Below the link "Forgot password?" on the forum, got to the password recovery page of MODX (/forum/ucp.php):

the 
 case 'sendpassword':
define('MODX_API_MODE', true);
require dirname(dirname(__FILE__)) . '/index.php';
$modx- > getService('error','error.modError');
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
$modx- > sendRedirect($modx- > makeUrl(865,",",'full')); // where the 865 is the ID of the MODX resource with a password reset form
break;

The article, which was taken as a basis:
Integration users of the site and forum on phpbb 3
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Automatically create Liquibase migrations for PostgreSQL

Изображение
Working with Liquibase always brings confidence in the fact that the database objects are in the same condition in which you want it. It is this confidence and makes system migrations so popular databases. Today I want to tell you how to make using liquibase a bit easier. If you write a migration by hand, and your target database is PostgreSQL, then read this article, I am sure, the time spent on reading the article will be repaid with interest. I hope you already know how to work with Liquibase, so only two words describe how the system works. In order to make changes in the database, you need to create a migration file (changeset) that you need to specify in the file change log (changelog), after which the migration can be successfully applied to the target database. Undeniable and obvious benefit of this approach is the ability to rollback the changes. In my opinion, liquibase, there is only one drawback — the automatic rollback of changes only works only if the mi
Далее...

Vkontakte sync with address book for iPhone. How it was done

Изображение
the Background application on androidphone when you install the application Vkontakte is possible to use it as a provider of contacts to synchronize the contacts from Facebook with contacts in your address book. In this case stretches the avatar, date of birth, address, phone numbers, etc. When I after prolonged use HTC Wildfire S rated and are so used to this that he wanted to find a similar to the iPhone. Not found, so we took it and made his own — Synchronizer VKontakte :) It was back in November of last year. The application was done fairly quickly — it uses quite a few functions of Vkontakte API and functionality with the address book of the iPhone. But when we started to deal with the automatic matching of contacts, it was fun. Compare head-on by name, last name and phone number was easy to do, easy, and worked through it quickly. But found only 20 percent of coincidences of the contacts from what is provider in Android. Of course, only direct hits do not sui
Далее...

What part of the archived web

Изображение
/ > the time Machine Internet Archive is the largest and well-known archive that preserves web pages since 1995. Besides him there are a dozen other services, which are also archived to the web: the indexes of search engines and industry-specific archives like Archive-It , UK Web Archive , Cite Web , ArchiefWeb , Diigo . Interesting to know how many web pages gets into these files, relative to the total number of documents in the Internet? It is known that the base of the Internet Archive for 2011 contains more than 2.7 billion URIs , many of them in multiple copies taken at different points in time. For example, the home page of Habra "photographed" already 518 times since July 3, 2006 . It is also known that the base reference Google five years ago overstepped the mark in trillion unique URLS , although many of the documents were duplicated. Google is not able to perform all URLS, so the company decided to count the number of documents in the Internet a
Далее...