Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Plugins and Code Hacks » Protector Scrit - use FUDForum as Central Login Manager
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Protector Scrit - use FUDForum as Central Login Manager [message #25098] Wed, 25 May 2005 10:28 Go to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3663
Registered: December 2004
Karma: 19
Senior Member
Core Developer
add to buddy list
ignore all messages by this user

If possible, I would like to write a "protector" script, that can be included into other PHP programs, that will prevent unauthenticated users from accessing these programs. It should do the following:

1. Check if the user is already logged in. If so, do nothing and allow the non-FUDForum program to continue.

2. If the user is NOT logged in, present the login template and allow the user to authenticate or register. When the user is authenticated, return to the calling (non-FUDForum) program.

A typical call should look something like this.

<?php include("../FUDForum/data/scripts/protector.php"?>

Any ideas or assistance in writing such a protector would be greatly appreciated!

Best regards.

Re: Protector Scrit - use FUDForum as Central Login Manager [message #25111 is a reply to message #25098] Wed, 25 May 2005 15:34 Go to previous message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
The only way I have been able to determine if a user is logged in without copying a few functions from FUDforum's index.php is to check their cookie age. I am not going to write the wrapper right now but I can later if you are unable to do so. Here is what you would need to do:

1) Read the cookie set by FUDforum to get the user's session id. If it does not exist the user is not logged in to the forum.
2) Query the "forum_ses" table (it will probably have a prefix) in the database like so -- `"SELECT user_id FROM {$dbprefix}forum_ses WHERE ses_id='$sid' AND user_id < '2000000000' AND time_sec>'".($time['sec'] - 604800)."'"`. If you get a result then the user is logged in; if you get zero results then the user is not logged in.
3) If the user is not logged in then present them with a username and password form. Use the persons 'user_id' from the previous query to authenticate them. The password is stored as an MD5 hash. If the authentication succeeds, use external_fud_login() from scripts/forum_login.php to log the user in to the forum.

Here is a query to authenticate the user:
`"SELECT login FROM {$dbprefix}forum_users WHERE id = '$user_id' AND uname = '$uname' AND password = MD5('$passwd')"`

[Updated on: Wed, 25 May 2005 15:43]

Report message to a moderator

Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Admin Members List
Next Topic: simple mail wrapper for qmail+mailman+fudforum
Goto Forum:

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Jul 19 13:38:56 EDT 2018

Total time taken to generate the page: 0.00697 seconds