Instead of having two logins to your site, it would be far easier and more efficient to use phpBB's sessions systems. It would also be easier and more secure for your users. You will also be able to use stuff like the permissions system and the templates system if you wish. In this article, I will explain how you can integrate the phpBB session into your website.
First, you will need to add this to the top of every page you want to use with phpBB's sessions:
<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
If you wish to include a language file, replace $user->setup(); with $user->setup('mods/yourpage');. This will include language/yourlang/mods/yourpage.php automatically and add it to the $user->lang array. Obviously, language files are only useful if your website is in more than one language, but it might be worth using it anyway - it gives you the option to expand your site in the future if required.
The $user->data array
$user->data contains all information about the user currently stored in the phpbb_users table (including the password - be careful). For example, a print_r of the array returns the following on my localhost install:
Array
(
[user_id] => 2
[user_type] => 3
[group_id] => 5
[user_permissions] => zik0zjzik0zjzik0yo
i1cjyo000000
zik0zjzhb2tc
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
i1cjyo000000
[user_perm_from] => 0
[user_ip] => ::1
[user_regdate] => 1302370816
[username] => Callum
[username_clean] => callum
[user_password] => $H$9CzcNAWt7iLZKDfYPhTJTEnWGBZVTV.
[user_passchg] => 1302370881
[user_pass_convert] => 0
[user_email] => callum@lynxphp.com
[user_email_hash] => 216925083818
[user_birthday] => 19- 5- 0
[user_lastvisit] => 1302370859
[user_lastmark] => 0
[user_lastpost_time] => 1302370975
[user_lastpage] => ucp.php?i=profile&mode=reg_details
[user_last_confirm_key] =>
[user_last_search] => 0
[user_warnings] => 0
[user_last_warning] => 0
[user_login_attempts] => 0
[user_inactive_reason] => 0
[user_inactive_time] => 0
[user_posts] => 1
[user_lang] => en
[user_timezone] => 0.00
[user_dst] => 0
[user_dateformat] => D M d, Y g:i a
[user_style] => 1
[user_rank] => 1
[user_colour] => AA0000
[user_new_privmsg] => 0
[user_unread_privmsg] => 1
[user_last_privmsg] => 1302370975
[user_message_rules] => 0
[user_full_folder] => -3
[user_emailtime] => 0
[user_topic_show_days] => 0
[user_topic_sortby_type] => t
[user_topic_sortby_dir] => d
[user_post_show_days] => 0
[user_post_sortby_type] => t
[user_post_sortby_dir] => a
[user_notify] => 0
[user_notify_pm] => 1
[user_notify_type] => 0
[user_allow_pm] => 1
[user_allow_viewonline] => 1
[user_allow_viewemail] => 1
[user_allow_massemail] => 1
[user_options] => 230269
[user_avatar] =>
[user_avatar_type] => 0
[user_avatar_width] => 0
[user_avatar_height] => 0
[user_sig] => Hello world!
[user_sig_bbcode_uid] => 3uemv9wm
[user_sig_bbcode_bitfield] =>
[user_from] => England
[user_icq] =>
[user_aim] =>
[user_yim] => dontmessageme
[user_msnm] => callumacrae@donotwant.spam
[user_jabber] =>
[user_website] => http://lynxphp.com/
[user_occ] =>
[user_interests] =>
[user_actkey] =>
[user_newpasswd] =>
[user_form_salt] => d60d1c2b19803efa
[user_new] => 1
[user_reminded] => 0
[user_reminded_time] => 0
[session_id] => bd4bc099bef6f9e2a6c88d16a0538bf9
[session_user_id] => 2
[session_forum_id] => 0
[session_last_visit] => 1302370817
[session_start] => 1302370817
[session_time] => 1302371092
[session_ip] => ::1
[session_browser] => Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-gb) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
[session_forwarded_for] =>
[session_page] => ucp.php?i=176
[session_viewonline] => 1
[session_autologin] => 0
[session_admin] => 1
[is_registered] => 1
[is_bot] =>
)
It should be fairly obvious what each item is. Everything prefixed with user_ is from the user table (hence why stuff like user_password is there).
Checking whether the user is logged in
The following code will check whether the user is logged in:
<?php
if ($user->data['user_id'] == ANONYMOUS) {
// Not logged in
} else {
// Logged in
}
For example, if we wanted to make a page members-only:
<?php
if ($user->data['user_id'] == ANONYMOUS) {
trigger_error('You must be logged in to access this page', E_USER_ERROR);
}
That's all there is to it. If you want to know more about this, or how to use stuff like the language, permissions, or template system, either check out the phpBB wiki or leave a comment asking me to write an article about it.
Thanks for reading!
Comments
Hello, nice guide! It really helped me develop a recruitment application for my clan's phpBB3 forum. Would you know how to handle a php argument where someone has multiple "group_id" fields?
Here is my basic statement which doesn't seem to work since most of my users are on multiple groups (for good reason):
Well I slightly figured out my own problem, but it doesn’t completely solve the issue.
It turns out that the users DEFAULT group is the “group_id”, still any thoughts would be amazing!
group_idis their default group, you will have to do an SQL query to get the rest of them:To get the group names, you can use a join.
What’s the major differences between username and username_clean?
username_clean is literally just a cleaned version of username - it removes all special characters and changes it to lowercase. It has a few useful functions:
It's useful for ordering with, as MySQL will return A-Z before a-z, which is obviously incorrect. If you're writing an SEO modification, "/member/Valid 'Username" obviously isn't a valid URL, so we would use the clean username instead - "/member/validusername". It's also a lot easier to work with, as you don't have to escape it as it cannot contain special characters. For example, in a WHERE, instead of using:
We can use:
Those function don't actually exist btw, the code above is just demonstrating how it works :)
and someone knows, how to save own variables temporarily in the session or knows a good tutorial ?
They’re already in the session :/
How to get the $user->data array? Do I simply do a SQL select from the corresponding PHPBB database table?
If you’ve got access to the phpBB session (by putting the code at the beginning of the article at the top of every page), then the $user->data array is already initialised.
When I was still using phpBB for my session management, I actually extracted some parts of it (like the session class) and trimmed it to the basics, since doing
actually loads the whole phpBB environment and chances are you won’t need it (and don’t want those additional queries). For checking whether the user is logged in I simply used to do:
instead of checking for the user id, since checking the user_id would treat bots as logged in users.
GitHub it? :-D
Hello,
Thank you so much for this post, and I have 2 questions…
1) If I have a site with 30000 users already in it. How do I now add the forum and use this login? Should I use 2 logins?
2) I have to create a new website… should I create a new form for the users to register or register the new users using the phpbb registration form and use the login box from phpbb as my website login and add the necessary custom fields to the phpbb users table?
Thank you in advance, Mohamed
I meant in the 2nd questions. Should I use 2 tables? My own and also copy the registration info manually to the phpbb table?
1) Same way as you would with a small board – read the article :–D The article explains how you can use the phpBB logins for the rest of the site, meaning that you would only have to have one login.
2) Use the phpBB registration system, and use the phpBB user data on your website instead of having the two logins.
Hi I want when user register on my site, then he/she automatically register to phpBB forum and their is no need of registration on phpBB forum. How should I do this ?
This article is about using the phpBB login in the rest of your site, instead of having two logins. I would recommend using the phpBB login on your whole site, instead of having two logins (hence the article – read it so you know how).