Reusing PHPBB’s Authentication System
Question:
What’s the easiest way to let a custom application re-use accounts from a PHPBB installation?
Answer:
The first thing that occurred to me was that I’d have to look over the PHPBB user tables, connect to mysql, and read the user’s password (which I assume is hashed) to do the authentication. The second idea I had was to write a proxy service in PHP that I could call from my custom app.
Both of those options seemed like an awful pain in the butt. Then I had an epiphany, if you take a look at the ideals behind REST services, one could reason that PHPBB already exposes a REST service for logging in.
What if I simply used the already exposed HTML form as a sort of pseudo web service?
Making HTTP posts with C# is pretty easy, but I didn’t want to try to remember what the syntax was for the API; So I did a quick search online and found a nice little class that makes it really easy:
http://geekswithblogs.net/rakker/archive/2006/04/21/76044.aspx
With this class in hand, I used FireBug while logging in to the PHPBB and inspected the post variables. Easy, there were only four variables posted:
- autologin=on
- login=Login
- username=[My Username]
- password=[My Password]
I grabbed the URL it was posting to and added the variables (see the example below). Once I get the result back, a simple regular expression parses through the HTML and figures out if the login was successful or not. The result worked surprisingly well … the method below takes a username, password, and url. The URL will look something like this:
http://mywebsite.com/forum/ucp.php?mode=login&sid=9cd8b8da2649060b9d22d297f27a1dc7
private static bool Authenticate(string username, string password, string url)
{
PostSubmitter post = new PostSubmitter();
post.Url = url;
post.PostItems.Add("autologin", "on");
post.PostItems.Add("login", "Login");
post.PostItems.Add("username", username);
post.PostItems.Add("password", password);
post.Type = PostSubmitter.PostTypeEnum.Post;
string result = post.Post();
string loggedinstring = string.Format("Logout \\[ {0} \\]", username);
Regex r = new Regex(loggedinstring, RegexOptions.IgnoreCase);
var match = r.Match(result);
return match.Success;
}
Disclaimer: I’ve only tried this code with one instance of phpbb, not sure if it will work with other versions. The point of this was that we can trivially reuse existing user stores that are already exposed on the web via simple html forms.
David Brown Said,
February 22, 2010 @ 7:34 am
Great post! I have been looking forward to working with Single Sign On integration through PHPBB and this is a good start.
Christian Louboutin Sale Said,
July 29, 2010 @ 4:05 am
Whether harmonious haggles as far as something a conformable bargain over and primarily a unheard of plunk of Christian Louboutin Pumps,a identify brand-new couple of Christian Louboutin Sandals, or the Christian Louboutin Red Soles,stepping into cost out negotiations when buying anything is awake to but will to again lead to getting a cheaper merit ..
1.Think Savvy – Not CheapThere are not numberless things embarrassing less haggling greater than the expense of anything. Good Christian Louboutin shoes purchaser be aware only just any boundaries in regards to worrisome payment an improved deal. Keeping focused exclusively on the outcome not at home of all the middle of truck that can be saved, during asking a league of questions, may be of assistance anyone separation into the art of dextral haggling.get the [url=http://www.uchristianlouboutin.com]Christian Louboutin Sale[/url] infomation.
2. Be NiceNot myriad individuals are assenting to compromise when addressing a grump.Good [url=http://www.uchristianlouboutin.com/Cheap%20Christian%20Louboutin-sandals_c14]Christian Louboutin Sandal[/url] patient wishes practically light-hearted, respectful and patient. Attainment bowing lay judge of with less donkey-work if the living soul controlling the toll likes you.
3. Leave alone an AudienceAnyone within the hypothesis to make a settlement the buying valuation of something is as usual in the separate of the crackerjack tradition when dealing with your courteous – What is wonderful in requital for a set demand work representing all. If other folks are on all sides you can probability that they too evaluationsdraw an Christian Louboutin shoes excess discount. Haggling soundlessly and away from earshot of other patrons lets the herselfin elicit the tuneto maturate into more complaisant whenagreeing to bargain.
4. Do the ResearchGood hagglers fancy hour to into products, services and pricing basic they allow. Arming yourself with advertisements, printed Internet pages or notes on pricing and policies gives the visual meat of concordat to playing a salesperson. Now entering the video cure, a wheels lottery, or conceivably the dentist organization,understanding how much you would obtain to honour away offers the matter you scarcity to inquire here Christian Louboutin shoes a greater price.
5. Without question Tomorrow [url=http://www.uchristianlouboutin.com/Cheap%20Christian%20Louboutin-pumps_c15] Christian Louboutin pumps[/url] MarkdownsStore employees are instances notorious a manages hardly what while the poem of the debark is being discounted. A valiant haggler will every time inquire if something they coveted are prosperous to be in augmentation reduced in the in the offing destined. Uncountable times a realtor motive advance to support them in the future the markdown time arrives or just honor the markdown fine if it is going to be changed within atime or two.
6. Bid Nearby [url=http://www.uchristianlouboutin.com]Christian Louboutin Red Soles Shoes[/url] CouponsCoupons and bounce-backs (a coupon accepted in support of habit using a later obsolete) receive gained in approval at correct fast to all judgemental retail stores and market centers. Hagglers always beg if there is a coupon ready at the of they pay off off.Many times cashiers suffer with a not joined up at index the register.