What's the easiest way to let a custom application re-use accounts from a PHPBB installation?
Answer:
The first thing that occurred to me was that I'd have to look over the PHPBB user tables, connect to mysql, and read the user's password (which I assume is hashed) to do the authentication. The second idea I had was to write a proxy service in PHP that I could call from my custom app.
Both of those options seemed like an awful pain in the butt. Then I had an epiphany, if you take a look at the ideals behind REST services, one could reason that PHPBB already exposes a REST service for logging in.
What if I simply used the already exposed HTML form as a sort of pseudo web service?
Making HTTP posts with C# is pretty easy, but I didn't want to try to remember what the syntax was for the API; So I did a quick search online and found a nice little class that makes it really easy: http://geekswithblogs.net/rakker/archive/2006/04/21/76044.aspx
With this class in hand, I used FireBug while logging in to the PHPBB and inspected the post variables. Easy, there were only four variables posted:
- autologin=on
- login=Login
- username=[My Username]
- password=[My Password]
private static bool Authenticate(string username, string password, string url)
{
PostSubmitter post = new PostSubmitter();
post.Url = url;
post.PostItems.Add("autologin", "on");
post.PostItems.Add("login", "Login");
post.PostItems.Add("username", username);
post.PostItems.Add("password", password);
post.Type = PostSubmitter.PostTypeEnum.Post;
string result = post.Post();
string loggedinstring = string.Format("Logout \\[ {0} \\]", username);
Regex r = new Regex(loggedinstring, RegexOptions.IgnoreCase);
var match = r.Match(result);
return match.Success;
}
Disclaimer: I've only tried this code with one instance of phpbb, not sure if it will work with other versions. The point of this was that we can trivially reuse existing user stores that are already exposed on the web via simple html forms.