Only allow Registered Users to access Roster

phpBB integration forum

Re: Only allow Registered Users to access Roster

Postby daddelkopp » Wed Jan 03, 2007 3:31 pm

Thanks for your answers. I think my Problem is another. My forum and my roster have their own subdomains. Can this make trouble for the sessionmanagement?

daddelkopp

edit: Now both use the same subdomain everything works fine :mrgreen: A small suggestion. Is it possible automatic jump back to guildroster site after login?


edit2: I found it :mrgreen:

Insert in every file (at the top) you want to be login protected:

Code: Select all
define('IN_PHPBB', true);
$phpbb_root_path = './../';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);

if (!$userdata['session_logged_in'] )
{
  redirect(append_sid("login.$phpEx?redirect=./roster/guildinfo.$phpEx", true));
}
   
//
// End page access based on logged in
//


Just edit the redirect stuff for every file. The example is for guildinfo.php. Roster was installed in /phpBB2/roster
Last edited by daddelkopp on Wed Jan 03, 2007 4:16 pm, edited 3 times in total.
User avatar
daddelkopp
WR.net Journeyman
WR.net Journeyman
 
Posts: 99
Joined: Wed Jan 03, 2007 10:22 am

Only allow Registered Users to access Roster

Postby Nexia » Wed Jan 03, 2007 6:10 pm

There's another way to protect the roster?
Nexia
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Mon Jan 01, 2007 6:37 pm

Re: Only allow Registered Users to access Roster

Postby DaarianneDarkmoon » Sat Jan 13, 2007 10:58 am

i would like to use this solution too, but before i try, would it work if roster and phpbb are on the same host (localhost) but do not share the same mysl database?
the mysql is also on the same host, but database name and pw would be different. any way to make it work?
User avatar
DaarianneDarkmoon
WR.net Apprentice
WR.net Apprentice
 
Posts: 48
Joined: Wed Jul 12, 2006 12:34 am

Re: Only allow Registered Users to access Roster

Postby Mashrokk » Thu Feb 01, 2007 7:03 am

It *should* work since the feature that makes this all possible is the session management of the webserver.

Great stuff daddelkopp, nice approach.
User avatar
Mashrokk
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Sat Jul 08, 2006 1:04 pm

Re: Only allow Registered Users to access Roster

Postby Mashrokk » Thu Feb 01, 2007 7:53 am

Just on an afterthought I looked into the problem again. The thought of changing every function call of 'message_die' in all roster files did not sit well with me. So I did the following:

Copied phpbb's common.php to common2.php
Copied phpbbs includes/functions.php to includes/functions2.php
In common2.php changed the include of the includes/functions.php to includes/functions2.php
In common2.php changed all occurences of 'message_die' to 'message_die2'
In includes/functions2.php changed all occurences of 'message_die' to 'message_die2'

Just remember that you will have to do this every time you update phpbb to keep security risks in these two files covered ;)

All of this I did because of my being too lazy to edit multiple roster files. I actually carried the laziness even further. I decided that the redirect, once the user is logged in, need not be to the requested page. I can live fine with a redirect to index.php.
It hit me that on every roster page I checked there is a require_once for settings.php. So I just inserted the by now well know code (posted above by daddelkopp) into one file alone, roster's settings.php.

Hope this helps,

Mashrokk
Last edited by Mashrokk on Thu Feb 01, 2007 7:55 am, edited 1 time in total.
User avatar
Mashrokk
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Sat Jul 08, 2006 1:04 pm

Re: Only allow Registered Users to access Roster

Postby daddelkopp » Thu Feb 01, 2007 8:52 am

Nice way to create a common2.php to fix the message_die problem. I did a replace over all Files in Roster :mrgreen:

I hope your suggestion with the settings.php works, too. That would make life much easier :rgreen: Please tell us your experiances.

Thanks for your ideas
daddelkopp
User avatar
daddelkopp
WR.net Journeyman
WR.net Journeyman
 
Posts: 99
Joined: Wed Jan 03, 2007 10:22 am

Only allow Registered Users to access Roster

Postby PleegWat » Thu Feb 01, 2007 10:13 am

Putting it in settings.php should work. Settings.php initializes the roster DB and configuration variables. All roster files either have the roster_installed check, or include settings.php. The only 2 exceptions are install.php and upgrade.php.
I <3 /bin/bash
User avatar
PleegWat
WoWRoster.net Dev Team
WoWRoster.net Dev Team
 
Posts: 1636
Joined: Tue Jul 04, 2006 1:43 pm

Re: Only allow Registered Users to access Roster

Postby Mashrokk » Fri Feb 02, 2007 6:27 am

All roster files either have the roster_installed check, or include settings.php. The only 2 exceptions are install.php and upgrade.php.


Sadly this is true for update.php, too.... So be advised that if you put the code into settings.php UniUploader will be redirected, too. Well, in my roster there now is a settings2.php without the code that is included in update.php... I should really, really, realllllly document this in case there is any update :cyclops:

Since I never said it before: Big thx to all people actively developing (or having developed) roster or any addons! I love this peace of code and most in my guild do so too...
User avatar
Mashrokk
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Sat Jul 08, 2006 1:04 pm

Only allow Registered Users to access Roster

Postby PleegWat » Fri Feb 02, 2007 6:45 am

I don't have a real clear view of how phpbb works (and I'm not interested in getting one) but I assume it's possible to look up which 2 post vars you have to put the user/pass in to have UU upload correctly.
I <3 /bin/bash
User avatar
PleegWat
WoWRoster.net Dev Team
WoWRoster.net Dev Team
 
Posts: 1636
Joined: Tue Jul 04, 2006 1:43 pm

Re: Only allow Registered Users to access Roster

Postby Mashrokk » Fri Feb 02, 2007 10:42 am

I already had this problem once... almost the same when the roster phpbb-auth module was still included as an upload-protection. It turned out the phpbb password var and the roster office password used the same varname... if I remember correctly.
So whichever move you make, one more problem seems to appear over the horizon. This is why I can live with 2 versions of three files and an 'unprotected' update.php :D

Mashrokk
User avatar
Mashrokk
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Sat Jul 08, 2006 1:04 pm

Re: Only allow Registered Users to access Roster

Postby drake2k » Wed Feb 21, 2007 12:10 am

DaarianneDarkmoon wrote:i would like to use this solution too, but before i try, would it work if roster and phpbb are on the same host (localhost) but do not share the same mysl database?
the mysql is also on the same host, but database name and pw would be different. any way to make it work?



I have mine on separate MySQL databases and it works fine. It's still on localhost (same server) but just different databases.


I am having a problem where if a user who is registered but is not a part of a group yet (guildies or officers) tries to view the roster, it tells them "Sorry, this page is reserved" but all the graphics aren't loading. When I look at the source html it's trying to pull from href="templates/<my template>/images/<image>

Only problem with that is that the roster is not in the same directory with phpBB so the directory structure is not going to work.

Is there a way to fix this other then creating that directory tree in my roster directory and copying the images over?
drake2k
WR.net Apprentice
WR.net Apprentice
 
Posts: 2
Joined: Mon Feb 19, 2007 10:36 pm

Previous

Return to phpBB

Who is online

Users browsing this forum: No registered users and 1 guest

cron