Only allow Registered Users to access Roster

by **AbrahamLincoln** » Tue Aug 15, 2006 9:42 am

Hello.

How can i restrict the access to the Roster to phpbb2 registered users only ?
We do not want to let unregistered visitors see each and every aspect of our Chars.

by **Maischter** » Sat Aug 19, 2006 5:44 am

goto the admin folder add 1 file with the name update2.php and copy all the code from the orginal update.php in it and save it...

than copy following code into the update.php:

Code: Select all: <?php define('IN_PHPBB', true); $phpbb_root_path = '../../'; //<-- include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); $userdata = session_pagestart($user_ip, PAGE_INDEX); init_userprefs($userdata); include('update2.'.$phpEx); ?>

than add in the update2.php before the //---[ Update File Downloader ]-----------------------------

this code:

Code: Select all: // Start phpBB TS Viewer Mod if ($userdata['session_logged_in']) {} else { echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> Roster</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFF99"> <p align="center"> </p> here your html text for the login information (i dont post mine here because i have german text) </body> </html>'; exit(); }

with this changes only registered users can upload data...

a other way is (and the simpler one) go to the roster config into the update.php acces menu (1 menu button), here you can resrict the acess only to your defined user groups... (but i dont knwo how to all)

by **AbrahamLincoln** » Tue Aug 22, 2006 9:39 am

Great! Thank you. :thumright:

by **Nomad_Wanderer** » Wed Oct 25, 2006 7:33 pm

This doesn't protect the roster, this protects the upload page. Correct?

You would have to put that PHPBB session check code in a more centralized include for it to protect the entire roster I think.

by **phatz** » Wed Nov 15, 2006 6:52 am

Nomad_Wanderer wrote:This doesn't protect the roster, this protects the upload page. Correct?

I think the above is just to protect upload of data.

I am looking myself ofr a way to limit access in three ways. (using phpBB as the basic authentication)

1. Limit who can even see the data at all
2. Limit who can see Guild Bank information
3. Limit it so Bag/Mail/Bank/Gold information is limited to the players characters only. (this sould be private infromation)

by **juggerknott** » Sat Dec 02, 2006 11:02 pm

1. Limit who can even see the data at all
2. Limit who can see Guild Bank information
3. Limit it so Bag/Mail/Bank/Gold information is limited to the players characters only. (this sould be private infromation)

I am very interested in seeing how this would be implemented myself. I just installed WoWroster and before I have all my members sign up I would like to work out all the details.

The biggest thing I need is some sort of security, the phpBB solution would work well, but anything that will allow access control would be great.

by **juggerknott** » Sun Dec 03, 2006 5:23 pm

Okay, after finding NO documentation and NO help on the forums for anything even close to what I wanted. Best I found was that phpbb support was in wowroster but was taken out... I went and found my own damn solution [/rant]

And here it is!

The key to the whole thing is this incredible script:
http://www.evolt.org/PHP-Login-System-w ... n-Features
jpmaster77: you da man.

Okay so there is a lot of tweaking to do still, but this script is pretty much useable out-of-the-box. Download it and use mysqladmin to import the sql tables into the database you have already setup for wowroster.

Next there is a handy already-provided example in the download that is very easy to adapt to an index page. I striped out the header and body tags and saved the rest as main.php which can then be included where ever you like in your web page to serve as the login / registration / logout script.

Next there is a B-E-A-utiful piece of code that I will go so far as to quote:

<?
include("include/session.php");

if($session->logged_in){
echo "You are viewing the protected page";
}
else{
echo "You are not allowed to view this page";
}
?>

Just replace the echo text with whatever you want to be protected from the masses. Now this covers points 1 and 2 from phatz post. For those who don't want to spend hours trying to wrap their heads around the php of wowroster edit your memberdetails.php and thow in a couple of those nifty if statments:

switch ($action)
{
case 'character':
$char->out();
break;

case 'bags':
if( $roster_conf['show_inventory'] == 1 )
{
if($session->logged_in){
$bag0 = bag_get( $char, 'Bag0' );
if( !is_null( $bag0 ) )
echo $bag0->out();

$bag1 = bag_get( $char, 'Bag1' );
if( !is_null( $bag1 ) )
echo $bag1->out();

$bag2 = bag_get( $char, 'Bag2' );
if( !is_null( $bag2 ) )
echo $bag2->out();

$bag3 = bag_get( $char, 'Bag3' );
if( !is_null( $bag3 ) )
echo $bag3->out();

$bag4 = bag_get( $char, 'Bag4' );
if( !is_null( $bag4 ) )
echo $bag4->out();

$bag5 = bag_get( $char, 'Bag5' );
if( !is_null( $bag5 ) )
echo $bag5->out();
}
}
break;

case 'bank':
if( $roster_conf['show_bank'] == 1 )
{
if($session->logged_in){
$bag0 = bag_get( $char, 'Bank Contents' );
if( !is_null( $bag0 ) )
echo $bag0->out();

$bag1 = bag_get( $char, 'Bank Bag1' );
if( !is_null( $bag1 ) )
echo $bag1->out();

$bag2 = bag_get( $char, 'Bank Bag2' );
if( !is_null( $bag2 ) )
echo $bag2->out();

$bag3 = bag_get( $char, 'Bank Bag3' );
if( !is_null( $bag3 ) )
echo $bag3->out();

$bag4 = bag_get( $char, 'Bank Bag4' );
if( !is_null( $bag4 ) )
echo $bag4->out();

$bag5 = bag_get( $char, 'Bank Bag5' );
if( !is_null( $bag5 ) )
echo $bag5->out();

$bag6 = bag_get( $char, 'Bank Bag6' );
if( !is_null( $bag6 ) )
echo $bag6->out();
}
}
break;

case 'quests':
if( $roster_conf['show_quests'] == 1 )
echo $char->show_quests();
break;

case 'recipes':
if( $roster_conf['show_recipes'] == 1 )
print $char->show_recipes();
break;

case 'bg':
if ( $roster_conf['show_bg'] == 1 )
{
$url .= '&action=bg';
echo $char->show_pvp2('BG', $url, $sort, $start);
}
break;

case 'pvp':
if( $roster_conf['show_pvp'] == 1 )
{
$url .= '&action=pvp';
echo $char->show_pvp2('PvP', $url, $sort, $start);
}
break;

case 'duels':
if( $roster_conf['show_duels'] == 1 )
{
$url .= '&action=duels';
echo $char->show_pvp2('Duel', $url, $sort, $start);
}
break;

case 'spellbook':
if( $roster_conf['show_spellbook'] == 1 )
{
$url .= '&action=spellbook';
echo $char->show_spellbook();
}
break;

case 'mail':
if( $roster_conf['show_mail'] == 1 )
{
if($session->logged_in){
$url .= '&action=mail';
echo $char->show_mailbox();
}
}
break;

default:
$char->out();
break;
}

This will satisfy point #2 on phatz list.

Point #1 is easy as wraping a conditional around the entire "addons.php" and "guildbank.php" files, or any other pages you don't want seen. I chose only the addons and guildbank as they were the 2 that held guildbank information. I don't mind having my roster or character profiles open to the public as long as the banks, bags and mails are private.

I have not yet learned how to satisfy point 3 on phatz list yet as its not 6:18am and I've been working on this since 9:30pm last night and my guilds web page is now littered in php warnings that I need to go clean up.

I'll post more as I find out more.

by **Vipralion** » Mon Dec 11, 2006 12:56 am

That's great stuff juggerknott. Great stuff.

I think what I'll be doing is using all of the info I've been gathering to integrate wowroster into phpbb3 as soon as a release candidate for phpbb3 is released.

I'm developing a nice website for my guild and all of this information is great for saving some time.

Also, I noted the lack of a user accounts feature for wowroster so integrating da man's, jpmaster77, login script should be rather fun. But the roster isn't updated yet. Aww... lots of waiting.

As for point 3 of phatz list, you'd have to have user accounts and make it so that only the user account that uploaded the profile can view those specific things, which, I also agree, should be viewable only by the user. Kind of prying aren't we? I wonder how hard that would be. Doesn't sound too difficult.

btw, I'm new here. First post. Yay. I plan on getting very familiar with the wonderful Roster script. Why? Cuz I love it. It works like a charm.

by **Sunstrider** » Mon Dec 11, 2006 1:57 pm

I did things a little different, I wanted to restrict access based on usergroup numbers in my phpbb forums.

Not my code, found samples of it with google and put it together, I'm sure it can be improved.

I add this to the top of the module to protect, like guildbank.php and guildbank2.php

Code: Select all: define('IN_PHPBB', true); $phpbb_root_path = '../phpBB2/'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); // // Start session management // $userdata = session_pagestart($user_ip, PAGE_INDEX); init_userprefs($userdata); // // End session management // if( $userdata['session_logged_in'] ) { // // Begin page access based on group membership // $groupid=420; // ID of group which can enter $groupid2=557; // ID of group which can enter $us_id=$userdata['user_id']; //ID of the current logged in user $sql = "SELECT group_id,user_id FROM phpbb_user_group WHERE (group_id=".$groupid." OR group_id=".$groupid2.") AND user_id=".$us_id; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not Check for group membership', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ($row['user_id']=='') { message_die(GENERAL_ERROR, 'Sorry, this page is reserved for [u]put your stuff here[/u], login at (http://www.yourwebpagehere/)', 'http://www.yourwebpagehere', '', '', ''); } // // End page access based on group membership //

at the end of the module I add

Code: Select all: } else { $URL="http://www.yourwebpagehere/phpBB2/login.php"; header ("Location: $URL"); }

This wraps the entire code in protection, makes sure they are logged in, checks the usergoup(s) for access.

I only check for one group in the non guildbank programs.

I modded all these for myroster.

tradeskills.php
memberlog.php
guildbank.php
guildbank2.php
addon.php
guildinfo.php
char.php
index.php

That seem to do the trick for guild access on my forums and controlling access to the bank to our knights and officers.

by **duromiir** » Tue Jan 02, 2007 10:04 am

Hey Sunstrider,

I tried inserting the code you posted like this

<?php

{your first block of code}

{original code}

{your second block of code}

?>

What's happening is that I'm being bounced back to the forums when I click on the character links in the forum. Am I doing something wrong?

by **Sunstrider** » Tue Jan 02, 2007 12:16 pm

phpbb forum code already has a message_die function, wowroster 1.7.2 has now added a function with the same name. I had to edit all the wowroster code and change message_die to message_die2 for my site, this allowed my workaround to continue without any other changes.

I'm using it in production now without any problems.

duromiir wrote:Hey Sunstrider,

I tried inserting the code you posted like this

<?php

{your first block of code}

{original code}

{your second block of code}

?>

What's happening is that I'm being bounced back to the forums when I click on the character links in the forum. Am I doing something wrong?

by **daddelkopp** » Wed Jan 03, 2007 11:02 am

Sunstrider wrote:phpbb forum code already has a message_die function, wowroster 1.7.2 has now added a function with the same name. I had to edit all the wowroster code and change message_die to message_die2 for my site, this allowed my workaround to continue without any other changes.

I'm using it in production now without any problems.

Hi, I change message_die to message_die2 (in roster files). Can you tell me the other changes I have to do? Sorry for my bad english :mrgreen:

greetings
daddelkopp

by **Sunstrider** » Wed Jan 03, 2007 1:06 pm

See my post above showing the code changes I made. I show what to add before the original php code and what to place at the end.

by **Nexia** » Wed Jan 03, 2007 2:23 pm

Hi, my phpbb forum and the wowroster are in differents hosts, this code will work any ways?

And what are the requirements use for this code???

my forum is phpBB 2.0.21
and wowroster 1.7.1

Can anyone please tell me step by step what I need to do?
I need the roster only my guild members can access

Thank you

by **Sunstrider** » Wed Jan 03, 2007 2:56 pm

The stuff I posted won't work unless your forums and roster are on the same system.