[geeklog-devtalk] phpBBBridge

[Blaine Lang]

Turias,

It may be handy to have a Plugin API call for login and logout but I wonder
.. do you not have to execute this session restore logic on every page load
for security reasons and since the $_USER array is reloaded by Geeklog ?

The logic that you noted below for example 1 looks like Geeklog code from
lib-sessions so I'm confused if this is PHPBB session code or not.

There are the Custom API hooks already for add/edit/delete user that support
both the user self-registration, moderation and admin user admin operations.
I wonder why you would not use these hooks. It's what I use when I integrate
GL into another application.

We have the API's that are called to display/edit/save Profile related
screen changes but not the preferences page. I've sometimes wanted the
Preferences page as well and ended up just adding it to the Profile page. We
would probally need to implement something similar that Dirk did when he
added the (4) Profile related API calls.

Blaine
----- Original Message ----- 
From: "Turias" <geeklog at sebastiancelis.com>
To: <geeklog-devtalk at lists.geeklog.net>
Sent: Monday, August 23, 2004 8:20 PM
Subject: [geeklog-devtalk] phpBBBridge


Greetings, everyone.

I recently posted the following thread on www.geeklog.net:
http://www.geeklog.net/forum/viewtopic.php?forum=8&showtopic=39370

It discusses a phpBB-GeekLog integration that I have in the works.  In
that thread, I mentioned that it requires a few small changes to the core
(just some extra plugin API calls).  Dirk suggested I post them here so
that they might make it into the core by 1.3.10 or the following version.

First, I need an API call for each time a user logs in or out of GeekLog.
This is so that I can run the appropriate phpBB session-handling code.  I
placed both of these in users.php.

API call #1 (users.php):
if (!empty($passwd) && $mypasswd == md5($passwd)) {
DB_change($_TABLES['users'],'pwrequestid',"NULL",'username',$loginname);
$userdata = SESS_getUserData($loginname);
$_USER=$userdata;
$sessid = SESS_newSession($_USER['uid'], $REMOTE_ADDR,
$_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'],
$_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);

PLG_callFunctionForAllPlugins ('plugin_login_');



API call #2 (users.php):
case 'logout':
    if (!empty($_USER['uid']) AND $_USER['uid'] > 1) {
        SESS_endUserSession($_USER['uid']);
    }
    setcookie ($_CONF['cookie_session'], '', time() - 10000,
               $_CONF['cookie_path'], $_CONF['cookiedomain'],
               $_CONF['cookiesecure']);
    setcookie ($_CONF['cookie_name'], '', time() - 10000,
$_CONF['cookie_path'],
               $_CONF['cookiedomain'], $_CONF['cookiesecure']);

    PLG_callFunctionForAllPlugins ('plugin_logout_');

    $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
    break;


Ideally, there needs to be a plugin API call made each time a user's info
is changed.  If a user changes their main account information (password,
homepage, email address, etc), I can leverage plugin_profileextrassave_,
even if that isn't what it was made for.

I did need 2 calls to determine any time an existing user is edited by an
admin, especially when they are granted or denied root privileges.  So, I
did the following:

API call #3 (admin/user.php):
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE
(ug_uid = $uid) AND " . $whereGroup);
            if (!empty($groups)) {
                for ($i = 1; $i <= sizeof($groups); $i++) {
                    if (in_array (current ($groups), $UserAdminGroups)) {
                        if ($_USER_VERBOSE) COM_errorLog("adding
group_assignment " . current($groups) . " for
$username",1);
                        $sql = "INSERT INTO
{$_TABLES['group_assignments']} (ug_main_grp_id,
ug_uid) VALUES (" . current($groups) . ",$uid)";
                        DB_query($sql);
                    }
                    next($groups);
                }
            }

            PLG_callFunctionForAllPlugins ('plugin_savedusergroups_');




API call #4 (admin/user.php):
            DB_query("UPDATE {$_TABLES['users']} SET username =
'$username', fullname = '$fullname', passwd = '$passwd', email
= '$email', homepage = '$homepage', photo = '$curphoto' WHERE
uid = $uid");
            if ($_CONF['custom_registration'] AND
(function_exists('custom_usersave'))) {
                custom_usersave($uid);
            }

            PLG_callFunctionForAllPlugins ('plugin_adminediteduser_');



Finally, I needed a call to tell me when the user had updated their
preferences.  This isn't necessary, as users can always update their
preferences on both systems, but it makes it much more convenient for the
user to simply edit their preferences in one place.


API call #4 (usersettings.php):
    DB_query("UPDATE {$_TABLES['userprefs']} SET
noicons='{$A['noicons']}', willing='{$A['willing']}',
dfid='{$A['dfid']}', tzid='{$A['tzid']}',
emailfromadmin='{$A['emailfromadmin']}',
emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}'
WHERE uid='{$_USER['uid']}'");

    PLG_callFunctionForAllPlugins ('plugin_userprefssaved_');



Thanks,
Turias
_______________________________________________
geeklog-devtalk mailing list
geeklog-devtalk at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devtalk