[geeklog-devtalk] phpBBBridge

[Tony Bibbs]

As a reminder, the code in lib-sessions.php is a port of what phpBB had 
a long time ago. 

--Tony

Blaine Lang wrote:


>Turias,

>

>It may be handy to have a Plugin API call for login and logout but I wonder

>.. do you not have to execute this session restore logic on every page load

>for security reasons and since the $_USER array is reloaded by Geeklog ?

>

>The logic that you noted below for example 1 looks like Geeklog code from

>lib-sessions so I'm confused if this is PHPBB session code or not.

>

>There are the Custom API hooks already for add/edit/delete user that support

>both the user self-registration, moderation and admin user admin operations.

>I wonder why you would not use these hooks. It's what I use when I integrate

>GL into another application.

>

>We have the API's that are called to display/edit/save Profile related

>screen changes but not the preferences page. I've sometimes wanted the

>Preferences page as well and ended up just adding it to the Profile page. We

>would probally need to implement something similar that Dirk did when he

>added the (4) Profile related API calls.

>

>Blaine

>----- Original Message ----- 

>From: "Turias" <geeklog at sebastiancelis.com>

>To: <geeklog-devtalk at lists.geeklog.net>

>Sent: Monday, August 23, 2004 8:20 PM

>Subject: [geeklog-devtalk] phpBBBridge

>

>

>Greetings, everyone.

>

>I recently posted the following thread on www.geeklog.net:

>http://www.geeklog.net/forum/viewtopic.php?forum=8&showtopic=39370

>

>It discusses a phpBB-GeekLog integration that I have in the works.  In

>that thread, I mentioned that it requires a few small changes to the core

>(just some extra plugin API calls).  Dirk suggested I post them here so

>that they might make it into the core by 1.3.10 or the following version.

>

>First, I need an API call for each time a user logs in or out of GeekLog.

>This is so that I can run the appropriate phpBB session-handling code.  I

>placed both of these in users.php.

>

>API call #1 (users.php):

>if (!empty($passwd) && $mypasswd == md5($passwd)) {

>DB_change($_TABLES['users'],'pwrequestid',"NULL",'username',$loginname);

>$userdata = SESS_getUserData($loginname);

>$_USER=$userdata;

>$sessid = SESS_newSession($_USER['uid'], $REMOTE_ADDR,

>$_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);

>SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'],

>$_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'],

>$_CONF['cookiesecure']);

>

>PLG_callFunctionForAllPlugins ('plugin_login_');

>

>

>

>API call #2 (users.php):

>case 'logout':

>    if (!empty($_USER['uid']) AND $_USER['uid'] > 1) {

>        SESS_endUserSession($_USER['uid']);

>    }

>    setcookie ($_CONF['cookie_session'], '', time() - 10000,

>               $_CONF['cookie_path'], $_CONF['cookiedomain'],

>               $_CONF['cookiesecure']);

>    setcookie ($_CONF['cookie_name'], '', time() - 10000,

>$_CONF['cookie_path'],

>               $_CONF['cookiedomain'], $_CONF['cookiesecure']);

>

>    PLG_callFunctionForAllPlugins ('plugin_logout_');

>

>    $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');

>    break;

>

>

>Ideally, there needs to be a plugin API call made each time a user's info

>is changed.  If a user changes their main account information (password,

>homepage, email address, etc), I can leverage plugin_profileextrassave_,

>even if that isn't what it was made for.

>

>I did need 2 calls to determine any time an existing user is edited by an

>admin, especially when they are granted or denied root privileges.  So, I

>did the following:

>

>API call #3 (admin/user.php):

>            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE

>(ug_uid = $uid) AND " . $whereGroup);

>            if (!empty($groups)) {

>                for ($i = 1; $i <= sizeof($groups); $i++) {

>                    if (in_array (current ($groups), $UserAdminGroups)) {

>                        if ($_USER_VERBOSE) COM_errorLog("adding

>group_assignment " . current($groups) . " for

>$username",1);

>                        $sql = "INSERT INTO

>{$_TABLES['group_assignments']} (ug_main_grp_id,

>ug_uid) VALUES (" . current($groups) . ",$uid)";

>                        DB_query($sql);

>                    }

>                    next($groups);

>                }

>            }

>

>            PLG_callFunctionForAllPlugins ('plugin_savedusergroups_');

>

>

>

>

>API call #4 (admin/user.php):

>            DB_query("UPDATE {$_TABLES['users']} SET username =

>'$username', fullname = '$fullname', passwd = '$passwd', email

>= '$email', homepage = '$homepage', photo = '$curphoto' WHERE

>uid = $uid");

>            if ($_CONF['custom_registration'] AND

>(function_exists('custom_usersave'))) {

>                custom_usersave($uid);

>            }

>

>            PLG_callFunctionForAllPlugins ('plugin_adminediteduser_');

>

>

>

>Finally, I needed a call to tell me when the user had updated their

>preferences.  This isn't necessary, as users can always update their

>preferences on both systems, but it makes it much more convenient for the

>user to simply edit their preferences in one place.

>

>

>API call #4 (usersettings.php):

>    DB_query("UPDATE {$_TABLES['userprefs']} SET

>noicons='{$A['noicons']}', willing='{$A['willing']}',

>dfid='{$A['dfid']}', tzid='{$A['tzid']}',

>emailfromadmin='{$A['emailfromadmin']}',

>emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}'

>WHERE uid='{$_USER['uid']}'");

>

>    PLG_callFunctionForAllPlugins ('plugin_userprefssaved_');

>

>

>

>Thanks,

>Turias

>_______________________________________________

>geeklog-devtalk mailing list

>geeklog-devtalk at lists.geeklog.net

>http://lists.geeklog.net/listinfo/geeklog-devtalk

>

>_______________________________________________

>geeklog-devtalk mailing list

>geeklog-devtalk at lists.geeklog.net

>http://lists.geeklog.net/listinfo/geeklog-devtalk

>  

>