Customizing SMF > SMF Coding Discussion

Converting SA_auth to SMF

<< < (2/7) > >>

emanuele:
Sorry, I was re-reading the code (probably a bit less sleepy) and it seems that at step 3 it checks for cookie of forum2, not forum1, so the user should already be registered at forum2 (and be part of membergroup 3) before being able to verify if it is already registered at forum1...sorry for the confusion, I'm trying to understand... :)

If this last version is correct then the method I suggested before is fine, you don't need to pass from the cookie (of course you can if you want, but doesn't change much except that using my method is SMF itself that takes care of the cookie).

wargames:

--- Quote from: emanuele on May 31, 2012, 09:42:42 AM ---Sorry, I was re-reading the code (probably a bit less sleepy) and it seems that at step 3 it checks for cookie of forum2, not forum1, so the user should already be registered at forum2 (and be part of membergroup 3) before being able to verify if it is already registered at forum1...sorry for the confusion, I'm trying to understand... :)

If this last version is correct then the method I suggested before is fine, you don't need to pass from the cookie (of course you can if you want, but doesn't change much except that using my method is SMF itself that takes care of the cookie).

--- End quote ---

I know very little about code and this was handed to me. So do what you think is right.

emanuele:
One last question: is the script currently in place?
So if I try to register at your forum I'll see it asking me for the code?

wargames:

--- Quote from: emanuele on May 31, 2012, 09:53:49 AM ---One last question: is the script currently in place?
So if I try to register at your forum I'll see it asking me for the code?

--- End quote ---

The code is not on my smf site but it is on the other site this is where I got the code from. http://www.maraudershewrote.org/forums/ [nofollow]

But I am trying to get the code to work here. http://mwo.gooncave.com/ [nofollow]

emanuele:

--- Code: ---<?php
$forum_path = '/var/www/vhosts/gooncave.com/msw/forums/';

require_once( $forum_path . 'SSI.php' );

echo "<html>
<head>
<title>MSW - SA Authorization</title>
<link rel='shortcut icon' type='image/x-icon' href='/favicon.ico'>
<!-- CHANGE THE CSS FILE HERE -->
<link rel='stylesheet' type='text/css' media='screen,print' href='http://www.maraudershewrote.org/forums/public/min/index.php?ipbv=32006&amp;f=public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css,public/style_css/css_4/ipb_styles.css' />
</head>
<body>
<h3 class='pagetop'>SA Authorization</h3>
<div class='content navigation'>
</div>\n<br><br><br>
<div class='wrapper'><div class='content'>
<div id='content' class='clearfix'>
<div class='guestMessage'><center>";


if ( !empty($user_info['id'] ))
{
if ( in_array(3, $user_info['groups']) ) // Allow only member_group_id == 3, which is 'Unauthorized Members'
{
# Forums Info
$mswUsername  = $user_info['name'];
$mswMemberID = $user_info['id'];

# Start of SomethingAwful Auth
if ( !$_POST )
{
# Generate a key to verify the user
$key = sha1(rand(1000000, 9999999));
$_SESSION['auth_key']   = $key;
$_SESSION['auth_done']   = "no";
$_SESSION['auth_action'] = "signup";

echo "<script language='Javascript'>
function validate()
{
if ( !document.auth.sausername.value )
{
alert('You must enter your SA username');
return false;
} else
return true;
}
</script>
<b>Welcome to the Marauder She Wrote forums!</b><br>
We're open to all SA forum members.  Use this page to verify that you're an SA forum member.<br><br>

To do this, <a href='http://forums.somethingawful.com/member.php?s=&action=editprofile' target='_blank'>edit your SA profile</a>, and add this key to your Interests field:<br>
<b>" . $key . "</b><br>
(notice: this key changes each refresh)
<br/><br/>
Once you've done that, enter your SA username below, and click Continue.
<br/><br/>
<form name='auth' method='post'>
Your SA Username: <input type='text' name='sausername'>
<input type='hidden' name='auth_key' value='" . $_SESSION['auth_key'] . "'>
<input type='submit' onclick='return validate()' name='submit' value='Continue'>
</center>
</form>
</div></div></div></div>";
}
else
{
if ( !isset( $_SESSION['auth_key'] ) )
{

echo "<div class='content warning'>Sorry, looks like your key expired.  Press Back and try again.</div>";
exit();
} elseif ( $_SESSION['auth_key'] != $_POST['auth_key'] ) 
{
echo "<div class='content warning'>Key mismatch.  Press back and try again.</div>";
exit();
}

# The user we want to check, and they key to check
$user = $_POST['sausername'];
$key = $_SESSION['auth_key'];

# Setup values to use in the CURL operation
$en = 'action=getinfo&username=' . urlencode($user);
$profile_encode = 'http://forums.somethingawful.com/member.php?' . $en;
$login = array('action' => 'login', 'username' => 'wargames', 'password' => '');

# Logfile Access
//$logfile = '/var/www/vhosts/gooncave.com/msw/debug.txt';
//$open = fopen($logfile, 'w');

# These aren't necessary, but it helps to prevent setting off any alarms
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0';
$referer = 'http://forums.somethingawful.com/usercp.php?s=';

# Initialize CURL and start collecting the output buffer
$ch = curl_init();

# Setup CURL options
curl_setopt($ch, CURLOPT_URL, "http://forums.somethingawful.com/account.php");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $login);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
//curl_setopt($ch, CURLOPT_STDERR, $open);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_REFERER, $referer);
$result = curl_exec ($ch);

curl_setopt($ch, CURLOPT_HTTPGET, TRUE);
curl_setopt($ch, CURLOPT_URL, "http://forums.somethingawful.com/index.php");
$response = curl_exec ($ch);

curl_setopt($ch, CURLOPT_URL, $profile_encode);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
$response = curl_exec ($ch);
$headers = curl_getinfo($ch, CURLINFO_HEADER_OUT);

# SA Scrape Debug
//echo $headers;
//echo "<hr />";
//echo $profile_encode;
//echo "<hr />";
//echo $result2;
//echo "<hr />";

$x = curl_version();
if ( $response == "" )
{
echo "<div class='content warning'>The signup system is down!  Please report this to wargames. (No response from SA forums: " . curl_errno($ch) . " " . curl_error($ch) .")</div>";
} elseif ( strpos($response, 'This user has not registered and therefore does not have a profile to view.') ) 
{
echo "<div class='content warning'>I could not find your profile, did you type your nickname correctly?  Press back and try again.</div>";
} elseif ( strpos($response, 'You are not logged in') ) 
{
echo "<div class='content warning'>The signup system is down!  Please report this to wargames. (Could not log in)</div>";
} elseif ( strpos($response, 'Special Message from Senor Lowtax') ) 
{
echo "<div class='content warning'>There was a problem checking your nickname against the forums. (Special message from Senor Lowtax - forums down?)</div>";
} elseif ( strpos($response, $key) ) 
{
# Begin session cleanup
$_SESSION['auth_done'] = 'yes';
$_SESSION['auth_username'] = $_POST['sausername'];
unset( $_SESSION['auth_key'] );

require_once($sourcedir . '/Subs-MemberGroups.php');
# Change users forum group to 'Members' (7) and adds their SA Name to their profilez
addMembersToGroup($user_info['id'], 7, 'only_additional', true);

# Congrats!
echo "<h3>Well done, " . $user_info['name'] . "!</h3>\n<div class='content current'>\nThank you, you have now been verified as a forum member.\n
<b>First, <a href='http://forums.somethingawful.com/member.php?s=&action=editprofile'>edit your SA profile</a> again, and remove the key.</b><br><br></div>";
} else 
{
echo "<div class='content warning'>I couldn't see your key ( <b>" . $_SESSION['auth_key'] . "</b> ) in your profile.  Press Back and try again.</div>";
}
curl_close($ch);
}
} else {
echo "ERROR:  User is not an 'Unauthorized Member'<br><br>\n";

// Forums Info
echo "Forums Username: " . $user_info['name'] . "<br>\n";
echo "Forums memberID: " . $user_info['id'] . "<br>\n";
echo "Forums Group ID: " . implode(',', $user_info['groups']) . "<br>\n";
}
} else {
echo "User is not logged into the MSW forums.<br>\n";
}
?>
</div></div></div></div>
--- End code ---

That should do what you want.

Please remember that in SMF the membergroup 3 is a special group (i.e. board moderators), so most likely you'll have to change it so something else.

Edit: fixed a couple of bugs in the code.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version