Integrating registration with other systems -- a quick Howto

Orstio · September 04, 2005, 08:45:22 PM

I thought I'd post this up for a bit of help for those trying to integrate other systems into SMF. This is just a quick "How To Integrate Registrations". It does not cover login/logout, etc. I'll try to cover those in another post. It is also certainly not the only way, nor the best way to tackle the integration for every system.

Now, somewhere in your code, there is going to be a registration form, that posts the data from the form into a function of the script. You'll want to start by finding both the form, and the file with the registration function that writes users into the database. The form will tell you what the variable names are that the user will input, and the registration function will be in the file you want to modify. In some cases, it will be exactly the same file, but in many cases it will not (For example, in Mambo, the form is in a file called registration.html.php, while the registration function is in registration.php).

As of SMF 1.1 beta 3, there is now a file in SMF called Subs-Members.php. This contains the function to validate and register members into SMF.

To start, you will need to call SMF's SSI.php at the beginning of the registration function, to make sure that variables are declared, and an SMF session is started, etc. So, the code will look something like this:

Code Select


function createUser(){

global $db_name, $db_prefix, $sourcedir, $boarddir;

require_once ("/path/to/smf/SSI.php");

Notice that we made SMF's database name and table prefix global so that we can use them throughout this function.

Now, depending on how the security model is set up for the system in which you are integrating, you can either first validate the information in that system, or first in SMF. I often choose to do this in SMF first, simply because I prefer the SMF security model, but in most cases it is your own choice.

In order to validate in SMF, and write the validated user into SMF, we simply need to call the function registerMember();. But, we must first populate the array which we will pass to that function.

This is the "standard" model of the code for populating the $regOptions array:

Code Select

// Let's get this user into SMF...

		mysql_select_db($db_name);  //switch to SMF's database, in case these softwares are in different databases.
	
          $possible_strings = array(
		'websiteUrl', 'websiteTitle',
		'AIM', 'YIM',
		'location', 'birthdate',
		'timeFormat',
		'buddy_list',
		'pm_ignore_list',
		'smileySet',
		'signature', 'personalText', 'avatar',
		'lngfile',
		'secretQuestion', 'secretAnswer',
	);
	$possible_ints = array(
		'pm_email_notify',
		'notifyTypes',
		'ICQ',
		'gender',
		'ID_THEME',
	);
	$possible_floats = array(
		'timeOffset',
	);
	$possible_bools = array(
		'notifyAnnouncements', 'notifyOnce', 'notifySendBody',
		'hideEmail', 'showOnline',
	);
	
	// Set the options needed for registration.
	$regOptions = array(
		'interface' => 'guest',
		'username' => $this->userName,  //the variable from the form for the inputted username
		'email' => $this->userEmail,  //likewise, the email address that was inputted in the form
		'password' => $this->userPassword,  //the password that the user inputted
		'password_check' => $this->userPassword,  //the second confirmation password inputted
		'check_reserved_name' => true,  //this will make sure that SMF first checks for a reserved name before writing the user to the database
		'check_password_strength' => true,
		'check_email_ban' => true,  //checks for ban on the email address that was inputted
		'send_welcome_email' => false,  //true if you want SMF to send an email, false if you want your other software to handle it.  I'd recommend false.
		'require' => 'nothing',
		'extra_register_vars' => array(),
		'theme_vars' => array(),
	);
	


	// Include the additional options that might have been filled in.
	foreach ($possible_strings as $var)
		if (isset($_POST[$var]))
			$regOptions['extra_register_vars'][$var] = '\'' . $_POST[$var] . '\'';
	foreach ($possible_ints as $var)
		if (isset($_POST[$var]))
			$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
	foreach ($possible_floats as $var)
		if (isset($_POST[$var]))
			$regOptions['extra_register_vars'][$var] = (float) $_POST[$var];
	foreach ($possible_bools as $var)
		if (isset($_POST[$var]))
			$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;

	// Registration options are always default options...
	if (isset($_POST['default_options']))
		$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
	$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();

	require_once($sourcedir . '/Subs-Members.php');  //require the file, so that we can call the function
	$memberID = registerMember($regOptions);  //call the function.  $memberID should return a value.


	mysql_select_db($config["db_database"]); //back to the parent software's database...

Now, you probably see a whole lot of options in there that you are most likely never going to use, but it does highlight the flexibility of the registration system. You could, for example, add "location" and "birthdate" to the registration form, and they would be properly written to SMF. You can also add your own fields, just by adding to the arrays, mirroring what you add to the registration form.

Also be aware that this works with almost any registration system written in PHP. The examples above were copied from a pLog integration I did recently. Please also note that the variables registered into the arrays (e.g., $this->username) will need to be changed to matched those in the integration on which you are working.

I hope this helps others working on integrations.

The One · September 05, 2005, 12:21:47 PM

I am not sure if something like this exists in SMF or not but it sure is something I would like to see.
How about creating a swparate module that takes care of user authentication and site integration. This could be used to integrate SMF with a variety of other databases/authentication processes etc.
All a webmaster would need to do is to configure that module according to his/her existing site and SMF should work seamlessly with the exisiting users and sites.
Of course if there is something like this already, please forgive my ignorance.

dmarkd · September 09, 2005, 02:17:15 PM

So, when I look over what you've written above, it seems to me that this shows how to take my existing registration functions and add the user to the SMF database at the same time I am adding to my own database. What I don't see, however, is how to make sure when a user logs in using my page that they are also authenticated to the SMF system at the same time so they can seamlessly travel between my site and SMF without being asked to login. Can you provide some insight into this?

[Unknown] · September 09, 2005, 02:57:56 PM

Search for "smf_api.php".

-[Unknown]

Orstio · September 09, 2005, 07:21:51 PM

Quote from: dmarkd on September 09, 2005, 02:17:15 PM
So, when I look over what you've written above, it seems to me that this shows how to take my existing registration functions and add the user to the SMF database at the same time I am adding to my own database. What I don't see, however, is how to make sure when a user logs in using my page that they are also authenticated to the SMF system at the same time so they can seamlessly travel between my site and SMF without being asked to login. Can you provide some insight into this?

Quote from: OrstioIt does not cover login/logout, etc. I'll try to cover those in another post.

dmarkd · September 09, 2005, 11:25:53 PM

Woops, my bad, I guess I completely skipped the first paragraph and went right to the code

The One · December 11, 2005, 06:32:15 AM

Quote from: [Unknown] on September 09, 2005, 02:57:56 PM
Search for "smf_api.php".

-[Unknown]

Is there such a file in 1.1 RC1?

Dannii · December 11, 2005, 06:34:43 AM

It's on the tools page: http://www.simplemachines.org/download.php?converters

The One · December 11, 2005, 06:44:45 AM

Thanks a lot eldacar

am having a look at it right now.

Ensiferous · October 01, 2006, 06:51:21 PM

How would I then go about getting errors messages sent back as an array instead of being redirected to the forum registration page and then echoed. Is this possible without hacking the core smf files?

Ensiferous · December 10, 2006, 06:13:58 PM

might be worth mentioning that the strings used in the options array are assumed to be escaped. so using raw input is opening you to sql injections.

Orstio · December 10, 2006, 06:22:32 PM

It's always a good idea to clean out any user input from $_POST before using it.

mcalsada · February 03, 2007, 09:15:26 PM

Is there any plans to write a similar "how to" for logging in/out from SMF? This was really helpful as a first step. Trying to follow searches on the forums is often left not very fruitful... smf_api cant be used in version xxx etc.

godboko · January 28, 2008, 09:52:46 PM

Is this still valid? The reason I am asking is I am thinking of making a module for the CMS called Xaraya for Authentication.

Orstio · January 28, 2008, 09:54:49 PM

Yes, it is.

godboko · January 28, 2008, 10:02:13 PM

Quote from: Orstio on January 28, 2008, 09:54:49 PM
Yes, it is.

Wow fast response thank you kingly. I will make a new thread on how I fair.

xXBenXx · March 08, 2008, 01:33:38 PM

So On one page I have a registration form. And then I edit the code in this topics 1st post and put it in the file the registration form points to?

Orstio · March 08, 2008, 02:06:18 PM

Correct.

constantine · April 25, 2008, 03:38:31 AM

I have successfully integrated my site's registration with smf.

I am using the ID_MEMBER of the smf_members table as a relation to my site's member's table and thus using the smf_api made by unknown (thank you unknown) to login/logout between my site and forum.

Just like Orstio, I often choose to do the validation in SMF first, simply because I prefer the SMF security model. But the problem is, if there is some sort of an error with the validation, the forum loads in my signup.php page and spits out the error. I don't want this happening. What I want instead is just retrieve what errors smf spits out so I can display (without loading the index page of the forum itself) it in my signup.php page...

In effect, I would like to again ask what NoFear had asked (two years ago

)...

Quote from: NoFear on October 01, 2006, 06:51:21 PM
How would I then go about getting errors messages sent back as an array instead of being redirected to the forum registration page and then echoed. Is this possible without hacking the core smf files?

My setup is I have a signup.php, which houses the form to register and its action points to itself. Upon clicking the submit button, a registration.php is called (which handles the registration process for smf and the main site) and echoes whether the registration was successful or not. Like what I have said above, the problem is when smf finds an error with the registration, the errors are spitted out together with the index of the forum...

Could someone help me with this please too?

Any help with this is highly appreciated...

Note: I have also read extensively (and tried) the guide to integration hooks written by Orstio (a well written guide) but as of the moment, I couldn't still quite get it to work...

Orstio · April 25, 2008, 07:43:01 AM

With SMF's current security model, errors can't be returned as an array. Errors are handled, and then execution is terminated. If not handled this way, script kiddies could gain access to your SMF admin panel.

Would an integration hook in the error handling help you out any? That way, it wouldn't be able to return to your script, but it might be able to redirect there instead.

News:

Integrating registration with other systems -- a quick Howto

Orstio

Orstio

Orstio

Orstio

Orstio

Orstio