All purpose integration solution?

Simon K · April 09, 2008, 11:03:56 AM

Hi everyone,

I've spent the last few days looking for a solution to integrating SMF into a system for my users, but looking through these forums I'm continually finding people in a very similar situation to me who, due to the lack of any instructional documentation or examples, just don't have a clue how to get started with all this integration hooks stuff.

The other thing i'm finding is that most of the suggestions seem to involve making SMF the central hub for all your users, which is obviously not an option - or just plain undesirable - with a large established system that SMF is to form just a small component of.

So in the interests of coming up with a simple solution to this problem i'd like to get the ball rolling with the following code/pseudo code:

Code Select

<?

include($_SERVER['DOCUMENT_ROOT'] . "/my-systems-config-file.php");

session_start();

if ($userid = authuser()) {

    # if not already logged in to SMF {
    #
    #     if $_SESSION[username] exists in SMF users {
    #
    #        if SMF password != $_SESSION[password] then change SMF password to match
    #        if SMF XXXXXX != My system XXXXXX then update SMF accordingly
    #
    #    } else {
    #
    #        create SMF user record
    #
    #    }
    #
    #    log user in to SMF
    #
    # }

    include($_SERVER['DOCUMENT_ROOT'] . "/forum/index.inc.php");


} else {

	header("Location: /");

}
?>

What I've done here is move index.php to index.inc.php and put the above code in it's place, basically putting the psuedo code and the include of index.inc.php inside my own systems authentication/security so that the forum can only be accessed by logging into my system first.

So my question is, what is the best way to go about turning that pseudo code into real code? Do I need the integration hooks? or would I be better off just writing my own bespoke code to check SMF's member table?

When it comes to seamlessly logging the user in to SMF what is the best approach to this? The integration hooks seem to be based around triggering an event when the user does something via SMF - ie. logging in - I don't want users to ever have to login to SMF. Is it going to be as simple as a header() redirect to SMF's login script?

Any suggestions would be much appreciated. Likewise if anyone see's any glaring problems with this approach!

Regards

Simon

Orstio · April 09, 2008, 06:55:08 PM

I think the lack of any one definitive method of integration is based mainly on the fact that there are so many different ways to accomplish it.

What you could do, actually, is use the integrate_verify_user hook. If you want to see a working example of its use, download the e107 bridge.

What I have that hook doing for e107 is:

1) Check to see if a user is logged into e107.
If 1) is true, 2) check to see if the user exists in SMF.
3) If 2) is false, create the user in SMF.
4) Return the ID of the user to SMF, so that SMF sees that as the login.

The upside to this method is that SMF authenticates to the e107 cookie, so if the e107 cookie expires, the user is then logged out of the forum as well.

Simon K · April 10, 2008, 04:57:44 AM

Hi Orstio,

Thanks for getting back to me.

I've taken a look at the e107 bridge. In doing it this way will the password on SMF be updated should the user change their password on my system? Or does that not matter?

There doesn't seem to be any readme in any of the bridges or a thread on how one actually goes about installing a bridge. Could you point me in the direction of this info? Perhaps it could be included on the bridges download page?

Regards

Simon

Orstio · April 10, 2008, 06:52:07 AM

QuoteIn doing it this way will the password on SMF be updated should the user change their password on my system? Or does that not matter?

The SMF info does not get updated when changed in your system. That code would need to go in your system, not in the SMF workflow (You could do it in the SMF workflow, but think of the added overhead of querying the database for each user change on each user click -- you would never have more than 10 users online at a time with the slowdown).

That said, you probably want to set up some redirects, probably within the code on one side or the other to make sure that user changes happen only in one place. Having two profiles on the same site can be very confusing for users.

Simon K · April 16, 2008, 08:46:39 AM

Thanks Orstio. I've got it working now. For anyone interested here's what I did.

1. Move SMF's index.php to another location, either by renaming it or moving it outside the document root.

2. In it's place create a page that uses your own authorisation system. ie. only users who are logged in on your system will be able to access it. In it you will place the integration hook data and the associated validation function, then include the original SMF index.php.

Mine looks something like this:

Code Select

<?
include($_SERVER['DOCUMENT_ROOT'] . "/config.inc.php");
session_start();

if ($userid = authuser()) {

	define('SMF_INTEGRATION_SETTINGS', serialize(array(
		'integrate_verify_user' => 'integrate_verify_user',
	)));

	function integrate_verify_user () {

		global $db_name, $db_prefix, $sql, $userdata;

		$query = mysql_query("SELECT ID_MEMBER FROM {$db_prefix}members	WHERE memberName = '$userdata[username]'");

		if (!(list($ID_MEMBER) = mysql_fetch_row($query))) {
			mysql_query("INSERT INTO {$db_prefix}members
				(memberName, realName, passwd, emailAddress, dateRegistered, ID_POST_GROUP, lngfile, buddy_list, pm_ignore_list, messageLabels, personalText, websiteTitle, websiteUrl, location, ICQ, MSN, hideEmail, signature, avatar, usertitle, memberIP, memberIP2, secretQuestion, additionalGroups)
				VALUES ('$userdata[username]', '$userdata[forum_name]', '$userdata[password]', '$userdata[email]', ".time().", '4', '', '', '', '', '', '', '', '', '', '', '1', '', '', '', '', '', '', '')");
			$ID_MEMBER = mysql_insert_id();
		}
		return $ID_MEMBER;
	}

	# Include the original index.php
	include($_SERVER['DOCUMENT_ROOT'] . "/forum/index.inc.php");

} else {

	# Redirect user to login page with variable to send them to correct page once authorised
	header("Location: /login.php?page=" . urlencode($_SERVER[REQUEST_URI]));

}
?>

3. Configure the permissions on your board so that users cannot modify their account settings.

4. Remove the "Logout" option from the SMF template that you are using

5. If your users can edit a profile on your system then you may want to update your code to also update the SMF members table whenever the users makes a change. For example, I've made the forum display name part of the users' profile on my system.

6. Integrated!

The last "else" in the code above points to the login page for my system, passing the URI as a variable. This is where the user is redirected after a successful login and thus allows me to avoid having to change the SMF notification emails.

This seems to be working perfectly for me now, but if anyone see's any obvious problems with it please let me know!

Cheers

Simon

henryford · July 10, 2008, 04:12:13 PM

Simon K,

I used your integration method and things were fine with IE. However, in firefox seems like my CMS seesion data is getting cleaned the moment i am trying to click on a board etc. I checked by using echo that $_SESSION['user_name'] is getting cleared and as a result i cannot pass the user name to the integrate_verify_user hook. surprisingly, no problem in IE !

henryford · July 10, 2008, 04:17:32 PM

I have a feeling that possibly this is what is happening.

CMS has its own session id. and $_SESSION['user_name'] !=NULL
When i am getting to forum page from the CMS pages, i can see as if user is logged into the forum. here also, and $_SESSION['user_name'] !=NULL

Now when i am clicking on anything in the forum, the forum is trying to create another session for the same window / tab. Firefox is getting confusd because of this new session for the same window and is dropping some aspects of the session. and $_SESSION['user_name'] =NULL

however, when i am going back to my CMS pages, user is still logged in !!!!!! and $_SESSION['user_name'] !=NULL again

Very confusing

Simon K · July 10, 2008, 04:24:19 PM

Hi Henry,

Very odd!

Surely all browsers just need a session cookie to be set? The session data is then held server-side.

Sounds more like an issue with your Firefox security settings than a PHP issue... I can't think of anything there that would be browser dependant, and I've got users using various versions of IE, FF, Opera and Safari without any problems...

Not sure what else to suggest I'm afraid!

Simon

henryford · July 10, 2008, 04:37:48 PM

i am using SMF 1.1.4 and firefox 3. works in IE and crazy browser. is there any special admin setting with SMF you are using. things like subdomain independent cookies etc ? i am bridging phpmotion and smf by the way.

henryford · July 10, 2008, 04:42:56 PM

This is my Code - Works fine when it is IE

<?php
include($_SERVER['DOCUMENT_ROOT'] ."/classes/sessions.php");
session_start();
include($_SERVER['DOCUMENT_ROOT'] ."/classes/config.php");
//include($_SERVER['DOCUMENT_ROOT'] ."/classes/login_check.php");
include($_SERVER['DOCUMENT_ROOT'] ."/classes/menu.php");

echo $_SESSION['user_name'];
echo '|';
echo $_SESSION['username'];
echo '|';
echo $user_name;

if($_SESSION['user_name'] != NULL)
{

define('SMF_INTEGRATION_SETTINGS', serialize(array(
'integrate_verify_user' => 'integrate_verify_user',
)));

function integrate_verify_user () {

global $db_name, $db_prefix, $sql, $userdata;

$query = mysql_query("SELECT ID_MEMBER FROM {$db_prefix}members WHERE memberName = '$_SESSION[user_name]'");

if (!(list($ID_MEMBER) = mysql_fetch_row($query))) {
mysql_query("INSERT INTO {$db_prefix}members
(memberName, realName, passwd, emailAddress, dateRegistered, ID_POST_GROUP, lngfile, buddy_list, pm_ignore_list, messageLabels, personalText, websiteTitle, websiteUrl, location, ICQ, MSN, hideEmail, signature, avatar, usertitle, memberIP, memberIP2, secretQuestion, additionalGroups)
VALUES ('$userdata[username]', '$userdata[forum_name]', '$userdata[password]', '$userdata[email]', ".time().", '4', '', '', '', '', '', '', '', '', '', '', '1', '', '', '', '', '', '', '')");
$ID_MEMBER = mysql_insert_id();
}
return $ID_MEMBER;
}

# Include the original index.php
include($_SERVER['DOCUMENT_ROOT'] . "/smf/index.inc.php");

}

else

{
# Include the original index.php
include($_SERVER['DOCUMENT_ROOT'] . "/smf/index.inc.php");

}
?>

henryford · July 10, 2008, 04:44:56 PM

my CMS is at www.mysite.org
SMF is at www.mysite.org/smf

pasupathy · November 27, 2009, 12:01:05 AM

THANK YOU VERY SIMON, THIS PIECE OF CODE HELPED ME

Quote from: Simon K on April 16, 2008, 08:46:39 AM
Thanks Orstio. I've got it working now. For anyone interested here's what I did.

1. Move SMF's index.php to another location, either by renaming it or moving it outside the document root.

2. In it's place create a page that uses your own authorisation system. ie. only users who are logged in on your system will be able to access it. In it you will place the integration hook data and the associated validation function, then include the original SMF index.php.

Mine looks something like this:

Code Select Expand
<? include($_SERVER['DOCUMENT_ROOT'] . "/config.inc.php"); session_start(); if ($userid = authuser()) { define('SMF_INTEGRATION_SETTINGS', serialize(array( 'integrate_verify_user' => 'integrate_verify_user', ))); function integrate_verify_user () { global $db_name, $db_prefix, $sql, $userdata; $query = mysql_query("SELECT ID_MEMBER FROM {$db_prefix}members WHERE memberName = '$userdata[username]'"); if (!(list($ID_MEMBER) = mysql_fetch_row($query))) { mysql_query("INSERT INTO {$db_prefix}members (memberName, realName, passwd, emailAddress, dateRegistered, ID_POST_GROUP, lngfile, buddy_list, pm_ignore_list, messageLabels, personalText, websiteTitle, websiteUrl, location, ICQ, MSN, hideEmail, signature, avatar, usertitle, memberIP, memberIP2, secretQuestion, additionalGroups) VALUES ('$userdata[username]', '$userdata[forum_name]', '$userdata[password]', '$userdata[email]', ".time().", '4', '', '', '', '', '', '', '', '', '', '', '1', '', '', '', '', '', '', '')"); $ID_MEMBER = mysql_insert_id(); } return $ID_MEMBER; } # Include the original index.php include($_SERVER['DOCUMENT_ROOT'] . "/forum/index.inc.php"); } else { # Redirect user to login page with variable to send them to correct page once authorised header("Location: /login.php?page=" . urlencode($_SERVER[REQUEST_URI])); } ?>

3. Configure the permissions on your board so that users cannot modify their account settings.

4. Remove the "Logout" option from the SMF template that you are using

5. If your users can edit a profile on your system then you may want to update your code to also update the SMF members table whenever the users makes a change. For example, I've made the forum display name part of the users' profile on my system.

6. Integrated!

The last "else" in the code above points to the login page for my system, passing the URI as a variable. This is where the user is redirected after a successful login and thus allows me to avoid having to change the SMF notification emails.

This seems to be working perfectly for me now, but if anyone see's any obvious problems with it please let me know!

Cheers

Simon

worshiploud · January 22, 2010, 11:22:55 AM

Quote from: henryford on July 10, 2008, 04:37:48 PM
i am bridging phpmotion and smf by the way.

I have a PHPmotion site. I was considering buying the SMF bridge from PHPmotion or buying the vBulletin bridge. I decided to search this forum to do it on my own without having to pay someone for something that I would most likely be doing myself with purchased instructions.

Henry, Have you been able to get your phpmotion integration to work? Would you be willing to share how you had done it?

Well, this is a great thread.

Trios · January 22, 2010, 03:40:44 PM

Quote from: Simon K on April 16, 2008, 08:46:39 AM
Thanks Orstio. I've got it working now. For anyone interested here's what I did.

1. Move SMF's index.php to another location, either by renaming it or moving it outside the document root.

2. In it's place create a page that uses your own authorisation system. ie. only users who are logged in on your system will be able to access it. In it you will place the integration hook data and the associated validation function, then include the original SMF index.php.

Mine looks something like this:

Code Select Expand
<? include($_SERVER['DOCUMENT_ROOT'] . "/config.inc.php"); session_start(); if ($userid = authuser()) { define('SMF_INTEGRATION_SETTINGS', serialize(array( 'integrate_verify_user' => 'integrate_verify_user', ))); function integrate_verify_user () { global $db_name, $db_prefix, $sql, $userdata; $query = mysql_query("SELECT ID_MEMBER FROM {$db_prefix}members WHERE memberName = '$userdata[username]'"); if (!(list($ID_MEMBER) = mysql_fetch_row($query))) { mysql_query("INSERT INTO {$db_prefix}members (memberName, realName, passwd, emailAddress, dateRegistered, ID_POST_GROUP, lngfile, buddy_list, pm_ignore_list, messageLabels, personalText, websiteTitle, websiteUrl, location, ICQ, MSN, hideEmail, signature, avatar, usertitle, memberIP, memberIP2, secretQuestion, additionalGroups) VALUES ('$userdata[username]', '$userdata[forum_name]', '$userdata[password]', '$userdata[email]', ".time().", '4', '', '', '', '', '', '', '', '', '', '', '1', '', '', '', '', '', '', '')"); $ID_MEMBER = mysql_insert_id(); } return $ID_MEMBER; } # Include the original index.php include($_SERVER['DOCUMENT_ROOT'] . "/forum/index.inc.php"); } else { # Redirect user to login page with variable to send them to correct page once authorised header("Location: /login.php?page=" . urlencode($_SERVER[REQUEST_URI])); } ?>

3. Configure the permissions on your board so that users cannot modify their account settings.

4. Remove the "Logout" option from the SMF template that you are using

5. If your users can edit a profile on your system then you may want to update your code to also update the SMF members table whenever the users makes a change. For example, I've made the forum display name part of the users' profile on my system.

6. Integrated!

The last "else" in the code above points to the login page for my system, passing the URI as a variable. This is where the user is redirected after a successful login and thus allows me to avoid having to change the SMF notification emails.

This seems to be working perfectly for me now, but if anyone see's any obvious problems with it please let me know!

Cheers

Simon

In the above, you have

Code Select

<?
include($_SERVER['DOCUMENT_ROOT'] . "/config.inc.php");

Could you tell me what is in this file? I'm trying to do the same using a homebrew CMS, but before I implement it I need to know what's going on here.

Thanks!

rangi500 · February 15, 2010, 07:15:13 AM

@Simon K - Thanks! this worked great for me.

@Trios - The "config.inc.php" file you asked about will be the login-handling part of your existing system (the one you're integrating with). It will need to define the authuser() function used in the example, and will need to declare the $userdata variable, which is used in the integrate_verify_user() function.

News:

All purpose integration solution?

Orstio

Orstio