UBB.Developers Forums UBB.threads 6 UBB.portal (CMS) PHP Login Code

I know this question has came up a few times frequently, and I'm sharing some of my work that I have done with this.

This was originally posted by Paulus Magnus ( here , and I have ported this to work with 6.4.0 (including the md5 hashing of the cookie password)

You will need to do the following to get it to work with your site:

- Update common.php with the correct paths and email address
- Lines 79 and 85 in login.php is where you set your cookie number

This code doesn't have to be executed in this format (can be called such as index.php?act=login).

How I implemented this was by breaking the code into pieces, and calling certain pieces when necessary, by checking my query string for certain values.

I do have the running live on my site. I utilize the UBB's logoff and registration routines rather than recreating those with PHP.

Clicky Here for the files!

Have fun

nice work

thanks

I didn't think it was possible until Sub Zero posted his reply in an earlier thread I made regarding PHP logins intergrated with UBB. Very informative with the scripts and link provided. I'll post here on my progress.

Here's the 6.5 Verions

Download

P.S. Don't forget to update the domain in cookie sets

The Site You Requested Was Not Found
If You Feel You Reached This In Error, Please Contact Us In Our Forums,
In the UBB Support Section.  
 
                                            Thank You,        
                                                        TheGeeksInc.com Administration

Hey Sub...I'll send you an e-mail soon.

I'm sorry about that. I goofed on the link. I was on the FTP so much I forgot how to spell. The link is valid now

Hey guys, nice work. Has anyone had luck modding this to read and test against UBB cookies?

I've got that *almost* done, but the PHP md5() function doesn't act the same as the Perl md5_hex() function (that UBB uses). Since it returns a different result, the check fails!

Anyone have an idea how to do md5_hex in PHP? If so, I can post a version that will read and use UBB cookies if present, if not prompt the user to log in...

Thanks

I have this working live on my site. I haven't had any problems with the login routine using the md5() on my cookies. My users haven't reported any problems with the code as of yet. The md5 *Should* produce the same output as md5_hex. Both should output a 32 character hex string

All you need to do to check for the cookie is isset($ubber########.####)

md5_hex http://www.cpan.org/modules/by-module/Digest/Digest-Perl-MD5-1.1.readme
md5 http://www.php.net/manual/en/function.md5.php

Yessir, you're right. My mistake was not trim()ing the password read from the UBB member file. It all matches up now, thanks!

Quick update... Here's a version of the script that's cleaned up a bit, and will check to see if the user's logged in via a cookie. If so, they'll get "Welcome [Username]" otherwise they'll get a login screen.

http://cdnarmy.ca/deleteme/phplogin.txt

It's meant to be included as part of a larger page (I.E. in a content island), rather than be a page all on it's own.

thanks Mike

I chose to stick with Paulus' original method with the included file because I use the commmon.php elsewhere

Makes sense. I'm slowly "portalizing" my site, so I may end up there...

For now, I've made the PHP return you back to the referring page, which works much better for included content...

hmm i am bit confused in this, for me it isnt working, ver. 1 cand find any login information and ver.2 does nothing just takes me to the mainpage with any login

.http://www.greek-forum.de/login.php
.http://www.greek-forum.de/login2.php

any help !? :rolleyes:

You need to use the version in the first post, since you are running UBB.classic 6.4.0.1

If you use any of the others, you will not be logged in because the cookie format has changed. Don't forget to make the noted changed, and update the cookie domains

Bug found:

Change:
I'll update the zips tomorrow with the fix.

well obviously my server or something is setup wrong

Warning: open_basedir restriction in effect. File is in wrong directory in /usr/local/psa/home/vhosts/httpdocs/login.php on line 35

Warning: file("/usr/local/psa/home/vhosts/cgi-bin/Members/memberslist.cgi") - Operation not permitted in /usr/local/psa/home/vhosts/httpdocs/login.php on line 35

Warning: fopen("/usr/local/psa/home/vhosts/httpdocs//access_log.txt", "a") - Permission denied in /usr/local/psa/home/vhosts/httpdocs/login.php on line 7

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: fopen("/usr/local/psa/home/vhosts/httpdocs//access_log.txt", "a") - Permission denied in /usr/local/psa/home/vhosts/httpdocs/login.php on line 7

I had to move my members directory inside my noncgi directory due to open_basedir restrictions and my accelerator barfing. It looks like your UBB is unable to read your members directory due to the open_basedir restrictions by your host.

Thanks Sub Zero, Now I'm wondering how much of a security flaw would this be?