MyBB Community Forums

Hello,

I'm trying to synchronize the login/logout process between wordpress and mybb. I've tried a few different things, but let me first tell you of the requirements.

The users to not need to be stored in the same database, but when a user logs in to wordpress, they need to also be logged in to mybb.

Now, I have sort of hijacked a Wordpress login widget and made some modifications so that when a user logs in, a POST request is made to another PHP file on the server which then attempts to authenticate the myBB user (using MyBB Integration Class).

By writing to a file on the server, I was able to observe that the MyBBI class reports that the authentication was successful, but alas, no cookies are being set, and so the user is not logged in.

I ventured to figure out why, but couldn't. My first assumption was that, probably my script was sending some non-header information to the browser before that point, thus my cookies couldn't be set. However, the Wordpress plugin sets some cookies nearly immediately afterwards, so I got a bit stuck.

If I could make that work, I could disable all logging-in/out from MyBB and restrict it to wordpress.


One thing that occurred to me, though, was that I might be able to force MyBB to use WordPress's cookies, which would really solve all of my problems in one fell swoop. Of course, I'd still have to restrict logging in/out to Wordpress, but I'm facing that prospect anyways.

I wondered, though, if the folks in the community here might have some suggestions that could solve my problems.

Thank-you

(2012-01-23, 09:50 AM)DarkDepths Wrote: [ -> ]The users to not need to be stored in the same database, but when a user logs in to wordpress, they need to also be logged in to mybb.

This is done via cookies, when a user log-in to mybb, the wordpress cookies should be sent in addition to the mybb cookies, and when a user log-in to wordpress, the mybb cookies should be sent in addition to the wordpress cookies. This can be done via plugin in both wordpress & mybb.

(2012-01-23, 09:50 AM)DarkDepths Wrote: [ -> ]Now, I have sort of hijacked a Wordpress login widget and made some modifications so that when a user logs in, a POST request is made to another PHP file on the server which then attempts to authenticate the myBB user (using MyBB Integration Class).

By writing to a file on the server, I was able to observe that the MyBBI class reports that the authentication was successful, but alas, no cookies are being set, and so the user is not logged in.

A wordpress plugin like ajax login widget could help you understand how wordpress get users logged in, you'll then need to implement your own solution.
If you're doing the POST request via curl (or other server-to-server communication) your method is completely wrong. Your server is the one that login, and he's the one that receiving the missing cookies. Disable that right now.

Instead you should write a plugin that will do all the server side things, and send the additional cookies.

(2012-01-23, 09:50 AM)DarkDepths Wrote: [ -> ]One thing that occurred to me, though, was that I might be able to force MyBB to use WordPress's cookies, which would really solve all of my problems in one fell swoop. Of course, I'd still have to restrict logging in/out to Wordpress, but I'm facing that prospect anyways.

I'm not sure I'm understanding what you're trying to do here, but it's sounds like a bad idea, each webware should use its own cookies!

Anyway, you should take serious care of such things, you don't want to find out your users can't login or that your solution expose a vulnerability. An open source plugin solution, could solve that problem, since there are many users that are interested in such a plugin and could help you improve it.

Another tip, let mybb handle you users, it's much more versatile & powerful in user management than wordpress, wordpress should inherit/fetch user permissions from mybb (preferably only once while initially fetching the user from mybb, but user permissions could be changed over time).

Thank you very much for your response.

I realized the POST thing I was doing wouldn't work very soon after making this thread, and have since abandoned it. It's obvious to me now why it fails, but at the time, it must have been what one of my old teachers used to so frequently call a "brainfart."

I think my best move at this time would be to read up on how mybb authenticates users, and how the cookies are signed. Is there any documentation on this, or should I just read through the source?

Thanks again!

Read through the source, whenever you can just use the original core functions or a copy-paste versions of the core functions, it will make your life easier when mybb get updated.

see both of the answers here http://superuser.com/questions/244062/ho...gle-chrome
Chrome could be very useful for any development with cookies

Ok, thank-you very much. I've already looked at the cookies in Chrome, but mybb appears to sign them with some kind of hash code. I'll read through the source to find out how that works!

Thank you again!