MyBB Community Forums

Hi

I've found a couple of similar topics but none contained really usefull information =(

I'm going to use some external SSO (single sign on) system to authenticate users for MyBB.

The workflow would be:

1. user opens mybb
2. user is not logged in into mybb
3. user is redirected to sso.mydomain
4. user enters valid credentials
5. user is redirected to mybb?ticket=####&userid=###
6. code checks the ticket/userid against a shared DB and finds it valid
7. user is logged into mybb using mybb user info (if it's a first time this user accesses mybb appropriate account is created)
8. user is redirected to mybb

So my question is how do I best do the following:
- #2: I'd like to find that out as soon as possible, like in the top of global.php to redirect user before any headers are sent
- #7/1: how to programatically log a user in
- #7/2: how to programatically create and activate a user

Thanks a lot for your help!
Ilya.

---

Ok, I did it - was simplier that I could imagine ...

Could some take a look if I missed smth huge (all changes in global.php, insert after line 43):

/* ------------------- sso integration ----------------------- */
// check if user is not logged in to mybb
if ($session->uid == 0) {
    chdir('../../sso');
    require_once('./config.php');
    $includePath = '.'.$config['INCL_DELIM'].$config['lib_path'].$config['INCL_DELIM'].$config['lib_path']."extlib/pear/";
    ini_set('include_path', $includePath);
    require_once('fw/dbProvider.php');
    require_once('fw/user.php');
    require_once("fw/userClass.php");

    // try to login via sso, if not successfull - fail
    $ticket = $_REQUEST['ticket'];
    if ($ticket != null) {
    	$userId = $_REQUEST['user_id'];
    	$user = new userClass();
    	$res = $user->authViaTicket($userId, $ticket);

    	if ($res == true) {
    	    // auth user in mybb
    	    $username = $user->get('Login');
    	    $password = $user->get('Pass');
    	    $email = trim($user->get('Email')));
    	    if ($email == '') $email = '[email protected]';

            require_once MYBB_ROOT."inc/functions_user.php";
    	    if (!username_exists($username)) {
    	        //we shud create a new user in mybb based on sso info
                // Set up user handler.
                require_once MYBB_ROOT."inc/datahandlers/user.php";
                $userhandler = new UserDataHandler('insert');

                // Set the data for the new user.
                $user = array(
                    "username" => $username,
                    "password" => $password,
                    "password2" => $password,
                    "email" => $email,
                    "email2" => $email,
                    "usergroup" => 2,
                    "additionalgroups" => '',
                    "displaygroup" => 0,
                    "usertitle" => $user->getName(),
                    "referrer" => '',
                    "timezone" => 3,
                    "language" => '',
                    "profile_fields" => '',
                    "profile_fields_editable" => true,
                    "regip" => '127.0.0.1',
                    "avatar" => '',
                    "website" => '',
                    "icq" => '',
                    "aim" => '',
                    "yahoo" => '',
                    "msn" => '',
                    "style" => 0,
                    "signature" => ''
                );

                $user['birthday'] = array(
                    "day" => 0,
                    "month" => 0,
                    "year" => 0
                );

                $user['options'] = array(
                    "allownotices" => 'yes',
                    "hideemail" => 'yes',
                    "emailnotify" => 'yes',
                    "receivepms" => 'yes',
                    "pmpopup" => 'yes',
                    "pmnotify" => 'yes',
                    "invisible" => 'no',
                    "dst" => 'no'
                );


                // Set the data of the user in the datahandler.
                $userhandler->set_data($user);
                $errors = '';

                // Validate the user and get any errors that might have occurred.
                if(!$userhandler->validate_user())
                {
                    $errors = $userhandler->get_friendly_errors();
                }

                // If there are errors, show them now.
                if(is_array($errors))
                {
                    var_dump($errors);
                    die();
                }
                else
                {
                    $user_info = $userhandler->insert_user();
                }
            }
            $user = validate_password_from_username($username, $password);
            if ($user === false) {
                header('Location: http://sso.domain.ru/badUser.htm');                
            }
            my_setcookie('loginattempts', 1);
            $db->delete_query(TABLE_PREFIX."sessions", "ip='".$db->escape_string($session->ipaddress)."' AND sid != '".$session->sid."'");
            $newsession = array(
                "uid" => $user['uid'],
                "loginattempts" => 1,
                );
            $db->update_query(TABLE_PREFIX."sessions", $newsession, "sid='".$session->sid."'");

            // Temporarily set the cookie remember option for the login cookies
            $mybb->user['remember'] = $user['remember'];

            my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], null, true);
            my_setcookie("sid", $session->sid, -1, true);

            header('Location: http://app.domain.ru/forum/');
        } else {
            // redirect to no_auth_page
            header('Location: http://sso.domain.ru/badUser.htm');
        }
    } else {
        $url = 'http://app.domain.ru/forum/';
        header('Location: http://sso.domain.ru/index.php?return=' . $url);
    }

}

/* ------------------- /sso integration ----------------------- */

Why not just look at the cookies?

mmmm - what do you mean?

When you log into MyBB, a cookie is set on the client's machine so that MyBB knows someone is logged in. For your website, why not just simply check what cookies are being sent to determine whether a user is logged in? You don't even need to bother with writing registration/login code (it's all done for you).

(2008-08-02, 01:11 AM)ZiNgA BuRgA Wrote: [ -> ]When you log into MyBB, ...

Erm ... have you ever read my first post? =)
Thank you for talking to me though - you are the only one who takes interest =)

The whole idea is I DO NOT want anybody to log in to MyBB =)

So my problem is - I have some external method of authentication/authorization which I already use for 4 heterogeneous systems and now I'd like to use it for MyBB because I don't want my users to register themselves and learn new login/passwords/login screens ...

I have this system which tells me: "Ok, I know this guy and his login/email ... pls let him in to the forums ..." and I need a way to tell MyBB that this user is ok and can use forums.

Just for reference here are the older topics which were never resolved:
http://community.mybboard.net/thread-30698.html
http://community.mybboard.net/thread-17881.html

As for me, the solution described above works perfectly and I was just wondering maybe I forgot smth important ... =)

If you have an authentication system already in place and want MyBB to authenticate against that, probably the easiest method is to forge a cookie to trick MyBB into thinking a particular use is logged in, via cookies. (set $_COOKIES['mybbuser'] before the session is loaded, example:

// assume $uid contains the userid of the user
$user = get_user($uid);
$_COOKIES['mybbuser'] = $user['uid'].'_'.$user['loginkey'];

)