MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Using the member system on other pages
Full Version: Using the member system on other pages
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Juzzi

2005-09-04, 12:17 PM
I've got another question. I want to implement the member system of mybb on other pages of my website. They can already log in from other pages (that was easy to do). But now I need to check whether a user is logged in, on a page which doesn't include all the mybb classes. So I need to know how mybb handles the sessions, and what I need to check before I know 100% secure a visitor is logged in. Then I could show the number of new pm's for example on other pages.

Is it right I
  1. First need to check whether there's an session id corresponding with the IP
  2. Need to compare the pass in the mybbuser cookie with the user's pass
  3. compare the cookie's userid to the session uid? ( I didn't see this in class_sessions.php though)

Will this be secure/possible?

Cory

2005-09-04, 12:41 PM
You don't need to cross-reference IP addresses with their session id. You might get visitors who are on dial-up, and when they disconnect and reconnect their modem, they have a slightly different, if not a totally different IP address from the last time they connected.

Your other two steps should work. You can take a look at how mybb handles its sessions by looking at the "global.php" file located at "admin/global.php" at your forums. Why the admin? Well, I'd say, it's probably one of the more important parts for MyBB to protect when it comes to access. (You could also look at your global.php for the index, but I think the global.php for the admin has less coding in it, which means less time looking for it)

Juzzi

2005-09-04, 01:21 PM
Alright, I looked at class_sessions.php, but I'll check the globals as well. Must be able to make it today Wink

Juzzi

2005-09-04, 04:05 PM
Alright, this is my code now (mosty based on class_sessions.php). It seems to work fine Smile Could you guys check whether it's secure enough?

<?php //user.php
function getip() {
	(...)
}

class user {
    var $uid = 0;
    var $username = "";
    var $pms_unread = 0;
    function user(){
        if($_COOKIE['sid'])
            $sid = addslashes($_COOKIE['sid']);
        else
            return false;

        $ip = @getip();
        $query = mysql_query("SELECT sid,uid FROM mybb_sessions WHERE sid='".$sid."' AND ip='".$ip."'") or print(mysql_error());
        $session = mysql_fetch_assoc($query);

    	$sid = $session['sid'];
    	$uid = $session['uid'];
        $logon = explode("_", $_COOKIE['mybbuser'], 2);
        if($uid != $logon[0]) return false;

        $query = mysql_query("SELECT u.loginkey, u.username, SUM(IF(pms.status='0' AND pms.folder='1','1','0')) AS pms_unread FROM mybb_users u LEFT JOIN mybb_privatemessages pms ON (pms.uid=u.uid) WHERE u.uid='$uid' GROUP BY u.uid")or print(mysql_error());
        $query = mysql_fetch_assoc($query);

        if($query['loginkey'] != $logon[1]){
            return false;
        }
        $this->uid          = $uid;
        $this->username     = $query['username'];
        $this->pms_unread   = $query['pms_unread'];
    }
}

Juzzi

2005-09-26, 07:48 PM
My site (http://www.msgweb.nl) is up and running now. There's just a little problem with this script. It somehow doesn't login when you didn't visit the forums first. Something wrong with the sessions query or cookie checking?
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Using the member system on other pages