UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications [6.4 - 6.5] PHP Login Code

I know this question has came up a few times frequently, and I'm sharing some of my work that I have done with this.

This was originally posted by Paulus Magnus ( here , and I have ported this to work with 6.4.0 (including the md5 hashing of the cookie password)

You will need to do the following to get it to work with your site:

- Update common.php with the correct paths and email address
- Lines 79 and 85 in login.php is where you set your cookie number

This code doesn't have to be executed in this format (can be called such as index.php?act=login).

How I implemented this was by breaking the code into pieces, and calling certain pieces when necessary, by checking my query string for certain values.

I do have the running live on my site. I utilize the UBB's logoff and registration routines rather than recreating those with PHP.

Clicky Here for the files!

Have fun

nice work

thanks

I didn't think it was possible until Sub Zero posted his reply in an earlier thread I made regarding PHP logins intergrated with UBB. Very informative with the scripts and link provided. I'll post here on my progress.

Here's the 6.5 Verions

Download

P.S. Don't forget to update the domain in cookie sets

The Site You Requested Was Not Found
If You Feel You Reached This In Error, Please Contact Us In Our Forums,
In the UBB Support Section.  
 
                                            Thank You,        
                                                        TheGeeksInc.com Administration

Hey Sub...I'll send you an e-mail soon.

I'm sorry about that. I goofed on the link. I was on the FTP so much I forgot how to spell. The link is valid now

Hey guys, nice work. Has anyone had luck modding this to read and test against UBB cookies?

I've got that *almost* done, but the PHP md5() function doesn't act the same as the Perl md5_hex() function (that UBB uses). Since it returns a different result, the check fails!

Anyone have an idea how to do md5_hex in PHP? If so, I can post a version that will read and use UBB cookies if present, if not prompt the user to log in...

Thanks

I have this working live on my site. I haven't had any problems with the login routine using the md5() on my cookies. My users haven't reported any problems with the code as of yet. The md5 *Should* produce the same output as md5_hex. Both should output a 32 character hex string

All you need to do to check for the cookie is isset($ubber########.####)

md5_hex http://www.cpan.org/modules/by-module/Digest/Digest-Perl-MD5-1.1.readme
md5 http://www.php.net/manual/en/function.md5.php

Yessir, you're right. My mistake was not trim()ing the password read from the UBB member file. It all matches up now, thanks!

Quick update... Here's a version of the script that's cleaned up a bit, and will check to see if the user's logged in via a cookie. If so, they'll get "Welcome [Username]" otherwise they'll get a login screen.

http://Army.ca/deleteme/phplogin.txt

It's meant to be included as part of a larger page (I.E. in a content island), rather than be a page all on it's own.

Edit: updated link

thanks Mike

I chose to stick with Paulus' original method with the included file because I use the commmon.php elsewhere

Makes sense. I'm slowly "portalizing" my site, so I may end up there...

For now, I've made the PHP return you back to the referring page, which works much better for included content...

hmm i am bit confused in this, for me it isnt working, ver. 1 cand find any login information and ver.2 does nothing just takes me to the mainpage with any login

.http://www.greek-forum.de/login.php
.http://www.greek-forum.de/login2.php

any help !? :rolleyes:

You need to use the version in the first post, since you are running UBB.classic 6.4.0.1

If you use any of the others, you will not be logged in because the cookie format has changed. Don't forget to make the noted changed, and update the cookie domains

Bug found:

Change:
I'll update the zips tomorrow with the fix.

well obviously my server or something is setup wrong

Warning: open_basedir restriction in effect. File is in wrong directory in /usr/local/psa/home/vhosts/httpdocs/login.php on line 35

Warning: file("/usr/local/psa/home/vhosts/cgi-bin/Members/memberslist.cgi") - Operation not permitted in /usr/local/psa/home/vhosts/httpdocs/login.php on line 35

Warning: fopen("/usr/local/psa/home/vhosts/httpdocs//access_log.txt", "a") - Permission denied in /usr/local/psa/home/vhosts/httpdocs/login.php on line 7

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/httpdocs/login.php:35) in /usr/local/psa/home/vhosts/httpdocs/login.php on line 21

Warning: fopen("/usr/local/psa/home/vhosts/httpdocs//access_log.txt", "a") - Permission denied in /usr/local/psa/home/vhosts/httpdocs/login.php on line 7

I had to move my members directory inside my noncgi directory due to open_basedir restrictions and my accelerator barfing. It looks like your UBB is unable to read your members directory due to the open_basedir restrictions by your host.

Thanks Sub Zero, Now I'm wondering how much of a security flaw would this be?

Hi,

Could u place the file back online, it would make life more easely.

Zhnxz in advance.

Hi,

Just a simple question as i am still struggeling with this piece of code.

Might it be that becaus of the version and brand of php i am running that in the script all the line have to be like in the ultimatebb.php code also is used?

Most newer server support shorthand
Whereas older versions of PHP require longhand
which is why a large chunk of developers still do longhand since they work on both...

I'm still trying to work out why it won't work for me, i see neatly that in the log file it clearly say's, login is succesful.
The page in screen is saying that it could not match username and password.
If i use the code as an start of a htm page it will show the page, even if i'm not registered member of ubb and all the cookies are cleared.

Even tried several other validate php software pieces, they are given me the same headache, so it seems that i have to set something in my php.ini file on the machine, but what. I can't figure it out what needs to be changed sinds ultimatebb.php does work.

The only goal i'm trying to do is something like on the simpleminds.com site, restricting html pages to be shown if someone is not a registered member of the community.

And as i'm still new in phpland, some help would be great.

The website is using the following software:

php 4.2.0, perl 5.6 and iis.

btw, if i do not change the into the page returns that username, pwd and submit are unknown values.

Found my solution in an old topic:

https://ubbdev.com/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=8;t=003062