User Authentication Class - UBB.Developers

Attached is the file. Rename it user_auth.inc.php and throw it in the includes directory of your forums.

Then just require the file and use it as follows

PHP Code

// Usage:

$userob = new user_auth();

// Am I logged in?
if( $userob->is_logged_in ) {
	// I am logged in
}

// Am I in group 3?
if( $userob->in_group( 3 ) ) {
	// Why, yes we are
}

// Who cares what group I'm in! I wanna know
// if I can read a topic from forum 7
if( $userob->check_access( 7, "read" ) ) {
	// Apparently I can
}

// What if I want to know if I'm an administrator
if( $userob->fields['USER_MEMBERSHIP_LEVEL'] == "Administrator" ) {
	// That means I'm teh uber user	
}

// Want to create a welcome message?
if( $userob->is_logged_in ) {
	if( $userob->is_banned ) {
		echo "Go away, " . $userob->fields['USER_DISPLAY_NAME'];
	} else {
		echo "Welcome, " . $userob->fields['USER_DISPLAY_NAME'];
	}
} else {
	echo "Please register";
}

Note that $userob->fields is the same as the $user you've been using before, just wanted to not have two different variables hanging around

If you have any problems, it could be due to some paths being off, but the php error will explain that

Attached File

2389-user_auth.txt (184 downloads)

Grazie Ian

Looks awesome :), can't wait to get some time to fiddle hehe

Hi, thanks for the code! As usual, I'm trying to do something weird with things and have a little prob:

I get this error message:
Fatal error: Cannot instantiate non-existent class: userauth in /home/XXXX/public_html/wiki/extensions/ubbt_auth_mod.php on line 24

I have tow domains set up like this:
www.hairfacts.com
www.hairtell.com (which is actually located at www.hairfacts.com/hairtell)

I'm trying to make people have to be logged into the forum at www.hairtell.com/forum before they can access an editing page at www.hairfacts.com/wiki

I know usually this wouldn't work cross-domain, but since hairtell.com is actually a folder inside hairfacts.com, I thought it might work. It actually includes the files, and recognizes the sql class, but dies on the "userauth" class. I also don't know why it's showing "userauth" in lowercase letters in the error message, since it's declared and called like "UserAuth"

Any thoughts? =)

I'll bet it's the cross-domain issue.

Yes, the cookies belong to one domain, security won't allow it to run on a seperate domain properly, imo

The cookies are an issue, definitely. I wonder why it's seeing the UserAuth class as non-existant, though. Its existance wouldn't be tied to a cookie issue...

As long as the URLs are properly set in the userauth.php file, and the path to said file is proper, it should work :scratches head:

$userob = new UserAuth();
appears before line 24 in public_html/wiki/extensions/ubbt_auth_mod.php ?

The error message returning the class name in lowercase is a PHP bug which has been fixed I think in the latest PHP. So I don't think that's your problem.

Originally Posted by Ian Spence

if( $userob->check_access( 7, "read" ) ) {
// Apparently I can

The authentication works like a charm, but I do have troubles with this one.

It worked yesterday evening, and suddenly stopped working. After puzzling around for a while, finally it was fixed by updating the permissions from the control panel.

No changes or anything, just hit the update button.

Edit: It happened again. I commented out the caching check and it seems to work stable now.

Code

		//if( ! $data ) {
			$this->build_permissions();
			return true;
//		}

When a user has a valid cookie file, but that account was deleted, this class also gives an error at line 78.

Code

foreach( $temp as $k => $v ) {

Updated first post to address all bugs mentioned. Note that the class was renamed to work with a bug in php (it's now user_auth, not UserAuth)

Originally Posted by Ian Spence

Updated first post to address all bugs mentioned. Note that the class was renamed to work with a bug in php (it's now user_auth, not UserAuth)

Thanks for the fixes! I use this one extensively in just about every supporting script I have running here!

Now here is a surprise !
Its not working for me? It seems that its not picking up on $userob.

File saved and uploaded into forums/includes folder as user_auth.inc.php
Paths updated
New file with simple test code

PHP Code



file test-auth.php 
<?php
include ('forums/includes/user_auth.inc.php');
echo "test auth <br />";

$userob = new user_auth();

// Am I logged in?
if( $userob->is_logged_in ) {
echo "you are logged in";
}

?>

Out put only my first test echo of test auth

If i'm logged in or not the result is the same?
ive tried full paths and relative paths

If they are wrong i do get the php error so they are correct.
Humm what could be wrong?

Help << i'm stuck.

Aso if i run the file with all of the examples in the first post,
i get this error which made me use the test text.

Warning: in_array() [function.in-array]: Wrong datatype for second argument in forums/includes/user_auth.inc.php on line 202

Whats wrong ?

Thanks for any help as always

In my best Penelope Pit stop voice

Any one ?
Helllp

hmmm, it could use some 'or die' statements to show where it's failing, tho I guess if it doesn't print any of them none of them are working.

I would first double-check the path/url posted to the top - some servers want full paths/urls to the include file, not a relative one - this could be why it's not printing any results.

PHP Version 5.2.2

im using full paths in all instances

ive chopped out the full path in my example

/home/cwcom/domains/xxxxx.co.uk/public_html/forums

include ('/home/xxxxx/domains/xxxxxxxx.co.uk/public_html/forums/includes/user_auth.inc.php');

the 2 paths in the /includes folder are also correct.

require_once( "/home/xxxxx/domains/xxxxxxx.co.uk/public_html/forums/includes/config.inc.php" );
require_once( "/home/xxxxx/domains/xxxxxx.co.uk/public_html/forums/libs/mysql.inc.php" );

any little scripts i can try to start to debug this ?

Good question - Ian may be your only hope, I haven't tried this one but if it works for others it should work for you.

Find:

Code

function UserAuth() {

Replace with:

Code

function user_auth() {

The constructor didn't get renamed when I renamed the class. I can't wait until Threads stops supporting PHP 4.X

Originally Posted by Ian Spence

The constructor didn't get renamed when I renamed the class. I can't wait until Threads stops supporting PHP 4.X

Talked to Rick about that, he said that anything like that would be far off

Not much after Dec 31, eh?

Originally Posted by Ian Spence

Find:

Code

function UserAuth() {

Replace with:

Code

function user_auth() {

The constructor didn't get renamed when I renamed the class. I can't wait until Threads stops supporting PHP 4.X

Done but still not working. ??

Snip it from the includes file.

PHP Code



class user_auth {
	var $fields;
	var $is_logged_in;
	var $permissions;
	var $is_banned;
	var $groups;

	function user_auth() {
		global $config, $dbh;

		// First, the stupid stuff we do in every constructor

My page is test.php

PHP Code


<?php
include ('/home/xxxxx/domains/xxxxxxxxx/public_html/forums/includes/user_auth.inc.php');

// Want to create a welcome message? 
if( $userob->is_logged_in ) { if( $userob->is_banned ) { echo "Go away, " . $userob->fields['USER_DISPLAY_NAME']; } else { echo "Welcome, " . $userob->fields['USER_DISPLAY_NAME']; } } else { echo "Please register<br />"; } 
echo "Script has ran. <br />";
?>

1. I am logged into my forums
2. Output = "Please register"
3. No errors out put ??

I cant understand what's wrong?

Its there a die script i can do for the sql?
To see where its failing??

Thanks for the help and assistance as always.

$userob = new user_auth();

needs to be there, before you can start using the class.. :2c:

PHP Code




<?php
include ('../libs/forums/includes/user_auth.inc.php');

// Instantiate the user auth class as muhaha, for example
$muhaha = new user_auth();	 // w00t, yah baby :rawk:

// Want to create a welcome message? 
if( $muhaha->is_logged_in ) { 
  if( $muhaha->is_banned ) { 
	echo "*cough* be gone, " . $muhaha->fields['USER_DISPLAY_NAME']; 
  } 
else { 
  echo "Waaazzaaaap, " . $muhaha->fields['USER_DISPLAY_NAME']; 
  } 
} else { echo "Please register<br />"; 
  } 
echo "Veni, vidi, vici!! <br />";
?>

of course, use 'userob' for your case. i just kinda like 'muhaha'

Sweet that works

Thanks for getting back

looks like i was missing the

$muhaha = new user_auth(); // w00t, yah baby :rawk:
in my protected page

Thanks again.
i laughed at the outputs lol

Will this work in 7.3 ??

For chat integration, the chat should be able to call up the ubb profile of a user.

This is complicated by the fact that these are not organized by user name but by number.

Can you please post a conversion routine from user name to user number?
Or a routine that outputs the profile but uses user name as input?
Or even better, both of the above?

I post this here in the midst of this thread, as this is intrinsically related to user authentication, and actually a by-product of the user authentication code. Whoever needs user authentication for an external product like a chat could use a user profile link.

And like Mark_S, I am curious if all this will work for 7.3

Thank you

This works in 7.3, except for the permission reading stuff. That has changed. If you need that, like I do, this script would have to be updated.

A query that gets a username if you only have a number is easy.

Code

select ubbt_USER_DISPLAY_NAME from ubbt_USERS where USER_ID = 50

Thanks Yarp!

Originally Posted by blaaskaak

This works in 7.3,

FYI: It does *NOT* work. It might have when I tested it a while ago, but it doesn't work anymore now.

Originally Posted by blaaskaak

FYI: It does *NOT* work. It might have when I tested it a while ago, but it doesn't work anymore now.

okay, got it working again. If you are in desperate need for it, pm me, since my fixes are far from neat. I just plunged through it and tried stuff till I got it working.

Also, the forum permissions stuff is all disabled in my fix.

PHP Code

// Am I in group 3?
if( $userob->in_group( 3 ) ) {
	// Why, yes we are
}

Is anyone out there using the in_group check successfully? I'm running 7.2.2 and it doesn't seem to work for me.

I've got a simple conditional check:

PHP Code

if ($userob->is_logged_in ) {
  if (in_array($userob->fields['USER_ID'], $authors)) {
	// Allow specific IDs
	$allow = 1;
  } elseif ($userob->in_group(5)) {
	// Allow members in Group 5
	$allow = 1;
  } else {
	// Not allowed
	$allow = 0;
  }
}

which fails, even though a user is part of group id 5. The individual ID check works fine though.

Has anyone gotten this working (at least checking groups) in 7.3? I need something for a project I'm working on...

I've got it working in 7.3, but I did not implement group checking yet. I only need it in one homemade script, and just made a query in that specific script.

PHP Code

$query = "
	select count(USER_ID) from ubbt_USER_GROUPS
	where USER_ID = ?
	and GROUP_ID in (
	SELECT GROUP_ID
	FROM ubbt_FORUM_PERMISSIONS
	WHERE FORUM_ID = ?
	AND READ_TOPICS > 0 )
";
$sth = $dbh -> do_placeholder_query($query,array($myuserid,$board),__LINE__,__FILE__);
list($access) = $dbh->fetch_array($sth);

if (!$access) { 
echo "SeeYa";exit; }

I am converting most of my scripts to the ubb environment where authentication and group checking is done for me

as long as you include user.inc.php in your user auth dude, the code would be

PHP Code

$yarp = new user();  // only needs to be done 1 time
if (!$yarp->check_access('forum','READ_TOPICS',$board)) {
   echo 'Ciao bella!';
   exit;
}
if ($yarp->check_access('site','CAN_USE_ARCADE')) {
  echo 'w00t! and arcade :)';
}

reason for $userobaxx is that $userob is prolly in use for the user_auth dealio

so to modify my original post a bit:

PHP Code

include ('../libs/forums/includes/user.inc.php');
include ('../libs/forums/includes/user_auth.inc.php');

// Instantiate the user auth class as muhaha, for example
$muhaha = new user_auth();	 // w00t, yah baby :rawk:
$yarp = new user();

// Want to create a welcome message? 
if( $muhaha->is_logged_in ) { 
  if( $muhaha->is_banned ) { 
	echo "*cough* be gone, " . $muhaha->fields['USER_DISPLAY_NAME']; 
  } 
else { 
  echo "Waaazzaaaap, " . $muhaha->fields['USER_DISPLAY_NAME']; 
  } 
} else { echo "Please register<br />"; 
  } 
echo "Veni, vidi, vici!! <br />";

// New perm crapola goes here :)
if (!$yarp->check_access('forum','READ_TOPICS',$board)) {
   echo 'Ciao bella!';
   exit;
}
if ($yarp->check_access('site','CAN_USE_ARCADE')) {
  echo 'w00t! and arcade :)';
} 
?>

This shows me all the fields|values under the "fields" array but I cant seem to dump the "groups" array.

foreach ($userob->fields as $key => $value) { print "$key $value
"; }

that's because it's an array, so you'd need a nested for loop for that array

What do we add to this so that we get the site wrapper.

I mean I have what I want working but I would like it all to be placed in the middle section of the site?

Originally Posted by swebs

What do we add to this so that we get the site wrapper.

I mean I have what I want working but I would like it all to be placed in the middle section of the site?

Check the sticky thread titled [7.x] Generic Page Outside of forum directory in this forum.

The problem is that I have a bunch of dynamic pages that call eachother. I would have to create a bunch of wrapper pages.

Is there any way to create 1 file the I can include in my code to add the header and footer of the site?

Originally Posted by swebs

The problem is that I have a bunch of dynamic pages that call eachother. I would have to create a bunch of wrapper pages.

Is there any way to create 1 file the I can include in my code to add the header and footer of the site?

I did this for a client over at www.jrdrags.com actually... Let me know if it's what you're looking for and I'll throw the mockup up here... (check out the side navbar, all links go through a central location)

I'm getting this weird error. Any ideas? Running php.v.5.2.6 and threads.v.7.3.1

Fatal error: Call to undefined function array_get() in xxx/forum/libs/mysql.inc.php on line 150

i don't think its compatible with 7.3 or newer

I wasn't sure when Blaaskaak said he has it working if he meant unmodified or if he had to modify it. Nonetheless the error is a bit weird. Any help getting this working for me would be hugely appreciated.

Will post my updated version tomorrow. Do mind that it does not support the new 7.3 permission matrix.

PHP Code



<?php
require('/home/themeparknl/html/themepark.nl/ubb/libs/smarty/Smarty.class.php');
$smarty = new Smarty();

$smarty->template_dir = 'templates/default';
$smarty->compile_dir = 'templates/compile';

require_once( "/home/themeparknl/html/themepark.nl/ubb/includes/config.inc.php" );
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/mysql.inc.php" );
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/html.inc.php");
require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/ubbthreads.inc.php" );

$dbh = new sql;
$dbh->connect();

class admin {
	function error( $x ) {
		echo 'SQL error';
		die;
	}
}

//function getmicrotime(){
//	list( $usec, $sec ) = explode( " ", microtime() );
//	return ( (float) $usec + (float) $sec );
//}

//function find_environmental( $x ) {
//	return isset( $_SERVER[$x] ) ? $_SERVER[$x] : "";
//}

class UserAuth {
	var $fields;
	var $is_logged_in;
	var $permissions;
	var $is_banned;
	var $groups;

	function UserAuth() {
		global $config, $dbh;

		// First, the stupid stuff we do in every constructor
		$this->fields = array();
		$this->is_logged_in = false;
		$this->permissions = "";
		$this->is_banned = false;
		$this->groups = array();

		// Now, the real meat
		$id = $this->fetch_cookie( "ubbt_myid" );
		$pass = $this->fetch_cookie( "ubbt_pass" );

		if( $id == 0 ) {
			$this->is_logged_in = false;
			$this->fields = array(
				'USER_ID' => 1,
				'USER_DISPLAY_NAME' => "Anonymous",
			);
			$this->get_permissions();
			return;
		}

		$query = "
			SELECT	t1.USER_ID, t1.USER_DISPLAY_NAME, t1.USER_PASSWORD, t1.USER_MEMBERSHIP_LEVEL, t1.USER_IS_BANNED,
				t2.*
			FROM	{$config['TABLE_PREFIX']}USERS as t1,
				{$config['TABLE_PREFIX']}USER_PROFILE as t2
			WHERE	t1.USER_ID = t2.USER_ID AND t1.USER_ID = ?
		";

		$sth = $dbh->do_placeholder_query( $query, array( $id ), __LINE__, __FILE__ );
		$temp = $dbh->fetch_array( $sth );

		foreach( $temp as $k => $v ) {
			if( is_numeric( $k ) ) {
				unset( $temp[$k] );
			}
		}

		$this->fields =& $temp;
		
		$this->get_permissions();


		$key = $this->fetch_cookie( "ubbt_key" );
		$session = $this->fetch_cookie( "ubbt_mysess" );

		if( $this->fields['USER_SESSION_ID'] == $session ) {
			$this->is_logged_in = true;
			$this->check_ban();
			return;
		}

		if( $key == md5( $this->fields['USER_ID'] . $this->fields['USER_PASSWORD'] ) ) {
			srand( (double) ( microtime() * 1000000 ) );

			$new_session_id = md5( rand( 0, 32767 ) );

			$now = time() + ( $config['SERVER_TIME_OFFSET'] * 3600 );

			$query = "
				UPDATE	{$config['TABLE_PREFIX']}USERS
				SET	USER_SESSION_ID = ?
				WHERE	USER_ID = ?
			";

			$dbh->do_placeholder_query( $query, array( $new_session_id, $this->fields['USER_ID'] ), __LINE__, __FILE__ );

			$this->set_cookie( "ubbt_mysess", $new_session_id );
			$this->is_logged_in = true;

			$query = "
				UPDATE	{$config['TABLE_PREFIX']}USER_DATA
				SET	USER_LAST_VISIT_TIME = ?
				WHERE	USER_ID = ?
			";

			$dbh->do_placeholder_query( $query, array( $now, $this->fields['USER_ID'] ), __LINE__, __FILE__ );
			$this->check_ban();
			return;
		}
	}

	function check_ban() {
		// This will be especially long, since I refuse to require
		// an html object, since that makes this class pointless.
		global $config, $dbh;

		// First, is his status actually set to banned?
		if( $this->fields['USER_IS_BANNED'] ) {
			// This user was specifically banned, so find out for how long
			require_once( "/home/themeparknl/html/themepark.nl/ubb/libs/triggers.inc.php" );
			$free = trigger_ban_expiration();

			if( ! isset( $free[ $this->fields['USER_ID'] ] ) ) {
				$this->is_banned = true;
			}
		}

		$ip = $_SERVER['REMOTE_ADDR'];

		$query = "
			SELECT	COUNT( BANNED_HOST )
			FROM	{$config['TABLE_PREFIX']}BANNED_HOSTS
			WHERE	? LIKE BANNED_HOST
		";

		$sth = $dbh->do_placeholder_query( $query, array( $ip ), __LINE__, __FILE__ );
		list( $banned ) = $dbh->fetch_array( $sth );

		if( $banned ) {
			$this->is_banned = true;
		}
	}



	function fetch_cookie( $name ) {
		global $config;

		$k = $config['COOKIE_PREFIX'] . $name;

		return isset( $_COOKIE[$k] ) ? $_COOKIE[$k] : "";
	}

	function set_cookie( $name, $value ) {
		global $config;

		$name = $config['COOKIE_PREFIX'] . $name;
		$path = ( $config['COOKIE_PATH'] ? $config['COOKIE_PATH'] : ( $config['SEARCH_FRIENDLY_URLS'] ? "/" : "" ) );

		setcookie( $name, $value, 0, $path );

		if( $value ) {
			$_SESSION[$name] = $value;
		} else {
			unset( $_SESSION[$name] );
		}
	}

	function in_group( $id ) {
		return in_array( $id, $this->groups );
	}

	function build_permissions() {
		global $config, $dbh;

		if( is_array( $this->permissions ) ) {
			return true;
		}

		$this->permissions = array();

		$query = "
			SELECT	GROUP_ID
			FROM	{$config['TABLE_PREFIX']}USER_GROUPS
			WHERE	USER_ID = ?
		";
		
		$sth = $dbh->do_placeholder_query( $query, array( $this->fields['USER_ID'] ), __LINE__, __FILE__ );
		
		$groups = array();
		while( $x = $dbh->fetch_array( $sth ) ) {
			$groups[] = $x[0];
		}
		
		if( count( $groups ) == 0 ) {
			$groups[] = "4";
		}

		$this->groups = $groups;
		
		$query = "
			SELECT	*
			FROM	{$config['TABLE_PREFIX']}FORUM_PERMISSIONS
			WHERE	GROUP_ID in ( ? )
		";
		
		$sth = $dbh->do_placeholder_query( $query, array( $groups ), __LINE__, __FILE__ );
		
		while( $result = $dbh->fetch_array( $sth ) ) {
			if( ! $this->check_access( $result['FORUM_ID'], "read" ) ) {
				$this->set_access( $result['FORUM_ID'], "read", $result['FORUM_PERMISSION_CAN_READ'] );
			}
			
			if( ! $this->check_access( $result['FORUM_ID'], "topic" ) ) {
				$this->set_access( $result['FORUM_ID'], "topic", $result['FORUM_PERMISSION_CAN_CREATE_TOPIC'] );
			}
			
			if( ! $this->check_access( $result['FORUM_ID'], "reply" ) ) {
				$this->set_access( $result['FORUM_ID'], "reply", $result['FORUM_PERMISSION_CAN_CREATE_REPLY'] );
			}
		}
		
		$now = time();
		$cutoff = $now - ( 3600 * 4 );
		
		$query = "
			DELETE FROM	{$config['TABLE_PREFIX']}CACHED_PERMISSIONS
			WHERE		CACHED_TIMESTAMP < ?
		";
		
		$dbh->do_placeholder_query( $query, array( $cutoff ), __LINE__, __FILE__ );
		
		$query = "
			REPLACE INTO	{$config['TABLE_PREFIX']}CACHED_PERMISSIONS
					( USER_ID, CACHED_PERMISSION_DATA, CACHED_TIMESTAMP )
			VALUES		( ?, ?, ? )
		";
		
//		$dbh->do_placeholder_query( $query, array( $this->fields['USER_ID'], serialize( $this->permissions ), $now ), __LINE__, __FILE__ );
	}

	function get_permissions() {
		global $config, $dbh;

		// First, check to see if we have permissions cached
		$query = "
			SELECT CACHED_PERMISSION_DATA
			FROM {$config['TABLE_PREFIX']}CACHED_PERMISSIONS
			WHERE USER_ID = ?
		";

//		$sth = $dbh->do_placeholder_query( $query, array( $this->user_id ), __LINE__, __FILE__ );
		list( $data ) = $dbh->fetch_array( $sth );

		//if( ! $data ) {
			$this->build_permissions();
			return true;
//		}

		$this->permissions = unserialize( $data );
		return is_array( $this->permissions );
	}

	function check_access( $id, $type ) {
		return isset( $this->permissions[$id][$type] ) && $this->permissions[$id][$type] == 1;
	}
	
	function set_access( $id, $type, $val ) {
		if( ! isset( $this->permissions[$id] ) ) {
			$this->permissions[$id] = array();
		}
		
		$this->permissions[$id][$type] = $val;	
	}
}
?>

I am dropping this in as-is on my site. You'd need to adjust the include paths for your site.

Lots of stuff that game me errors just got commented out, I never did a cleanup and as I said, reading out forum permissions does not work anymore.

Sweet! It works! Thanks Yarp!

thanks blaaskaak

Has anyone got this working under 7.5?

Played around and got yarp's version running on 7.5.6; not sure why it didn't like me at first lol...