PDA

View Full Version : I need some help with this eqdkp bridge - possibly a session management issue


LittleB@
10-07-2008, 02:16 PM
To make a long story short, I've found a eqdkp bridge that supposedly should allow me to use one single user account for both my forums and my eqdkp-site.

The original eqdkp session.php is included as an attachment. The istructions for the bridge code are as follows:

Find:
/**
* Attempt to log in a user

After, replace everything with:
*
* @param $username
* @param $password
* @param $auto_login Save login in cookie?
* @return bool
*/
function login($username, $password, $auto_login)
{
// EDIT BY OBRAX - Thanks to Kazan for phpbb3-Bridge
// Vbulletin - EQDKP - Bridge

//echo $a_username ." versucht ?ber vb-bridge einzuloggen. -- ";

// global $user,;
global $db, $eqdkp;

$a_username = strtolower($username);

$vb_prefix = "vb3_"; // Change to your vb-Prefix
$group_ids = "1,2,3"; // Change to the Group-ID(s) who should be allowed to log in to eqdkp

$sql = "SELECT user_id, username, user_password, user_email
FROM " . USERS_TABLE . "
WHERE username='" . $a_username . "'";

$local_users_table = $db->query($sql);


$sql = "SELECT userid, password, email, salt
FROM ".$vb_prefix."user
WHERE username='" . $a_username . "'";
$remote_users_table = $db->query($sql);

if ( $rut_row = $db->fetch_record($remote_users_table) )
{
//echo "Remote-Userid: ".$rut_row[userid]." -- ";
//Remote user check passed
$db->free_result($remote_users_table);
$db->free_result($remote_groups_table);

$sql = "SELECT count(*) as valid FROM ".$vb_prefix."user WHERE (membergroupids like '%$group_ids%' or usergroupid='$group_ids') and userid='" . $rut_row['userid'] . "'";
$remote_groups_table = $db->query($sql);

$rgt_row = $db->fetch_record($remote_groups_table);

//echo $rgt_row['valid']." User mit Berechtigung gefunden -- ";
//Checking remote user table");
if ( (md5(md5($password).$rut_row['salt']) == $rut_row['password']) && $rgt_row['valid'] > 0)
{
//echo "Eingegebenes vb-Passwort korrekt -- ";
//Remote active check passed
if ($lut_row = $db->fetch_record($local_users_table))
{
//echo "EQDKP-Passwort synchronisiert -- ";
//Local user found
//sync password
$sql = "UPDATE " . USERS_TABLE . " SET user_password='" . md5(md5($password).$rut_row['salt']) .
"' WHERE username='" . $a_username . "'";
$db->query($sql);
$userid = $lut_row['user_id'];
}
else
{
//Creating local user
//create local row
$sql = "insert into " . USERS_TABLE . " set username='".$a_username."', user_password='".md5(md5($password).$rut_row['salt'])."', user_email='".$rut_row['email']."', user_active='1', user_style=".$eqdkp->config['default_style'].", user_lang='".$eqdkp->config['default_lang']."'";
$db->query($sql);
//echo $a_username . $password . $rut_row['salt'] . $rut_row['email'] . users_table;
$userid = $db->insert_id();
$sql = 'SELECT auth_id, auth_default
FROM ' . AUTH_OPTIONS_TABLE . '
ORDER BY auth_id';
$result = $db->query($sql);
while ( $row = $db->fetch_record($result) )
{
$sql = 'INSERT INTO ' . AUTH_USERS_TABLE . "
(user_id, auth_id, auth_setting)
VALUES ('" . $userid . "','" . $row['auth_id'] . "','" . $row['auth_default'] . "')";
$db->query($sql);
//echo "EQDKP-User angelegt und Daten synchronisiert -- Login ?ber dein vb-Passwort -- ";
}
$db->free_result($result);
}
$db->free_result($local_users_table);

$auto_login = ( !empty($auto_login) ) ? md5($password) : '';
return $this->create($userid, $auto_login, true);
}
}
return false;
}
}
?>

Whenever I try to log in with a user that exist on my forums and that is in one of the allowed user groups I get an error saying I provided the wrong passowrd or that I am using an account which is not active.

My php skills are limited and I have little understanding of how to really work with mysql - I'm a true novice and that's why I turn to you :erm:

any way, I enabled the various echo lines and tracked down my first halt at
echo $rgt_row['valid']." User mit Berechtigung gefunden -- ";
which would basically tell me "0 authenticated users found" even thou I am absolutely sure I am entering the correct name and password and that the user (my admin acc) is in a group that should be allowed to use eqdkp according to the $group_ids variable.

so basically, what am I missing, does it have something to do with the session/password/whathever management in vbulletin which is not taken care of here or what am I missing?

In an attempt to be as detailed as possible I will include the eqdkp login.php as well, oh, and I am using the latest vbulletin forums (vBulletin 3.7.3 Patch Level 1) together with eqdkp-1.3.2f (but you will be able to see the code in my attachments any way)

I'd appreciate the tiniest help/hint with this, thnx in advance

Edit, creds to the original author of the bridge which can be found here:
http://forums.eqdkp.com/index.php?showtopic=10360

Dismounted
10-08-2008, 05:57 AM
This query:
SELECT count(*) as valid FROM ".$vb_prefix."user WHERE (membergroupids like '%$group_ids%' or usergroupid='$group_ids') and userid='" . $rut_row['userid'] . "'
Will fail. To have it evaluate to pass your condition, you would have to be a member of group 1, 2 AND 3.

LittleB@
10-12-2008, 07:04 AM
oh I see, any easy way to fix this with an "OR" somewhere or should I just make sure the user has an additional usergrp called "eqdkpaccess" lets say with the id 18 or whatever and then have jst 18 in my list of usergrps

(the last statement is how I am going to try and solve it for now since my mysql syntax know-hows are limitied, any help to solve this with the ability to insert more usergrp ids would be awesome)

and thnx Dismounted for pointing out the "error" hopefully with just that sorted I can start using it for real =)

Dismounted
10-12-2008, 08:45 AM
Just make $group_ids an array, and then in the query where you fetch user data, fetch the usergroup IDs as well, then just use this:
$membergroupids = explode(',', $rut_row['membergroupids']);

foreach ($membergroupids AS $id)
{
if (in_array($id, $group_ids))
{
$userok = true;
break;
}
else
{
$userok = false;
}
}

if (!in_array($rut_row['usergroupid'], $group_ids) AND !$userok)
{
// user is not allowed
}

LittleB@
10-12-2008, 08:54 AM
I see, thank you :)

Now I just need some1 to babysit me through the process by adding FIND: "blabla" AFTER: Replace with "blablabla" :o