I've got a site and a phpBB2 database running just fine.
What I want is to create a members section to access the same MySQL Database that the phpBB2 Forum uses, and pull users from it. But I also want users to be able to register via my own members section.
I don't want to have to include all the extra information (ICQ, AIM, all the options). Just ask for a username, password, and email for registration.
I have a general idea of how to do this, but it isn't working well. I can actually READ from the phpBB2 Database just fine, I just can't seem to figure out how to put a new user into it! Any ideas ,anyone?
Here's my reading script ...
(I did not write these myself. They were on the internet. )
--------------------------
----------
- login.php --------------------------
<?
/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()
) {
$username = addslashes($username);
}
/* Verify that user is in database */
$queryUsername = "select user_password from phpbb_users where username = '$username'";
$result = mysql_query($queryUsername
,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result)
;
// $dbarray['password'] = stripslashes($dbarray['pas
sword']);
$dbarray['user_password'] = stripslashes($dbarray['use
r_password
']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['user_password'])
{
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cooknam
e']) && isset($_COOKIE['cookpass']
)){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
/* Username and password have been set */
if(isset($_SESSION['userna
me']) && isset($_SESSION['password'
])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['
username']
, $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username'
]);
unset($_SESSION['password'
]);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
echo "<h1>Logged In!</h1>";
echo "Welcome <b>$_SESSION[username]</b>
, you are logged in. <a href=\"scripts/logout.php\
">Logout</
a>";
}
else{
?>
<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="scripts\register.php
">Join</a>
</td></tr>
</table>
</form>
<?
}
}
/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'
])){
/* Check that all fields were typed in */
if(!$_POST['user'] || !$_POST['pass']){
die('You didn\'t fill in a required field.');
}
/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if(strlen($_POST['user']) > 30){
die("Sorry, the username is longer than 30 characters, please shorten it.");
}
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user']
, $md5pass);
/* Check error codes */
if($result == 1){
die('That username doesn\'t exist in our database.');
}
else if($result == 2){
die('Incorrect password, please try again.');
}
/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user'
]);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'
])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}
/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERV
ER_VARS[PH
P_SELF]\">
";
return;
}
/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();
?>
----------- register.php --------------
<?
session_start();
include("database.php");
/**
* Returns true if the username has been taken
* by another user, false otherwise.
*/
function usernameTaken($username){
global $conn;
if(!get_magic_quotes_gpc()
){
$username = addslashes($username);
}
$q = "select username from phpbb_users where username = '$username'";
$result = mysql_query($q,$conn);
return (mysql_numrows($result) > 0);
}
/**
* Inserts the given (username, password) pair
* into the database. Returns true on success,
* false otherwise.
*/
function addNewUser($username, $password){
global $conn;
$q = "INSERT INTO phpbb_users VALUES ('$username', '$password')";
return mysql_query($q,$conn);
}
/**
* Displays the appropriate message to the user
* after the registration attempt. It displays a
* success or failure status depending on a
* session variable set during registration.
*/
function displayStatus(){
$uname = $_SESSION['reguname'];
if($_SESSION['regresult'])
{
?>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="..\\index.php" title="Login">log in</a>.</p>
<?
}
else{
?>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
<?
}
unset($_SESSION['reguname'
]);
unset($_SESSION['registere
d']);
unset($_SESSION['regresult
']);
}
if(isset($_SESSION['regist
ered'])){
/**
* This is the page that will be displayed after the
* registration has been attempted.
*/
?>
<html>
<title>Registration Page</title>
<body>
<? displayStatus(); ?>
</body>
</html>
<?
return;
}
/**
* Determines whether or not to show to sign-up form
* based on whether the form has been submitted, if it
* has, check the database for consistency and create
* the new account.
*/
if(isset($_POST['subjoin']
)){
/* Make sure all fields were entered */
if(!$_POST['user'] || !$_POST['pass']){
die('You didn\'t fill in a required field.');
}
/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if(strlen($_POST['user']) > 30){
die("Sorry, the username is longer than 30 characters, please shorten it.");
}
/* Check if username is already in use */
if(usernameTaken($_POST['u
ser'])){
$use = $_POST['user'];
die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
}
/* Add the new account to the database */
$md5pass = md5($_POST['pass']);
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regresult'] = addNewUser($_POST['user'],
$md5pass);
$_SESSION['registered'] = true;
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERV
ER_VARS[PH
P_SELF]\">
";
return;
}
else{
/**
* This is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
?>
<html>
<title>Registration Page</title>
<body>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SEL
F']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>
<?
}
?>
