VATSIM SSO and phpBB

[Zach Biesse-Fitton]

Hi all,

 

I am currently looking at integrating the SSO phpBB.

 

Is there a guide or git as to how VATSIM did it for this phpBB forum?

 

We want to make it easier for our members to join in the community without having to create more unnecessary accounts (and wait for them to be verified).

 

Thanks in advance for your help!

Edited August 3, 2015 at 05:36 AM by Guest

[David Zhong]

Zach,

 

I implemented SSO into the previous RealOps website and [Mod - Happy Thoughts]isted Hayden with the same for this year's event. Let me know if I can help in any way.

[Kieran Hardern]

There is no easy way to do it with phpBB and it requires me to have a look through any update code in detail before applying one (to make sure they haven't changed something I rely on). For this reason, I haven't published the code - as it isn't something that you can apply out of the box.

[Zach Biesse-Fitton]

Thanks for the reply Kieran. Will have to have to try and work it out ourselves!

 

Zhongy, your help is always appreciated , I'll shoot you a message when/if we get to that stage.

[Arne Hunsdiek]

Hi Zach,

 

just to give you a starting point how you could easily implement it.

 

-> disable phpBB default registration

-> create a custom profile field (vatsim id)

-> implement external phpbb login/registration scripts

-> redirect the phpbb login/registration links to your SSO index page

-> let the user enter his credentials and validate these against VATSIM

-> on a positive return:

---> if user does not exist: create a new phpbb user and vACC user - if you want to use an idependent user information database for the mainpage

---> send an activation email

---> if user exist: log in the user to your services

-> use your own salts and peppers to create a (hashed) p[Mod - Happy Thoughts]word with the returned information of the VATSIM SSO (hint: several hmac() loops)

-> use the phpbb_users database as your main user database

 

 

Find below a snippet of what I am doing to register a new user for the phpbb board using VATSIM SSO - for testing purposes I haven't included much more to salt the p[Mod - Happy Thoughts]word. The returned data from SSO is stored in a Session-Array.

 

<?php
@session_start();

define('IN_PHPBB', true);
/* set scope for variables required later */
global $phpbb_root_path;
global $phpEx;
global $db;
global $config;
global $user;
global $auth;
global $cache;
global $template;

# your php extension
$phpEx = substr(strrchr(__FILE__, '.'), 1);
/* test path */
$phpbb_root_path = '../../forums/';
/* live path */
//$phpbb_root_path = '../forums/';

/* includes all the libraries etc. required */
require($phpbb_root_path . 'common.php');
$user->session_begin();
$auth->acl($user->data);

/* the file with the actual goodies */
require($phpbb_root_path . 'includes/functions_user.php');
/* */ 
$ssoPepper = "################################################################################################################################";
$ssoPepperName = "################################################################################################################################";
$ssoPepperVid = "################################################################################################################################";

$error = $cp_data = $cp_error = array();

// validate and register the custom profile fields
$cp_data = array('pf_vatsim_id' => $_SESSION['user']['vid']);

// create an inactive user key to send to them...
$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len < 6) ? 6 : $key_len;
$user_actkey = substr($user_actkey, 0, $key_len);

// set the user to inactive and the reason to "newly registered"
$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();
$default_group_id = 2;
$user_p[Mod - Happy Thoughts]word = hmac('sha256', $_SESSION['user']['name'], $ssoPepperName);
$user_p[Mod - Happy Thoughts]word .= hmac('sha256', $_SESSION['user']['vid'], $ssoPepperVid)
$user_p[Mod - Happy Thoughts]word = hmac('sha256', $user_p[Mod - Happy Thoughts]word, $ssoPepper);

/* All the user data */
$user_row = array(
	'username' => $_SESSION['user']['name'],
	'user_p[Mod - Happy Thoughts]word' => md5($user_p[Mod - Happy Thoughts]word),
	'user_email' => $_SESSION['user']['email'],
	'group_id' => $default_group_id,
	'user_timezone' => 'UTC',
	'user_lang' => 'en',
	'user_type' => $user_type,
	'user_actkey' => $user_actkey,
	'user_dateformat' => 'd M Y, H:i e',
	'user_regdate' => time(),
	'user_inactive_reason' => $user_inactive_reason,
	'user_inactive_time' => $user_inactive_time,
);

/* Now Register user */

$phpbb_user_id = user_add($user_row, $cp_data);

/* SEND ACTIVATION EMAIL */
require_once('./lib/PHPMailer/PHPMailerAutoload.php');
//Create a new PHPMailer instance
$mail = new PHPMailer;
//Tell PHPMailer to use SMTP
$mail->isSMTP();
//Enable SMTP debugging
// 0 = off (for production use)
// 1 = client messages
// 2 = client and server messages
$mail->SMTPDebug = 0;
//Ask for HTML-friendly debug output
$mail->Debugoutput = 'html';
//Set the hostname of the mail server
$mail->Host = "smtp.your-domain.net";
//Set the SMTP port number - likely to be 25, 465 or 587
$mail->Port = 25;
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
//Username to use for SMTP authentication
$mail->Username = "######";
//P[Mod - Happy Thoughts]word to use for SMTP authentication
$mail->P[Mod - Happy Thoughts]word = "######";
//Set who the message is to be sent from
$mail->setFrom('[email protected]', '###### Administration');
//Set an alternative reply-to address
$mail->addReplyTo('[email protected]', '###### Administration');
//Set who the message is to be sent to
$mail->addAddress($_SESSION['user']['email'], $_SESSION['user']['name']);
//Set the subject line
$mail->Subject = '###### Account Activation';
//Read an HTML message body from an external file, convert referenced images to embedded,
//convert HTML into a basic plain-text alternative body
$mail_html_body = "Hello ".$_SESSION['user']['name'].",";
$mail_html_body .= "<p>thank you for your ###### registration. Please click the following link to activate your ###### Account: <a href=\"http://www.your-domain.net/forums/ucp.php?mode=activate&u=".$phpbb_user_id."&k=".$user_actkey."\" target=\"_blank\">http://www.your-domain.net/forums/ucp.php?mode=activate&u=".$phpbb_user_id."&k=".$user_actkey."</a>.</p>";
$mail_html_body .= "<p>If you are unable to click the link please copy the following link and paste in your browser's address bar:<br><br><i>http://www.your-domain.net/forums/ucp.php?mode=activate&u=".$phpbb_user_id."&k=".$user_actkey."</i></p>";
$mail_html_body .= "<p>With kind regards<br>######</p>";
$mail->Body = $mail_html_body;
//Replace the plain text body with one created manually
$mail_text_body = "Hello ".$_SESSION['user']['name'].",\r\n";
$mail_text_body .= "thank you for your ###### registration. Please copy the following link and paste in your browser's address bar:\r\n\r\nhttp://www.your-domain.net/forums/ucp.php?mode=activate&u=".$phpbb_user_id."&k=".$user_actkey."\r\n\r\n";
$mail_text_body .= "With kind regards\r\n######";
$mail->AltBody = $mail_text_body;

//send the message, check for errors
if (!$mail->send()) {
	echo "Mailer Error: " . $mail->ErrorInfo;
} else {
	echo "<p>Your ###### account has been created.</p><p>An email has been sent to your email address <b>".$_SESSION['user']['email']."</b>. Please use the included link to activate your account!</p>";
}

?>

 

Btw, I am open for any suggestion for improvements or alternativ solutions.

 

 

Rgds Arne

[Zach Biesse-Fitton]

Arne,

 

Thank heaps for the response!

 

I will get to work on this (amongst many other things ) on my local server and report back with the progress.

 

Thanks again!