Cookies?

[gorzek]

How does Xataface create its cookies? I want to have a separate program actually log you into Xataface, setting the proper cookies and everything. The user information would still be in tables tied to Xataface, I just want to know how the login is done.

[gorzek]

I think you can ignore this one... looks like it's all in $_SESSION after all.

[gorzek]

...or maybe not. OK, I will rephrase my question:

If I want a third-party application to log a user into Xataface, what would I need to set (cookie-wise) or call into (application-wise) to do that? I'm just doing it from phpBB, so it's nothing fancy. I just want to make it set up the proper Xataface session, assuming the username and password are identical between the two applications.

Does that make sense?

[shannah]

Hi gorzek,

It is all stored in $_SESSION, however, by default, xataface stores its session data in its own folder so that it can have complete control over garbage collection etc...

By default, Xataface will store all of its session files in a directory named 'dataface', a subdirectory of the default session save directory.

E.g. if your normal session data directory is /tmp, then xataface will store its files in a directory named '/tmp/dataface'.

You can follow the logic of how this is in the startSession() method of the Dataface_Application class (Dataface/Application.php).

One strategy that could work for you is to set the session_save_path() for PHPBB to use the /tmp/dataface directory (see http://php.net/session_save_path), or modify some code in Xataface to prevent it from changing the directory (really this should be configurable, but it is not currently).

Once you are using the same session data, merging login info is easy. Xataface just checks the $_SESSION['UserName'] variable. If this is set, it assumes that a user by that name is successfully logged in.

-Steve

[gorzek]

I think that's more or less what I was looking for. My understanding of PHP sessions is admittedly limited. I didn't know they were stored in a /tmp directory. Sounds like I should be able to merge them, though. I will give this a shot. Thanks!

[gorzek]

It looks like phpBB doesn't actually use canonical PHP sessions. Go figure. So, I am looking about delegating Xataface's authentication functions.

I did this to replace both getLoggedInUser and isLoggedIn in ApplicationDelegate.php:

Code: Select all

class conf_ApplicationDelegate {

function isLoggedIn() {
   $auth =& Dataface_AuthenticationTool::getInstance();
   define('IN_PHPBB', true);
   $phpbb_root_path = './f/';
   include($phpbb_root_path . 'extension.inc');
   include($phpbb_root_path . 'common.'.$phpEx);

   //
   // Start session management
   //
   $userdata = session_pagestart($user_ip, PAGE_INDEX);
   init_userprefs($userdata);
   //
   // End session management
   //
   if($userdata['session_logged_in'])
   {
      return 1;
   }
   return 0;
}

function getLoggedInUser() {
   $auth =& Dataface_AuthenticationTool::getInstance();
   define('IN_PHPBB', true);
   $phpbb_root_path = './f/';
   include($phpbb_root_path . 'extension.inc');
   include($phpbb_root_path . 'common.'.$phpEx);

   //
   // Start session management
   //
   $userdata = session_pagestart($user_ip, PAGE_INDEX);
   init_userprefs($userdata);
   //
   // End session management
   //
   return $userdata['username'];
}


This doesn't appear to actually do anything. I don't expect you to parse the phpBB portions, but am I at least implementing delegates for these correctly? Or do they follow some other convention, or go in a different file?

[shannah]

The application delegate doesn't actually support getLoggedInUser() or isLoggedIn(). These methods are implemented in the authentication handler.

See
http://weblite.ca/svn/dataface/modules/Auth/http/trunk/
or
http://weblite.ca/svn/dataface/modules/Auth/ldap/trunk/
or
http://weblite.ca/svn/dataface/modules/Auth/cas/trunk/

for examples of authentication handlers.

-Steve

[gorzek]

Are those actually enabled now? I did some forum searches and it sounded like the module framework wasn't really in place yet. I'd love to just throw this in as an auth module--even contribute it back to your source tree. I'm just unclear, not on how to write the module, but on how to configure and use it.

[shannah]

Yes. The authentication modules framework is fully in place. Has been for some time - just undocumented.

The general modules framework is also pretty much in shape - but undocumented.

-Steve

[gorzek]

I managed to get the integration working. Anyone who wants to link phpBB3 with Xataface is going to find quite a hassle, as you can't do it the way the phpBB documents indicate.

I will look into making that module. If I wanted to contribute it back to Xataface, what's the best way for me to do that?

[shannah]

HI Gorzek,

That's great! If you like, I can give you a place on the subversion server and we can make it available on the site.

I'm eager to see your solution. I have mucked around with PHPBB3 in conjunction with Xataface and it wasn't all that easy, especially with the way passwords are done (not just standard md5 like with phpbb2).

-Steve

[gorzek]

My "solution" is not fancy. It would probably need some cleaning up to be worthwhile. There is also some data duplication involved (inserting users into the Xataface user table at the same time as inserting them into phpBB's user table). I did manage to achieve full session integration, though.

Let me know when/where the subversion slot is ready. I'll clean up what I have and throw it in there. Could you give me an example of how to define a [_modules] directive in conf.ini, though? For this one, we would need to store database connection info (since I was actually talking to a phpBB instance in a different database).