在我的网站中使用PHPBB2登录凭据 [英] Use PHPBB2 Login Credentials in my site

问题描述

我目前正在其中一个站点的一部分使用PHPBB2论坛，我想扩展此站点(添加新页面，脚本等).我想将对这些页面的访问限制为已经在PHPBB2论坛中登录的用户.

I'm currently using a PHPBB2 forum for a section of one of my sites, and I would like to extend this site (add new pages, scripts, etc). I would like to restrict access to these pages to the users already logged in the PHPBB2 Forum.

实际上，如果只有某个MemberGroup的成员可以访问这些页面，那就太好了.

In fact, if only members of a certain MemberGroup could access these pages, that would be great.

是否可以在我网站的其余部分使用相同的登录凭据，并查看成员来自哪个组?

Is there a way to use the same login credentials on the rest of my site, and to check out which groups the members are from?

谢谢

(顺便说一下，这些页面都在PHP中)

(by the way, these pages are in PHP)

推荐答案

如果用户登录PHPBB，则很有可能(尽管并非总是如此)他们将拥有一个cookie，您可以阅读该cookie并帮助进行检查.谁是谁反对数据库.

If a user is logged into PHPBB, there's a good chance, though not always likely, that they will then have a cookie that you can read and help with checking who's who against the database.

在这种情况下，您需要破坏以下Cookie的碎屑:

In this case, you'll want to break the crumbs of the cookie below:

$_COOKIE["phpbb2mysql_data"]

让我们使用一个示例并对其进行细化处理，以找到我们需要针对数据库进行查询的数据.以下是在上面的cookie中找到的块:

Let's use an example and blow it out to find the data we need to query against the database. Below is the chunk found in the above cookie:

a:2:{s:11:"autologinid";s:0:"";s:6:"userid";s:1:"3";}

为此，您需要进入并提取与登录的PHPBB用户相对应的"3".

For this, you'll want to go in and extract that "3" which happens to correspond to the logged in PHPBB user.

对该数据进行反序列化以便提取该user_id:

Unserialize that data to yank that user_id out:

 $goo = unserialize($_COOKIE["phpbb2mysql_data"]);
 $extracted_id = $goo["userid"];

(感谢 epochwolf 指出上述cookie的序列化形式)

(Thanks to epochwolf on pointing out the above serialized form of that cookie)

该数字可以很好地针对数据库运行，以检查出该成员属于哪个组.然后您将对phpbb_user_group表运行检查(如果您将phpbb_作为论坛表的前缀.)

That number will be good to run against the database to check out which group the member belongs to. And you would run the check against the phpbb_user_group table (if you had phpbb_ as the prefix of your forum tables.)

如果您不想跟踪数据库中的组ID，则需要进行某种联接并针对名称进行测试.也许是这样的:

If you didn't want to keep track of the group IDs from the database, then you will need to do some kind of join and test against the name. Maybe something like this:

SELECT pug.user_id FROM phpbb_user_group pug 
 LEFT JOIN phpbb_groups g 
 ON pug.group_id=g.group_id
 WHERE pug.user_id='$extracted_id'
 AND g.group_name='Foo';

如果您可以从中抽出一行，那么您已经找到了属于该Foo组的登录用户.

If you can pull a row out of that, then you've found yourself a logged in user who belongs to that Foo group.

这篇关于在我的网站中使用PHPBB2登录凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！