User Authentication

UnitedWeFall

Hey guys.. I was hoping to get a bit of help.

Basically I run a phpBB forum. Users can sign up for a special account by submitting their details which get stored in a MySQL database which is run using a DBMS I created.

However I need users to be able to edit their data. That shouldn't be too difficult. The hard part is going to be authenticating the user, so they can only see and edit their own data. So I have a phpBB login box setup on another page, and when the user is authenticated I will post their username and use it to lookup the row with their data in it.

That's where I need the help.. When they type in their phpBB username and password into the login box, I need to write some code to use either use their phpBB cookie which is already stored, or their user details from the database to authenticate them. However the cookies are all encrypted and so is the user passwords in the database.

Does anyone have any idea at all how I could go about doing this? Or if there is an easier way to do it?

Any help would be much appreciated 🙂

bradmasterx

there already is a profile management in phpBB 2.x.x & phpBB 3.x.x

UnitedWeFall

bradmasterx wrote:
there already is a profile management in phpBB 2.x.x & phpBB 3.x.x

Correct. That's not what i'm talking about. The user details I have stored are personal details which they provide when signing up for the special account, and are stored on a seperate database. I just want to use the phpBB login information to authenticate the users.

bradmasterx

in phpBB 3.x.x there is group management you could use that,

UnitedWeFall

Nah it can't.. Hm thanks for the advice but I don't think you understand my question.

I already have the database with about 400 user details setup. It's seperate to phpBB.

johanafm

No idea how phpBB works, but using just plain php: start a session when you authenticate the user. Either grab all (possibly) necessary data from the DB, or just the user ID and then query the database using that on subsequent requests depending on your needs.

UnitedWeFall

Yes, I've gotten that far. My question is how do I authenticate the user using their phpBB login details?

johanafm

When they log in, they supply a user name and a password. Query the DB for: password where username like SuppliedUserName.

After that, encrypt the given username with the same algorithm used for encryption before storing it in the database and then compare them. If they are equal, you can just chuck the users ID in the session data and you won't have to authenticate them again until they log off or cookie expire. Unless, of course, you want to...