views:

319

answers:

1

I ran into an issue that I haven't found a perfect solution for yet. First let me outline the scenario. I have a PHPBB3 forum on a server and also an application (developed by me) on the same server which is linked to the forum. The application is only accessible if you are logged in to the forum and also some parts of it are only accessible if you are in specific forum user groups. Also the app needs to be able to post forum threads/posts programatically through a dedicated user (let's call it 'Bot'), when the user accesses a script/page. So what I need is: 1. Save current logged in user (let's call him 'Test User') 2. Log in with user 'Bot' 3. Post a thread/post. 4. Destroy session 5. Restore logged in user

This 'sort of' works at first, but when called/posting repeatedly, the first 1-2 posts will be posted by 'Bot' but the following will be posted by 'Test User'. Current code:

This is in setup.php, which is included in all relevant scripts.

    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './forum/';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 // The common.php file is required.
 include($phpbb_root_path . 'common.' . $phpEx);
 // this is required for auto posting
 include($phpbb_root_path . 'config.' . $phpEx);
 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 include($phpbb_root_path . 'includes/message_parser.' . $phpEx);

And this is the function itself, in another script

require_once 'setup.php';
function create_forum_post($subject, $text, $forumid, $posting_userid, $topic_id=NULL) {

 if(!PHPBB_SESSION_INTEGRATION) return false;

 global $user, $auth;

 $username = BOT_USERNAME;
 $password = BOT_PASSWORD;

 $title = unhtmlentities( $subject );
 $text = unhtmlentities( $text );

 $forumid = $forumid;
 $topicid = $topic_id;

 $original_user_id = $user->data['user_id'];
 $user->session_begin();
 $login = $auth->login($username, $password, false);
 $auth->acl($user->data);
 $user->setup();

 $title = utf8_normalize_nfc($title);
 $text = utf8_normalize_nfc($text);

 $poll = $uid = $bitfield = $options = '';

 generate_text_for_storage($title, $uid, $bitfield, $options, false, false, false);
 generate_text_for_storage($text, $uid, $bitfield, $options, true, true, true);

 $data = array(
     'forum_id'      => $forumid, 
     'topic_id'      => $topicid,
     'icon_id'      => false,
     'post_approved' => true,

     'enable_bbcode'   => true,
     'enable_smilies'   => true,
     'enable_urls'      => true,
     'enable_sig'      => true,

     'message'      => $text,
     'message_md5'   => md5($text),

     'bbcode_bitfield'   => $bitfield,
     'bbcode_uid'      => $uid,

     'post_edit_locked'   => 0,
     'topic_title'      => $title,
     'notify_set'      => false,
     'notify'         => false,
     'post_time'       => 0,
     'forum_name'      => '',
     'enable_indexing'   => true,
 );

 if ($topicid == NULL)
    $post_url =  submit_post('post', $title, '', POST_NORMAL, $poll, $data);
 else
    $post_url = submit_post('reply', $title, '', POST_NORMAL, $poll, $data);

 $user->session_kill();
 $user->session_create($original_user_id, false, true);

 return $post_url;

}

I'd appreciate any helpful tips or alternative methods.

A: 

I would suggest you leave sessions,etc alone.

If you initiate the 'bot' activity with CURL, then it would be interacting behind the scenes and not within the context of the current user. The IP address of the posts made, for example, would be that of your server, not that of the user.

steve