Application Using PhpBB Session Data - can't use the short code

Question

I've built web apps before that utilize PhpBB session and user data. The common move is to use code like this:

define('IN_PHPBB', true);
//replace $phpbb_root_path with path to your forum
$phpbb_root_path = '../forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

...however, by including common.php, I bring along a crap-load of other functions that run into other functions I've got setup.

In my example, I'm running the application off CodeIgniter (php framework), which already has a "redirect" function... however, this question should apply to anyone who has pre-built functions that may run into the phpBB functions.

Basically, all I need is to:

1. Make sure the user is logged in ($user->data[username] == Anonymous)
2. Utilize data from '$user->data' such as the user's ID, screenname, etc.

Could I grab the $user->data array and somehow save it to my own session? Any ideas?

Much thanks.

Answer 1

You have run into the primary reason i hate frame works. You never know just what is being included. Especially when the code is not object orientated. (much better if your function belong to objects, rather than floating free in a global space.)

Assuming your code has a defined session handler already in place, there is nothing stopping you from using the regular session commands.

eg: $_SESSION['user_data_array'] = $user->data ;

then later on using teh session data

$data = $_SESSION['user_data_array'];

When a session handler is written, it replaces the current session handler. (I assume that has been done so that the session is stored in the database, rather than on the server.)

If it has not be replaced, then you can still use PHP's the default session handler.. Always bear in mind that the session details are saved to a folder on the current webserver. So if your application is run across multiple servers, the session data will be unavailable if the user is being served by a different server on a subsequent visit. (hence the need for writing session handlers to preserve the session data between multiple servers.)

Answer 2

phpBB changed the algorithm for validating the password stored in the database from version 2.x to 3.0. (It used to be just an MD5 function.) But if you can find their semi-SDK url (don't have it at hand) there are postings there about how to use their user verification at a higher level of abstraction than you describe.

This is a case where, if you're going to tap their resource, you need to do it their way (which in this case is more explicit than it used to be.)

I agree it's a dicey decision either way; especially since phpBB doesn't have a particularly admirable record for design quality.