Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Problem Posting Variable URL w/ PHPBB User Integration

    I've utilized the hack located at http://www.phpbbhacks.com/forums/vie...ecd2382e0331fd
    which allows me to use my forum membership system accross my site allowing users to bounce in and out of the forums through my site taking advantage of PM system and other features. After including the following on the top of each page to register session variables and such -
    Code:
    define('IN_PHPBB', true);
    
    $site_root_path = '/web/etc/you/'; //<-- Modify
    $phpbb_root_path2 = '/phpbb2/'; //<-- Modify
    $phpbb_root_path = $site_root_path . $phpbb_root_path2;
    include($phpbb_root_path . 'extension.inc');
    include($phpbb_root_path . 'common.php');
    
    $userdata = session_pagestart($user_ip, PAGE_INDEX);
    init_userprefs($userdata);
    when I try to pass a variable via url ie: http://www.mydomain.com/news.php?id=8

    The 8 isn't making it to the script to be handled.

    When I remove the session code block from the top of the page the news script works fine pulling "Story id 8" from the dbase and displaying.

    Could this have anything to do w/ the HTTP_POST_VARS or HTTP_GET_VARS included in the common.php

    any suggestions?

    Thanks
    jw

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    HTTP_*_VARS are depreciated, use the _* superglobals instead.
    Anyways, to start with superglobals control any type of dynamic content by request, so it could very well be.
    But I'm more confused by the session block thing your referring to. Are you saying that if you comment this line out:
    PHP Code:
    $userdata session_pagestart($user_ipPAGE_INDEX); 
    That it works correctly? If thats the case, you need to ensure that the function for session_pagestart() doesn't require that its arguments be complete, and that if it does it doesn't kill the script.
    I say this for two reasons, one PAGE_INDEX is not a defined constant that I can see. Two, $user_ip is not defined. Now, how this will affect the user of your $_GET array, I'm not certain as I do not have the code to view.

    Now, another problem is that your function may not actually exist as you see it. Try adding error_reporting(E_ALL) to the top and see if it declares the function as non-existant. If it does, your problem is simple - one of your included pages is attempting to include or call another page which is not been specified by your filepath. You would need to change your filepath in order to do that:
    PHP Code:
    chdir($phpbb_root_path); 
    prior to your includes for instance. You would then drop the $phpbb_root_path from your includes should this be the case.

    Your best bet is to contact the forums on phpBB about questions relating to these. Unfortunatly, I do not have the files in order to view what all needs to be altered.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Fou-Lu,

    Thanks very much for your response. I actually have posted on a few different phpBB boards to get a solution. In my 2 months of PHP "learning" I've never come across something like this.

    I've got all my error reporting on and all of my includes are valid etc..

    As you'll see by visiting the link on my original post:

    PHP Code:
    define('IN_PHPBB'true);

    $site_root_path '/web/etc/you/'//<-- Modify
    $phpbb_root_path2 '/phpbb2/'//<-- Modify
    $phpbb_root_path $site_root_path $phpbb_root_path2;
    include(
    $phpbb_root_path 'extension.inc');
    include(
    $phpbb_root_path 'common.php');

    $userdata session_pagestart($user_ipPAGE_INDEX);
    init_userprefs($userdata); 
    is the business end of the phpBB membership system pulling all of the constant variables and session data required.

    For some reason when this above code block runs on the page it's destroying the URL Variable being carried over and it's driving me nuts :/ I've got a project and this is pretty much the only thing keeping me from launching *** variables won't be passed from page to page.

    I made sure to go through all of the included files to make sure a new $id was not being defined but nothing.

    I'll look over your suggestions again and hopefully get to the bottom of this.

  • #4
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by Fou-Lu
    HTTP_*_VARS are depreciated, use the _* superglobals instead.
    phpBB2 was written when the superglobals were new and they used HTTP_*_VARS for compatibility with older PHP versions. The new phpBB uses superglobals like it should.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Ah, I see. I hadn't been aware of that, I'm not much for forumsoftware unless its given to me

    This one though (I was reading up on the posting for it, as I don't know what your domain is), is probably incorrect:
    PHP Code:
    $site_root_path '/web/etc/you/'//<-- Modify 
    $phpbb_root_path2 '/phpbb2/'//<-- Modify 
    Have these values been altered to coincide with your domains configurations?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #6
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yes of course they have - I'm just maintaining a sense of anonymity

    The User Integration is fine as I've tested all of the features ie: private messages, user online status, login/logout, etc....

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Hmm, than I'm uncertain what the problem could be.
    Assuming as well that you are requesting the id as a superglobal (you did mention it works fine if the sessions are not set, so I doubt this is the problem), it could be any function set out within the included scripts and possibly their included scripts. Makes it tough to debug.
    First, check to make sure that $userdata is being created. Just dump whatever variable is being created.
    Another option is perhaps the level of security that is involved. Unfortunatly, without knowing the innards of a phpBB, I can't tell you if this is the case, but it may explain why a 'guest' we'll say can access something, while a member cannot. Maybe its more of a permissions based issue?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #8
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hrm.. definately something to think about... I know phpbb is very mindful about securities issues like sql-injections etc...

    Maybe there is something like that going on.

    I'm going to write the author of the "hack" to see if he's got a solution.

    Then I'll report back w/ my solution.

    Thanks

  • #9
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Or maybe the $id variable is used and unset in the phpBB code?
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #10
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    haha.. I went through the entire phpbb included file to see if something was doing that but nothing was..... I even change the variable name to something silly and it didn't work either. But it worked when i comment out the session code :/

  • #11
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    See, I was thinking about that as well. But normally if you use $id within a function, you will probably not alter it on a global scope, especially with something like this. At least, I would assume so. It would be easy to find if that were the case though, it would only be written by the session calls, and any functions that they are relying on.
    All and all, the biggest problem why we cannot help you get to the bottom of this is because we can't see it as a 'whole', we only have the part.
    Good luck on getting the fix you need, sorry we couldn't be a little more accomodating for you!
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #12
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'd like to post the whole thing but it's just too much - I figured about 1/2 the php users on here would already have phpbb installed on their systems to refer to. I've posted over the past 3 days on other phpbb forums so I'll go bump those posts and hopefully draw some attention.

    jw

  • #13
    Regular Coder
    Join Date
    Aug 2004
    Location
    Nashville
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts

    **solved**

    OK... I finally got a response from one of the guys over @ phpBBhacks.com

    phpBB unsets variables passed through URLs because they are a major security risk. You need to explicity set the variables you pass via URLs by placing code such as this below the phpBB code:
    Code:
    $id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;
    Thanks for everyone's help on this and hopefully this post will help future phpbb integrations

  • #14
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    OMG that would mean you depended on register_globals = on !!!
    Never do that!
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #15
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by Fou-Lu
    Assuming as well that you are requesting the id as a superglobal (you did mention it works fine if the sessions are not set, so I doubt this is the problem)
    Never assume I suppose eh?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •