Integration 4images 1.7.x / phpBB

[universal]

Will this mod work with 1.7.1, if the sessions.php is diferent from 1.7 version.
And how to make it work?

[robertmf]

Will this mod work with 1.7.1, if the sessions.php is diferent from 1.7 version.
And how to make it work?

The current version is phpBB2 v2.013 which I have installed and working with the 4images mod/integration.

(You need to upgrade your phpBB2 for security reasons)

[wflorian]

I read that it is only possible to install this mod with a fresh installation of 4images.
I have currently 150 members, is there any possibilty to make this mod work with the 150 members?!

thanks

[robertmf]

I read that it is only possible to install this mod with a fresh installation of 4images.
I have currently 150 members, is there any possibilty to make this mod work with the 150 members?!

thanks

Most of this has already been covered in this forum.  Use [search]--)

The number of members doesn't matter.   What does matter when integrating 4images with phpBB for the first time is that you want to do the 4images install with no 4images members   i.e., a new install of 4images. 

[wflorian]

that is what I meant, I want to avoid a new and fresh installation of 4images, because I do not want to lose the 150 members.

[robertmf]

that is what I meant, I want to avoid a new and fresh installation of 4images, because I do not want to lose the 150 members.

AH!!As we say in English, "you're screwed then"     

You mean you have the 4images, but do not have the phpBB ?  In that case, you are "backwards" in the process.  Once you install phpBB and then integrate the 4images, the access validation/accounts will use the phpBB.   

Now, PERHAPS you can download your 150 4images usernames and passwords into a .sql file.  Then, after you do the phpBB install (easy), you upload the 4images.sql file into phpBB_users (username, user_password)  What I AM NOT SURE ABOUT is if the password encryption is the same in 4images and phpBB.

[universal]

Hmmm... Then I have big problem ;] I have more then 1700 users

[wflorian]

same with me, yesterday I got 200 new members, right now I have 350...don't want to loose them...

Is there any other board or forum that works with 4images without loosing my members!?

[robertmf]

same with me, yesterday I got 200 new members, right now I have 350...don't want to loose them...

Is there any other board or forum that works with 4images without loosing my members!?

It has been awhile since I've done the phpbb<->4images mod.   Perhaps you (both) want to contact the 4images author to find out about the password  encryption ?

At present, phpBB does not have a photo gallery.  There is the attachments mod which also has a slideshow sub-mod. 

If I remember correctly, 4images  does tell you upfront to have a  fresh 4images gallery before doing the integration with phpBB mod.

I don't know of any other discussion/forum where the process would be any different.  The main thing is to match up the password encryption routine.  phpBB uses md5()  in file phpBB/login.php

After integration, you could always blow password security by importing the 4images users into phpBB with a new password and then notifying all your 4images users to  change it.  You would probably lose a percentage of your registrees, but it is an alternative.

[chrimp]

Hallo,

hab ein kleines Problem ich hoffe ihr könnt mir weiterhelfen. Habe das 4images V 1.7 und phpbb2 V2.04. Hab den Integration_phpbb.zip mir runtergeladen den Installations Anweisungen gefolgt.

Hab folgendes Problem wenn man sich von der 4images Login Box Einloggen will dann erscheint bei mir eine ( 404 ERROR ) Seite d.h das die Login Box irgendwie in eine falsch verlinkt ist. Das Passiert aber nur wenn man die Login Daten eingibt! Wenn mal Benutzername und Passwort leer lässt dann linkt die Box schon zum Forum hmmmm bin am verzweifeln. Alles läuft unter einer Datenbank scheint alles richtig zu sein aber funktionieren tut es nicht.....
Habe alle Dateien Editiert und Angepasst also sessions.php usw...

Ich hoffe es kann mir jemand weiter helfen! Danke!

Bedanke mich im voraus


mfg

Magic

argl.
Ich hab jetzt den thread zum 2.x gelesen, trotzdem konnte ich die Antwort zu dem Prob nicht finden. ;(
Kann bitte einer mal direkt darauf verlinken oder nochmal kurz posten, was die Lösung ist?
danke

[Jan]

Kannst Du einen Link zur Galerie posten?

[chrimp]

Kannst Du einen Link zur Galerie posten?

Na klar.
http://mib.pixplace.net/gallery/
Forum: http://mib.pixplace.net/

Ich habe es nochmal auf anderem webspace versucht, aber da mach ich anscheinend den gleichen Fehler.
Die URL ist nicht richtig beim Einloggen, die Domain wird doppelt angegeben. z.B.:
http://mib.pixplace.net/http://mib.pixplace.net/gallery/index.php?sid=090361f6e1678edf763bd5f1d65111a
Nur leider weiß ich nicht, wo dies übergeben wird.

Gibt man hingegen keinen Benutzer ein, wird mal richtig gelinkt:
http://mib.pixplace.net/login.php?redirect=http://mib.pixplace.net/gallery/index.php

Testuser: test
Password: test


danke schonmal

[Jan]

Hänge mal die login.php von phpBB hier als Attachment an.

[chrimp]

Hänge mal die login.php von phpBB hier als Attachment an.

Dateianhang geht nicht, oder?
Deswegen hier:

Code: [Select]

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.15 2004/03/18 18:15:51 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

$sql = "SELECT user_id, username, user_password, user_active, user_level, user_badlogin, user_blocktime, user_email, user_lang, user_timezone,user_passwd_change
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}

if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("portal.$phpEx", true));
}
else
{
// Start add - Protect user account MOD
if ($row['user_blocktime']<time() )
{
// End add - Protect user account MOD
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

if( $session_id )
{
// Start add - Protect user account MOD
$sql = "UPDATE " . USERS_TABLE . " SET user_badlogin='0'
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error updating correct login data', '', __LINE__, __FILE__, $sql);
}
// End add - Protect user account MOD
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
// Start add - Protect user account MOD
if ($session_id['user_id']!=ANONYMOUS)
{
include($phpbb_root_path . "includes/functions_validate.$phpEx");
$pass_result = validate_complex_password ($username, $password);
if ( $session_id['user_passwd_change']==0 || $pass_result['error']== true)
{
//force a change of password, do not allow a secound login
$sql = "UPDATE " . USERS_TABLE . " SET user_passwd_change='-9999'
WHERE user_id = '" . $session_id['user_id'] . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error updating correct login data2', '', __LINE__, __FILE__, $sql);
}
$url .= ( ereg( "\?" , $url) ) ? '&ch_passwd=1' : '?ch_passwd=1';
} else
if (  intval((time()-$session_id['user_passwd_change']) / 86400) >= $board_config['max_password_age'])
{
session_end($session_id['session_id'], $session_id['user_id']);
$message = $lang['Passwd_have_expired'] . '<br /><br /><a href="'.append_sid("profile.$phpEx?mode=sendpassword").'">'.$lang['Send_new_passwd'].'</a><br /><br />' .  sprintf($lang['Click_return_portal'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
} else
if (  intval((time()-$session_id['user_passwd_change']) / 86400)+(($board_config['max_password_age']<14) ? 1 : 14) >= $board_config['max_password_age'] )
{
$url .= ( ereg( "\?" , $url) ) ? '&ch_passwd=1' : '?ch_passwd=1';
}
}
// End add - Protect user account MOD
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
// Start add - Protect user account MOD
if ($row['user_active'] )
{
//count bad login
// block the user for X min
if (($row['user_badlogin']+1) % $board_config['max_login_error'])
{
$sql = "UPDATE " . USERS_TABLE . " SET user_badlogin=user_badlogin+1
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error updating bad login data'.$user_ip, '', __LINE__, __FILE__, $sql);
}
} else
{
$blocktime = ", user_block_by='$user_ip', user_blocktime='" . (time()+($board_config['block_time']*60)) . "'";
$sql = "UPDATE " . USERS_TABLE . " SET user_badlogin=user_badlogin+1 $blocktime
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error updating bad login data'.$user_ip, '', __LINE__, __FILE__, $sql);
}

if ($row['user_email']  && $row['user_blocktime']<(time()-3600))
{
      include($phpbb_root_path . 'includes/emailer.'.$phpEx); 
$server_name = trim($board_config['server_name']);
             $emailer = new emailer($board_config['smtp_delivery']); 
              $emailer->email_address($row['user_email']); 
              $email_headers = "To: \"".$row['username']."\" <".$row['user_email']. ">\r\n"; 
              $email_headers .= "From: \"".$board_config['sitename']."\" <".$board_config['board_email'].">\r\n"; 
             $email_headers .= "X-AntiAbuse: Board servername - " . $server_name . "\r\n"; 
             $email_headers .= "X-AntiAbuse: User IP - " . decode_ip($user_ip) . "\r\n"; 
$emailer->use_template('bad_login', $row['user_lang']);
              $emailer->extra_headers($email_headers); 
            $emailer->assign_vars(array( 
             'USER' => '"'.$row['username'].'"',
'BLOCK_TIME' => $board_config['block_time'],
            'BAD_LOGINS' => $row['user_badlogin']+1, 
'BLOCK_UNTIL' => create_date ($lang['Time_format'],time()+($board_config['block_time']*60),$row['user_timezone']),
            'SITENAME' => $board_config['sitename'], 
            'BOARD_EMAIL' => $board_config['board_email'])); 
             $emailer->send(); 
             $emailer->reset(); 
}
}
}
// End add - Protect user account MOD

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
// Start add - Protect user account MOD
} else
{
$message = (($lang['Error_login_tomutch'])?$lang['Error_login_tomutch']:$lang['Error_login']) . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . append_sid("login.$phpEx?redirect=$redirect") . '">', '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
// End add - Protect user account MOD

}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}

if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
$url = str_replace('&amp;', '&', $url);
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("portal.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
// Start add - Protect user account MOD
if ($session_id['user_id']!=ANONYMOUS)
{
include($phpbb_root_path . "includes/functions_validate.$phpEx");
$pass_result = validate_complex_password ($username, $password);
if ( $session_id['user_passwd_change']==0 || $pass_result['error']== true)
{
//force a change of password, do not allow a secound login
$sql = "UPDATE " . USERS_TABLE . " SET user_passwd_change='-9999'
WHERE user_id = '" . $session_id['user_id'] . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error updating correct login data2', '', __LINE__, __FILE__, $sql);
}
$url .= ( ereg( "\?" , $url) ) ? '&ch_passwd=1' : '?ch_passwd=1';
} else
if (  intval((time()-$session_id['user_passwd_change']) / 86400) >= $board_config['max_password_age'])
{
session_end($session_id['session_id'], $session_id['user_id']);
$message = $lang['Passwd_have_expired'] . '<br /><br /><a href="'.append_sid("profile.$phpEx?mode=sendpassword").'">'.$lang['Send_new_passwd'].'</a><br /><br />' .  sprintf($lang['Click_return_portal'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
} else
if (  intval((time()-$session_id['user_passwd_change']) / 86400)+(($board_config['max_password_age']<14) ? 1 : 14) >= $board_config['max_password_age'] )
{
$url .= ( ereg( "\?" , $url) ) ? '&ch_passwd=1' : '?ch_passwd=1';
}
}
// End add - Protect user account MOD
redirect(append_sid($url, true));
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] )
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
'body' => 'login_body.tpl')
);

if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);

if(count($forward_match) > 1)
{
$forward_page = '';

for($i = 1; $i < count($forward_match); $i++)
{
if( !ereg("sid=", $forward_match[$i]) )
{
if( $forward_page != '' )
{
$forward_page .= '&';
}
$forward_page .= $forward_match[$i];
}
}
$forward_page = $forward_match[0] . '?' . $forward_page;
}
else
{
$forward_page = $forward_match[0];
}
}
}
else
{
$forward_page = '';
}

$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';

make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,

'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],

'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

'S_HIDDEN_FIELDS' => $s_hidden_fields)
);

$template->pparse('body');

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
redirect(append_sid("portal.$phpEx", true));
}

}

?>
Danke schonmal!!!

p.s. wenn ich mich direkt über den link http://mib.pixplace.net/login.php?redirect=http://mib.pixplace.net/gallery/index.php einloggen will, geht es auch nicht.

[Jan]

Das Problem ist die Funktion redirect() von phpBB. Die Funktion leitet nur auf URLs innerhalb des Installationsverzeichnisses weiter.

Suche in include/functions.php von phpBB nach:
Search in include/functions.php von phpBB for:

Code: [Select]

$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
$server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name']));
$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : '';
$script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path']));
$script_name = ($script_name == '') ? $script_name : '/' . $script_name;
$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));
und ersetze den Abschnitt mit:
and replace with:

Code: [Select]

if (strpos($url, 'http://') === false) {
    $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
    $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name']));
    $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : '';
    $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path']));
    $script_name = ($script_name == '') ? $script_name : '/' . $script_name;
    $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));
}