I've never attempted this before but we already have a basic member area with MD5 Encrypted Password stored in a Mysql Database and we need to allow the member to access a forum so they can communicate with other members.
Can anyone point me into the right direction on to implement this?
Will I just need to create a cookie for the user?
Any open source php forum available that would be handle this?
>> Will I just need to create a cookie for the user?
>> Any open source php forum available that would be handle this?
I'm sure you can use most of the popular open-source php forum applications for this, however, you are going to have to dissect the login code a little bit and possibly alter it to fit your standing application's login routine. You should make it check the cookie/session for the correct login credentials, and if correct, proceed to allowing them to view the forum, etc...but if not, prompt for a login.
In such a case I will do as eelix suggests' but the reverse... most reputable forums, carts etc.. do have pretty efficient registration/login system so I will do a "post mortem" on the forum and extend its reg/login to fit the rest of your application instead of relying on your application login.
If you are going to use other code for the basis of yours then you need to make sure that you dont fall into the same traps that others have fallen into. Also make sure that you use an appropriate level of checking.
If you are allowing people to post personal details then you need to be quite careful that the person logging in as who there cookie says they are. If like this site you basically dont allow any personal contact details then you dont need to be so careful (as there is almost no information for people to get).
Also dont store the password in the cookie...like a forum very close to here does (look at your cookie and you will see what I mean) :p
For setting the cookie id there is a useful function uniqid [uk.php.net] as storing there id as it appears in the database is not such a good idea (assuming you are using a sequential id). As if your cookie id is 257 you can be fairly sure that there is a user 256 and 258, so you are already half way to faking there login. A random id is better...it also avoids the very old admin = 1 problem, as admin will be just as random as everyone else.