Welcome to WebmasterWorld Guest from 54.145.246.183

Forum Moderators: coopster & jatar k

Intergrate PHP forum for a members area

Member area already built and need a forum without having to log in twice.

   
3:46 pm on Feb 21, 2008 (gmt 0)

10+ Year Member



I've never attempted this before but we already have a basic member area with MD5 Encrypted Password stored in a Mysql Database and we need to allow the member to access a forum so they can communicate with other members.

Can anyone point me into the right direction on to implement this?

Will I just need to create a cookie for the user?

Any open source php forum available that would be handle this?

Appreciate any advice.

Cheers

4:11 pm on Feb 21, 2008 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 5+ Year Member



>> Will I just need to create a cookie for the user?

Yes, that is a start. You are going to need to use cookies and/or sessions to accomplish this task.

>> Any open source php forum available that would be handle this?

I'm sure you can use most of the popular open-source php forum applications for this, however, you are going to have to dissect the login code a little bit and possibly alter it to fit your standing application's login routine. You should make it check the cookie/session for the correct login credentials, and if correct, proceed to allowing them to view the forum, etc...but if not, prompt for a login.

4:55 pm on Feb 21, 2008 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



In such a case I will do as eelix suggests' but the reverse...
most reputable forums, carts etc.. do have pretty efficient registration/login system
so I will do a "post mortem" on the forum and extend its reg/login to fit the rest of your application instead of relying on your application login.
7:35 pm on Feb 21, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



If you are going to use other code for the basis of yours then you need to make sure that you dont fall into the same traps that others have fallen into. Also make sure that you use an appropriate level of checking.

If you are allowing people to post personal details then you need to be quite careful that the person logging in as who there cookie says they are. If like this site you basically dont allow any personal contact details then you dont need to be so careful (as there is almost no information for people to get).

Also dont store the password in the cookie...like a forum very close to here does (look at your cookie and you will see what I mean) :p

For setting the cookie id there is a useful function uniqid [uk.php.net] as storing there id as it appears in the database is not such a good idea (assuming you are using a sequential id). As if your cookie id is 257 you can be fairly sure that there is a user 256 and 258, so you are already half way to faking there login. A random id is better...it also avoids the very old admin = 1 problem, as admin will be just as random as everyone else.

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month