Skip to content

How to register a new phpBB user with Zend Framework

2010 May 20
tags:
by Richard Knop

You might need to integrate one of your future Zend Framework applications with phpBB forum software. The most important aspect of such integration is a dual sign up process. In other words, you want to avoid having users sign up at both the application and phpBB forum. The simplest solution is to have a single sign up form in your ZF application which upon submission will register user details in both your application and the phpBB forum. I will show you how to do that assuming both applications are on the same server.

The sign up form should have at least these fields:

  • email
  • username
  • password
// first of all, let's get the submitted form data
  1. $data = $form->getValues();
  2.  
  3. //
  4. // here you would use the data to register user in the ZF application
  5. //
  6.  
  7. // once the user has been registered at the application level,
  8. // let's use the same data to register him/her at the phpBB level
  9.  
  10. $db = Zend_Registry::get('dbAdapter');
  11. $phpbbUserIp = '127.0.0.1';
  12. // if IP is valid include it in the INSERT query
  13. $validator = new Zend_Validate_Ip();
  14. if ($validator->isValid($_SERVER['REMOTE_ADDR'])) {
  15.     $phpbbUserIp = $_SERVER['REMOTE_ADDR'];
  16. }
  17.  
  18. $sql = 'INSERT INTO phpbb_users (
  19.        user_type,
  20.        group_id,
  21.        user_permissions,
  22.        username,
  23.        username_clean,
  24.        user_password,
  25.        user_email,
  26.        user_email_hash,
  27.        user_timezone,
  28.        user_lang,
  29.        user_ip,
  30.        user_regdate,
  31.        user_dateformat)
  32.        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
  33. $stmt = new Zend_Db_Statement_Pdo($db,
  34.                                   $sql);
  35. $stmt->execute(array(0,
  36.                      2,
  37.                      '',
  38.                      $data['username'],
  39.                      $data['username'],
  40.                      $this->_helper->PhpbbHash($data['password']),
  41.                      $data['email'],
  42.                      sprintf('%u', crc32(strtolower($data['email']))) . strlen($data['email']),
  43.                      1.00,
  44.                      'sk',
  45.                      $phpbbUserIp,
  46.                      time(),
  47.                      'D M d, Y g:i a'));
  48.  
  49.  $stmt = new Zend_Db_Statement_Pdo($db,
  50.                                    'SELECT user_id FROM phpbb_users WHERE user_email = ? LIMIT 1');
  51.  $stmt->execute(array($data['email']));
  52.  $userId = $stmt->fetchColumn(0);
  53.  
  54.  $stmt = new Zend_Db_Statement_Pdo($db,
  55.                                    'INSERT INTO phpbb_user_group (
  56.                                    group_id,
  57.                                    user_id,
  58.                                    group_leader,
  59.                                    user_pending)
  60.                                    VALUES (?, ?, ?, ?)');
  61. $stmt->execute(array(2, $userId, 0, 0));
  62. $stmt->execute(array(7, $userId, 0, 0))

There are few tiny things you will probably need to modify according to your application. I chose Slovak language (‘sk’) and GMT+1 time zone (’1.00′) which is a time for central Europe. I also used a controller action helper PhpbbHash above. The helper is here:

  1. <?php
  2. /**
  3.  * PhpbbHash
  4.  * Just a phpbb hashing algorithm rewritten in a form of controller action helper.
  5.  * The reason for this is because we want users to be registered simultaneously
  6.  * at both the main website and the phpbb forum so we will need to add a row to
  7.  * phpbb_users table during registration at the main website.
  8.  *
  9.  * @author PHPBB
  10.  */
  11. class My_Controller_Action_Helper_PhpbbHash extends Zend_Controller_Action_Helper_Abstract
  12. {
  13.     public function direct($password)
  14.     {
  15.         $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  16.  
  17.         $random_state = '123456789012';
  18.         $random = '';
  19.         $count = 6;
  20.  
  21.         if (($fh = @fopen('/dev/urandom', 'rb')))
  22.         {
  23.             $random = fread($fh, $count);
  24.             fclose($fh);
  25.         }
  26.  
  27.         if (strlen($random) < $count)
  28.         {
  29.             $random = '';
  30.  
  31.             for ($i = 0; $i < $count; $i += 16)
  32.             {
  33.                 $random_state = md5('123456789012' . $random_state);
  34.                 $random .= pack('H*', md5($random_state));
  35.             }
  36.             $random = substr($random, 0, $count);
  37.         }
  38.  
  39.         $hash = $this->_hash_crypt_private($password, $this->_hash_gensalt_private($random, $itoa64), $itoa64);
  40.  
  41.         if (strlen($hash) == 34)
  42.         {
  43.             return $hash;
  44.         }
  45.  
  46.         return md5($password);
  47.     }
  48.  
  49.     public function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
  50.     {
  51.         if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
  52.         {
  53.             $iteration_count_log2 = 8;
  54.         }
  55.  
  56.         $output = '$H$';
  57.         $output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
  58.         $output .= $this->_hash_encode64($input, 6, $itoa64);
  59.  
  60.         return $output;
  61.     }
  62.  
  63.     public function _hash_encode64($input, $count, &$itoa64)
  64.     {
  65.         $output = '';
  66.         $i = 0;
  67.  
  68.         do
  69.         {
  70.             $value = ord($input[$i++]);
  71.             $output .= $itoa64[$value & 0x3f];
  72.  
  73.             if ($i < $count)
  74.             {
  75.                 $value |= ord($input[$i]) << 8;
  76.             }
  77.  
  78.             $output .= $itoa64[($value >> 6) & 0x3f];
  79.  
  80.             if ($i++ >= $count)
  81.             {
  82.                 break;
  83.             }
  84.  
  85.             if ($i < $count)
  86.             {
  87.                 $value |= ord($input[$i]) << 16;
  88.             }
  89.  
  90.             $output .= $itoa64[($value >> 12) & 0x3f];
  91.  
  92.             if ($i++ >= $count)
  93.             {
  94.                 break;
  95.             }
  96.  
  97.             $output .= $itoa64[($value >> 18) & 0x3f];
  98.         }
  99.         while ($i < $count);
  100.  
  101.         return $output;
  102.     }
  103.  
  104.     public function _hash_crypt_private($password, $setting, &$itoa64)
  105.     {
  106.         $output = '*';
  107.  
  108.         // Check for correct hash
  109.         if (substr($setting, 0, 3) != '$H$')
  110.         {
  111.             return $output;
  112.         }
  113.  
  114.         $count_log2 = strpos($itoa64, $setting[3]);
  115.  
  116.         if ($count_log2 < 7 || $count_log2 > 30)
  117.         {
  118.             return $output;
  119.         }
  120.  
  121.         $count = 1 << $count_log2;
  122.         $salt = substr($setting, 4, 8);
  123.  
  124.         if (strlen($salt) != 8)
  125.         {
  126.             return $output;
  127.         }
  128.  
  129.         /**
  130.         * We're kind of forced to use MD5 here since it's the only
  131.         * cryptographic primitive available in all versions of PHP
  132.         * currently in use.  To implement our own low-level crypto
  133.         * in PHP would result in much worse performance and
  134.         * consequently in lower iteration counts and hashes that are
  135.         * quicker to crack (by non-PHP code).
  136.         */
  137.         if (PHP_VERSION >= 5)
  138.         {
  139.             $hash = md5($salt . $password, true);
  140.             do
  141.             {
  142.                 $hash = md5($hash . $password, true);
  143.             }
  144.             while ($count);
  145.         }
  146.         else
  147.         {
  148.             $hash = pack('H*', md5($salt . $password));
  149.             do
  150.             {
  151.                 $hash = pack('H*', md5($hash . $password));
  152.             }
  153.             while ($count);
  154.         }
  155.  
  156.         $output = substr($setting, 0, 12);
  157.         $output .= $this->_hash_encode64($hash, 16, $itoa64);
  158.  
  159.         return $output;
  160.     }
  161. }

Few comments:

  1. The above code is taken directly from the phpBB codebase, I only made a couple of necessary changes to make it work with Zend Framework.
  2. For those of you asking why didn’t I just use phpBB API and call its native functions, there is a reason for it. The phpBB code is written to be available with PHP 4. Zend Framework requires at least PHP 5.2.4. There are lots of globals and other scary stuff in the phpBB codebase which makes it impossible for its functions to be called from ZF controllers.
  3. If you think I should have done something differently or I completely forgot to do something, please let me know.

from → MySQL, PHP, Zend Framework

One Response leave one →
  1. Wawan permalink
    June 29, 2011

    Hi
    Thank you for your code. I was looking for that for a long time !
    I have a few questions though :
    - I was wondering, why do send several request ?
    After the creation of the user, you send a select request, modify the group_id twice, why ?

    - In you helper, the code looks for a file named ‘dev/urandom’, what is it ?
    ” if (($fh = @fopen(‘/dev/urandom’, ‘rb’)))”

    - Do you know a system to easily share the session between the forum and the app (when logged from each) ?

    I also used the strtolower method for the ‘username_clean’ field because phpbb seems to do it this way.

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS