MyBB Auto login for third party integration
Posted: Wed Feb 26, 2025 11:45 pm
I have an existing project with an existing user auth and was hoping to add a forum to the project without users maintaining multiple accounts but doing it using the existing sites user auth. I believe I have it working with MyBB 1.8.38 and will include what I did below, but if possible, I was wondering if this is in any way considered best practice, or if there's a different preferred way, or if there may even be some security concerns with this approach. Any constructive feedback is welcome.
Specifically, this was done to integrate it with a Yii Framework project, but this approach could seemingly be done with about any environment I would think. The idea is based on this thread. https://community.mybb.com/thread-118971.html using Seeker's approach, although it was modified due to database connection variable collisions with Yii and perhaps some minor updates done from older versions of MyBB at the time.
Basically what's happening is links in the existing site to the forum will go to a forumAutoLogin controller that returns the following view. Some of that code should probably be in the controller, but for the simplicity to implement, I stuck it all in the view.
findMyBBUserByLoggedInUser() explained here.... It basically gets the MyBB user info from the mybb_users table based on who is currently logged in to the existing site. The MyBB user table should be populated at time of user registration to original site and original user auth, but it also populates it on the fly if it's missing for any reason. Once it has the MyBB user info, it populates what seem to be the appropriate cookies, and sends them on to the forum which then sees them logged in automatically as them.
Once in place, I modified the MyBB login and register links in the header_welcomeblock_guest theme template to point to the existing systems login and register controllers.
Presumably, no one should directly login or register via the MyBB user now, though that might need a little more tightening up perhaps, but the auto logging in does seem to work.
Specifically, this was done to integrate it with a Yii Framework project, but this approach could seemingly be done with about any environment I would think. The idea is based on this thread. https://community.mybb.com/thread-118971.html using Seeker's approach, although it was modified due to database connection variable collisions with Yii and perhaps some minor updates done from older versions of MyBB at the time.
Basically what's happening is links in the existing site to the forum will go to a forumAutoLogin controller that returns the following view. Some of that code should probably be in the controller, but for the simplicity to implement, I stuck it all in the view.
Code: Select all
<?php
use vendor\glacierparkchat\managers\MyBBManager;
if(!Yii::$app->user->isGuest) // checks if user is logged in to existing system already or not.
{
$myBBMan = new MyBBManager();
$user = $myBBMan->findMyBBUserByLoggedInUser(); // Gets the MyBB user info based on the already logged in user
// Modify path here for your needs:
//require_once './global.php';
define('IN_MYBB', 1);
define("TIME_NOW", time());
define("COMMUNITY", "./../../../web/community/");
$settings = array();
if(file_exists(COMMUNITY."inc/settings.php"))
{
require_once COMMUNITY."inc/settings.php";
}
require_once COMMUNITY."inc/functions.php";
require_once COMMUNITY."inc/class_session.php";
require_once COMMUNITY."inc/class_core.php";
$session = new session;
global $mybb;
$mybb = new MyBB;
$mybb->user = $user;
$mybb->settings = $settings;
$session->init();
$mybb->session = &$session;
my_setcookie('loginattempts', 1);
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
//$plugins->run_hooks("member_do_login_end"); // Don't know what this does...seems to work without it
}
// using metta refresh below feels rudimentary, but also platform agnostic
?>
<meta http-equiv="refresh" content="0; url=/community" />Code: Select all
<?php
namespace vendor\glacierparkchat\managers;
use amnah\yii2\user\models\User;
use Yii;
class MyBBManager
{
public function createMyBBUser($username, $email)
{
$usergroup = 2;
$password = Yii::$app->security->generateRandomString(32); // Password not used
$salt = Yii::$app->getSecurity()->generateRandomString(8);
$signature = "";
$buddyList = "";
$ignoreList = "";
$pmfolders = "0**$%%$1**$%%$2**$%%$3**$%%$4**";
$notepad = "";
$usernotes = "";
$loginkey = Yii::$app->security->generateRandomString(50);
$allownotices = 1;
$receivepms = 1;
$pmnotice = 1;
$pmnotify = 1;
$showimages = 1;
$showvideos = 1;
$showsigs = 1;
$showavatars = 1;
$showquickreply = 1;
$showredirect = 1;
$timezone = 0;
$regdate = time();
$connection = \Yii::$app->db;
$command = $connection->createCommand("INSERT INTO mybb_users (username, password, salt, email, usergroup, signature, buddyList, ignoreList, pmfolders, notepad, ".
" usernotes, loginkey, allownotices, receivepms, pmnotice, pmnotify, showimages, showvideos, showsigs, showavatars, ".
" showquickreply, showredirect, timezone, regdate ) ".
" VALUES (:username, :password, :salt, :email, :usergroup, :signature, :buddyList, :ignoreList, :pmfolders, :notepad, ".
" :usernotes, :loginkey, :allownotices, :receivepms, :pmnotice, :pmnotify, :showimages, :showvideos, :showsigs, :showavatars, ".
" :showquickreply, :showredirect, :timezone, :regdate ) ");
$command->bindValue(':username', $username );
$command->bindValue(':password', $password); // md5(md5($salt).md5($password)) );
$command->bindValue(':salt', $salt );
$command->bindValue(':email', $email );
$command->bindValue(':usergroup', $usergroup );
$command->bindValue(':signature', $signature );
$command->bindValue(':buddyList', $buddyList );
$command->bindValue(':ignoreList', $ignoreList );
$command->bindValue(':pmfolders', $pmfolders );
$command->bindValue(':notepad', $notepad );
$command->bindValue(':usernotes', $usernotes );
$command->bindValue(':loginkey', $loginkey);
$command->bindValue(':allownotices', $allownotices );
$command->bindValue(':receivepms', $receivepms );
$command->bindValue(':pmnotice', $pmnotice );
$command->bindValue(':pmnotify', $pmnotify );
$command->bindValue(':showimages', $showimages );
$command->bindValue(':showvideos', $showvideos );
$command->bindValue(':showsigs', $showsigs );
$command->bindValue(':showavatars', $showavatars );
$command->bindValue(':showquickreply', $showquickreply );
$command->bindValue(':showredirect', $showredirect );
$command->bindValue(':timezone', $timezone );
$command->bindValue(':regdate', $regdate );
$command->execute();
}
public function findMyBBUserByLoggedInUser()
{
$connection = \Yii::$app->db;
$command = $connection->createCommand("SELECT uid,username,password,salt,loginkey,email,usergroup ".
" FROM mybb_users where username = :username");
$command->bindValue(":username", Yii::$app->user->identity->username );
$user = $command->queryOne();
if(!$user)
{
//MyBB user was not there for some reason, so creating it now and trying again.
$origUser = User::findUserByUsername(Yii::$app->user->identity->username);
// insert MyBB user info
$this->createMyBBUser($origUser->username, $origUser->email);
$user = $this->findMyBBUserByLoggedInUser();
}
return $user;
}
}
?>Once in place, I modified the MyBB login and register links in the header_welcomeblock_guest theme template to point to the existing systems login and register controllers.
Code: Select all
<span class="welcome">{$lang->welcome_guest} <a href="/site/user/login?return=/site/user/forumautologin" class="login">{$lang->welcome_login}</a> <a href="/site/user/register" class="register">{$lang->welcome_register}</a></span>Presumably, no one should directly login or register via the MyBB user now, though that might need a little more tightening up perhaps, but the auto logging in does seem to work.