UseBB Community

Greetings,
I want to install usebb in a subfolder of another web application needing a login.
I want login to usebb to be automatic using a global variable (from web applicaton) $login for username (no password prompts).
How would I enable this? I have some experience with php, so directing me to appropriate file to edit may help a great deal.

Session stuff is usually handled in sources/session.php, but there may be other relevant lines of code in other files as well.

Here is how I enabled the automatic authentication:

Usebb installed as a subfolder of parent web app. The parent web app has a variable $login for username of logged in user.
(Assuming all user names from parent app are already loaded as accounts into usebb database.)

Created a link in parent app to usebb dynamically appending a GET variable for username (perhaps a POST variable would be better but usebb will be restricted to selected staff and I don't expect hacking attempts):
http://parent.app.com/UseBB/panel.php?act=login&u=username

Modified sources/panel_login.php as follows:
around line 118:

/** set the if statement to always true so that any password will work as long as username is correct **/		
/** remmed original if statement
/**	} elseif ( md5($_POST['passwd']) == $userdata['passwd'] ) { **/
/** new if statement: **/
	} elseif ( 1 == 1 ) {

Around line 195:

		/** begin: check to make sure login screen opened from parent application **/
		$nvref = getenv("HTTP_REFERER");
		$nvcheck = substr($nvref,7,14);
		if ( $nvcheck == "parent.app.com" ) {
			$login = ( isset($_GET['u']) ) ? $_GET['u'] : null;      /** get login name from url **/
		} else {
			$login = null;
		}
		/** end: check to make sure login opened from scheduler application **/

		/** readonly for user_input input tag, added default value and "hidden"-instead of "password"- input type for pw **/
		/** put any value in link_sendpwd because disabled the password check above **/
		$template->parse('login_form', 'various', array(
			'form_begin'     => '<form action="'.$functions->make_url('panel.php', array('act' => 'login')).'" method="post">',
			'user_input'     => 'automatic, <strong>(must be opened from the parent application)</strong> click Login button <input type="hidden" name="user" id="user" size="25" maxlength="255" value="'. $login .'" readonly="readonly" tabindex="1" />',
			'password_input' => '<input type="hidden" name="passwd" size="25" maxlength="255" value="anyvalue" tabindex="2" />',
			'remember_input' => $remember_input,
			'submit_button'  => '<input type="submit" value="'.$lang['LogIn'].'" tabindex="4" />',
			'reset_button'   => '<input type="reset" value="'.$lang['Reset'].'" />',
			'link_reg'       => '--------',  /** do not display "Register" link **/
			'link_sendpwd'   => 'automatic, click Login button',
			'form_end'       => '</form>'
		));

Also in board setup, ensure guests are NOT allowed to view anything.

Discovered problems.
Multiple users will use same machine to access parent app and Usebb. If one user does not "logout" of Usebb the next user of parent app will auto login as previous user (client cookie not updated) and if a browser window was left open.

I changed the auto login from getting username from get variable to post variable.
So in parent app created a form to open usebb in new window:

/** begin: form to open discussion board in new window **/
echo ("<br clear=\"all\" />\n");
echo ("<form name=\"discussionbutton\" method=\"post\" action=\"UseBB/panel.php?act=login\" target=\"_blank\">\n");
echo ("<input type=\"hidden\" name=\"username\" value=\"". $login ."\" />\n");
echo ("<input type=\"submit\" value=\"Schedule Discussion\" />\n");
echo ("</form><br />\n");
echo ("<br clear=\"all\" />\n");

/** end: form to open discussion board in new window **/

so change the username check in panel_login.php
around line 195:

		/** begin: check to make sure login opened from scheduler application using form button **/
		$login = ( isset($_POST['username']) ) ? $_POST['username'] : null;
		/** end: check to make sure login opened from scheduler application using form button **/

To fix the session problem:
(This is not the best fix but it resolves problem. User may have to click the parent app link twice if previous usebb user did not logout.)
in panel_login.php
around line 156:

} else {

	# begin: session management to ensure that if previous of same machine user did not logout but just closed window and left a browser window open
	$functions->setcookie($functions->get_config('session_name').'_sid', '');
	# end: session management to ensure that if previous user of same machine did not logout but just closed window and left a browser window open

	
	//
	// Show the login form, if the user is not logged in

To make things easier for users I made the "logout" link immediate instead of requiring user confirmation:
in panel_logout.php
around line 55:

} else {

	/**  begin: make the logout link logout instead of requiring confirmation from user **/
	# if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
	if ( 1 == 1 ) {
		
		# if ( !empty($_POST['logout']) ) {
		if ( 1 == 1 ) {
	/**  end: make the logout link logout instead of requiring confirmation from user **/

This works for me now. Perhaps this might help other but remember/review this forum's sticky note about security and code modifications.