Posts by esi

    so far I have created following, but still it's not working, can anyone tell me what am I missing
    here is my code to create cookie based session:


    Is there any work around to prevent redeclare __autoload() error?
    this error makes integration of external applications impossible and makes WCF framework almost useless

    example error:

    Fatal error: Cannot redeclare __autoload() (previously declared in /some file) in .../wcf/lib/core.functions.php on line 32

    any help appreciated

    This is a development release of Joomla 1.5 WBB Authentication/Bridge!


    • Joomla 1.5.x
    • WBB 3.x

    How to install:

    • Administration Page -> Extentions - Install/Uninstall
    • Upload&Install

    How to activate:

    • Administration Page -> Ententions >- Plugin Manager
    • Enable ->
      Authentication - Woltlab Burning Board 3.x
    • Disable -> Authentication Joomla

    How to configure:

    • Administration Page -> Ententions >- Plugin Manager
    • Edit Authentication - Worltlab Burning Board 3.x
    • Select local or remote installation types, if local enter the full or relative path including the last "/", e.g. "/home/user/public_html/forums/wcf/" or "./forums/wcf/"

    Currently Works:

    • when you login in Joomla with Remember Me option checked, you will be logged in both Joomla and WBB (cookies)
    • when you login in Joomla, th WBB user is being imported to Joomla

    Currently NOT working:

    • no SESSION support for WBB
    • when you logout in Joomla, if remembered me option was checked, you will still remain logged-in in WBB (remove cookie)

    To do:

    • clean up wbb3auth.php (move codes to wbb3user.php)
    • create wbb3user plugin to handle sessions, cookies and login&logout

    Probably I can't finish the code by myself and will require some help or someone to take this over and extend the functionality so feel free to download and modify


    P.S. I wasn't sure where to post this, feel free to move this to other sections if needed

    well unless you release it there will never be an english developer community hence wbb won't get popular internationally even if its 10 times better than IPB or vbulletin

    I've been using wbb since 2.2. version and sadly I feel like they don't want international community to get involved and I don't exactly know why
    by the way I can see that with version 3 they have tried to be more friendly with english community with language system and all but for developers, I can't see any change

    how can I create session for externally authenticated users without help of WCF libraries (including global.php in my application throws errors, however is there anyway to use WCF session libraries/class directly without using the whole framework?)

    any help appreciated


    fix for cookies problem, now when you login to Joomla, you will be also logged-in in WBB
    this is a quick how to, but a technical one I'll probably release a separate Joomla bridge soon :)

    create wbb_uid, wbb_psw and wbb_salt fields in joomla users table in database

    then change Getuserinfo_query to
    [MYSQL]SELECT userID, username AS name, username AS username, email, salt FROM wcf1_user WHERE username='%{user}' and password=SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('%{pass}')))))

    replace content of "sqlauth.php" file which is under /components/com_sqlauth/ folder with following code


    File : sqlauth.php
    Created :
    Updated :
    Author :
    Function :
    Comments :


    function sqlauth_get_config() {
    global $database;
    //get config
    $query = "SELECT *"
    . "\n FROM #__sqlauth"
    $database->setQuery( $query );
    if(!$result = $database->query()) {
    echo $database->stderr();
    $rows = $database->loadObjectList();

    $array_cfg = array();
    foreach ($rows as $row ) {
    $array_cfg[$row->name] = $row->value;

    Return $array_cfg;

    function sqlauth_auth($username, $password) {
    global $mosConfig_absolute_path;

    $config = sqlauth_get_config();

    global $mosConfig_absolute_path;

    $db = new database($config['sqlauth_dbhost'], $config['sqlauth_user'], $config['sqlauth_password'], $config['sqlauth_dbname']);

    $sql = stripslashes($config['sqlauth_getuserinfo']);
    $sql = str_replace('%{user}', addslashes($username),$sql);
    $sql = str_replace('%{pass}', addslashes($password),$sql);

    $db->setQuery( $sql );
    if ($db->loadObject( $row )) {
    Return $row;
    } else {
    Return false;

    function sqlauth_login( $username=null,$passwd=null, $remember=null ) {
    global $acl, $mosConfig_absolute_path, $database , $mainframe, $my;
    global $_VERSION, $_COOKIE,$_POST;

    // if no username and password passed from function, then function is being called from login module/component
    if (!$username || !$passwd) {
    $username = strval( mosGetParam( $_POST, 'username', '' ) );
    $password = mosGetParam( $_POST, 'passwd', '' );
    $passwd = md5( $password );
    $bypost = 1;
    // extra check to ensure that Joomla! sessioncookie exists
    if (!$mainframe->_session->session_id) {
    mosErrorAlert( _ALERT_ENABLED );

    if (!$username || !$passwd) {
    mosErrorAlert( _LOGIN_INCOMPLETE );
    } else {
    $row = null;
    if ( $remember && strlen($username) == 32 && strlen($passwd) == 32 && $userid ) {
    // query used for remember me cookie --modified by esi
    $harden = mosHash( @$_SERVER['HTTP_USER_AGENT'] );

    $query = "SELECT id, name, username, password, usertype, block, gid, wbb_uid, wbb_psw, wbb_salt"
    . "\n FROM #__users"
    . "\n WHERE id = " . (int) $userid
    $database->setQuery( $query );

    $check_username = md5( $user->username . $harden );
    $check_password = md5( $user->password . $harden );

    if ( $check_username == $username && $check_password == $passwd ) {
    $row = $user;
    } else {
    // query used for login via login module --modified by esi
    $query = "SELECT id, name, username, password, usertype, block, gid, wbb_uid, wbb_psw, wbb_salt"
    . "\n FROM #__users"
    . "\n WHERE username = ". $database->Quote( $username )
    . "\n AND password = ". $database->Quote( $passwd )
    $database->setQuery( $query );
    $database->loadObject( $row );

    if (is_object( $row )) {
    // user blocked from login
    if ($row->block == 1) {

    // fudge the group stuff
    $grp = $acl->getAroGroup( $row->id );
    $row->gid = 1;
    if ($acl->is_group_child_of( $grp->name, 'Registered', 'ARO' ) || $acl->is_group_child_of( $grp->name, 'Public Backend', 'ARO' )) {
    // fudge Authors, Editors, Publishers and Super Administrators into the Special Group
    $row->gid = 2;
    $row->usertype = $grp->name;

    // initialize session data
    $session =& $mainframe->_session;
    $session->guest = 0;
    $session->username = $row->username;
    $session->userid = intval( $row->id );
    $session->usertype = $row->usertype;
    $session->gid = intval( $row->gid );

    // update user visit data
    $currentDate = date("Y-m-d\TH:i:s");

    $query = "UPDATE #__users"
    . "\n SET lastvisitDate = ". $database->Quote( $currentDate )
    . "\n WHERE id = " . (int) $session->userid
    if (!$database->query()) {

    // set remember me cookie if selected
    $remember = strval( mosGetParam( $_POST, 'remember', '' ) );
    if ( $remember == 'yes' ) {
    // cookie lifetime of 365 days
    $lifetime = time() + 365*24*60*60;
    $remCookieName = mosMainFrame::remCookieName_User();
    $remCookieValue = mosMainFrame::remCookieValue_User( $row->username ) . mosMainFrame::remCookieValue_Pass( $row->password ) . $row->id;
    setcookie( $remCookieName, $remCookieValue, $lifetime, '/' );
    //By esi
    // note: if your forum directory called 'forums' then change "/wbb" to "/forums"

    setcookie("wcf_userID", $row->wbb_uid, $lifetime, "/wbb");
    setcookie("wcf_password", sha1($row->wbb_salt . sha1($password)), $lifetime, "/wbb");
    //By esi
    } elseif ( $sqlauth_user = sqlauth_auth($username, $password) ) {

    //authorized user.
    // check if the username is already joomlized :-)
    $query = "SELECT *"
    . "\n FROM #__users"
    . "\n WHERE username = '$username'"

    $database->setQuery( $query );
    $row = null;

    if ($database->loadObject( $userObject )) {
    $row = new mosUser( $database );
    foreach( $userObject as $key=>$val) {
    $row->$key = $val;
    $row->password = md5( $password );
    } else {
    $row = new mosUser( $database );

    $row->id = 0;
    $row->usertype = '';
    $row->gid = $acl->get_group_id( 'Registered', 'ARO' );
    $row->name = $sqlauth_user->name;
    $row->username = $sqlauth_user->username;
    $row->email = $sqlauth_user->email;
    $row->password = md5( $password );
    $row->registerDate = date('Y-m-d H:i:s');
    //By esi
    $row->wbb_uid = $sqlauth_user->userID;
    $row->wbb_psw = $sqlauth_user->password;
    $row->wbb_salt = $sqlauth_user->salt;
    //By esi

    if (!$row->store()) {
    echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";

    //back to joomla login
    $mainframe->login($username, $passwd);

    } else {
    if (isset($bypost)) {
    } else {

    global $mosConfig_debug, $mosConfig_lang, $option, $task;
    switch( $task ) {
    case "login":


    // JS Popup message
    if ( $message ) {
    <script language="javascript" type="text/javascript">
    alert( "<?php echo _LOGIN_SUCCESS; ?>" );

    if ( $return && !( strpos( $return, 'com_registration' ) || strpos( $return, 'com_login' ) ) ) {
    // checks for the presence of a return url
    // and ensures that this url is not the registration or login pages
    mosRedirect( $return );
    } else {
    mosRedirect( $mosConfig_live_site .'/index.php' );


    Note: still you need to login two times only for the first time, it actually registers the user at first and in the second time logs in normally, by the way you need to check "Remember me" option of Joomla Login Box otherwise this won't work, no support for sessions yet


    I just figured out a way to access Woltlab forums user database using Joomla and thought it might be a good idea to share it here
    after following this guide you will be able to link user authentication of Joomla with WBB forum

    - first you need to download MySQL Auth extention for Joomla
    - install the component and the module (don't forget to activate the module after installation)
    - in Administration page of Joomla, Select SQL Auth from Components menu
    - in the settings page enter your forums database host and user information (for security reasons I suggest make a secondary user with only READ access to your forum's database)

    for 'Getuserinfo query', enter the following line

    SELECT userID, username AS name, username AS username, email, salt FROM wcf1_user WHERE username='%{user}' and password=SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('%{pass}')))))

    using the default MySQL Auth component, cookies are not working properly and you need to login two times in order to actually login, however it's not a big deal I can probably find a way to fix this problem (or maybe someone else can provide a customized version of MySQL Auth faster than I do)



    I'm trying to link an application to wbb3 and need to know how passwords are created in wbb3,
    I tried the following combinations but they didn't get me the correct values

    md5(userinput . user-salt)
    md5(md5(user-input) . user-salt)

    P.S. user-input comes from my login form, and user-salt comes from wbb3 database

    Edit, I guess I found my answer. following code returned the correct value for password (for me)

    and this worked

    if($getuser['password'] == getDoubleSaltedHash($loginpassword, $getuser['salt']))
    //$getuser['password'] is the password entered from login form

    I just tried to install wbb3.0.0 on a cPanel server (shared hosting) and this is the error I'm getting:

    Is there anything I can do to work around this problem?


    Not now, but there will be some documentation. It's not finished now.

    I hope documentation will be available in English as well
    For mods, currently I'm using highly modified versions of JGS-XA applications (will send you the URL to my website in PM now)
    As for syntax, I think I really need to have a look at the source codes of php files and template files to figure out how I can write my own codes but Plug-In system makes me think it's complicated with wbb3


    All applications that are installed in one WCF installation share the same userbase and the same groups and some more things. You can even install more than one wBB3 in one WCF, if you have enough licenses.

    Is there any documentation anywhere that we can use to create our own mods? By the way at the moment I just want to modify my old favorite add-ons of wbb2 so I can use them on wbb3

    and by documentation I mean something like, in wbb2 to see if user is logged-in we were using (for example) <if wbbuser == 1><then>welcome $username</then><else>Login Form</else></if>
    now what would be the correct syntax for wbb3