Check phpbb3 session

  • Danny1337
  • Student
  • Student
  • Danny1337
  • Posts: 70
  • Loc: Norway

Post 3+ Months Ago

Hey. I need a way to check if an user is online, on an external page WITHOUT adding the phpbb session to the page. I'm adding this on a Wordpress page, and the phpbb session causes conflicts with wordpress, since they have functions with the exact same name.. (like make_clickable)
So i kindof.. need to manually check if an user is online or not.

I made this code below, and it works. However, I have no idea if it has any flaws, or if it's safe

PHP Code: [ Select ]
$cookie_id = $_COOKIE['phpbb3_token_sid'];
$cookie_user = $_COOKIE['phpbb3_token_u'];
 
if($cookie_user!=1) {
   $query = mysql_query("SELECT * FROM phpbb3_sessions WHERE session_id LIKE '".mysql_real_escape_string($cookie_id)."'");
   if(mysql_num_rows($query)==1) {
         $find_name = mysql_query("SELECT * FROM phpbb3_users WHERE user_id LIKE '".mysql_real_escape_string($cookie_user)."'");
         if(mysql_num_rows($find_name)==1) {
            while($row=mysql_fetch_array($find_name)) {
               echo "Welcome, " . $row['username'] . "!";
            }
         }
   }
} else {
   echo "Not logged in";   
}
  1. $cookie_id = $_COOKIE['phpbb3_token_sid'];
  2. $cookie_user = $_COOKIE['phpbb3_token_u'];
  3.  
  4. if($cookie_user!=1) {
  5.    $query = mysql_query("SELECT * FROM phpbb3_sessions WHERE session_id LIKE '".mysql_real_escape_string($cookie_id)."'");
  6.    if(mysql_num_rows($query)==1) {
  7.          $find_name = mysql_query("SELECT * FROM phpbb3_users WHERE user_id LIKE '".mysql_real_escape_string($cookie_user)."'");
  8.          if(mysql_num_rows($find_name)==1) {
  9.             while($row=mysql_fetch_array($find_name)) {
  10.                echo "Welcome, " . $row['username'] . "!";
  11.             }
  12.          }
  13.    }
  14. } else {
  15.    echo "Not logged in";   
  16. }


What do you think?
thanks :)
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13504
  • Loc: Florida

Post 3+ Months Ago

It looks like you've skipped everything phpBB3 does to support visitors that don't use cookies. You've also skipped all of the session authentication measures.
  • Danny1337
  • Student
  • Student
  • Danny1337
  • Posts: 70
  • Loc: Norway

Post 3+ Months Ago

Lol, I didn't even think about that. Know a better way?

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 17 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.