Custom forum login using external database
-
I need to prevent users from being able to see the forum unless they are logged in. The trick is, the login form needs to authenticate against an external database that is contained in one of our servers (not WP or BBPress).
I’m trying to figure out the smartest way to do this. I thought of just creating a regular PHP login, but I’m not sure exactly how to restrict the forum this way. Right now I have all of my forums set to “private” which pretty much does the restriction for you.
It’s a bit complicated but any suggestions would be awesome.
-
This is getting more complicated the more I realize what I need to do. Basically I have to add an extra login field to the WordPress / BBPress login. But the data in the field I have to add to the form resides on a separate database. So the complicated part is that I have ‘Username’ and ‘Password’ that is authenticated on the WordPress database and “Customer Number” that resides on another database. I’m not sure if there is a way to authenticate one login using multiple db’s.
I think the only way to do what you want wil be using a completely custom login form that you pass to your own server for validation. You won’t be able to use the WordPress login form (or the function that generates it) at all.
There are about a dozen different ways you can take this based on the 5 minutes I’ve thought about it. Really just depends if you’re going for elegant, easy, or some where in between. It’s going to take custom code regardless.
Jared, thanks for the feedback. The more I thought about it, about a thousand different ways to do it popped into my head as well (spun my brain into a scrambled egg). At this point, I’ve basically started to write the custom login from the ground up. I’m going to create a shortcode out of it at the end.
I just started it but so far I just have the basic connection and query going:
function restrictForum(){
$db_name = 'dbname';
$con = mysql_connect("URL","username","password*");
mysql_select_db("$db_name")or die("cannot select DB");
$cust_no = $_POST['custno'];
$sql = "SELECT * FROM customer_data WHERE customer_number = $cust_no";
echo('Customer #');
}
I previously had this small bit into a shortcode that just checked if the user was logged in then provided the bbpress login form if they weren’t:
function restrictForum(){
if(!is_user_logged_in()){
echo('You must login to access the forum');
echo do_shortcode('[bbp-login]');
}
}add_shortcode('forum-login-restrict','restrictForum');
So here is how I would do it (I think) if I wanted something easy yet half way elegant.
I’d create a /login page in WordPress that has a custom page template (page-login.php) that contains some custom stuff. It still breaks the process up into two parts, which is not ideal, but its the easiest way without putting in some time to get around that.
Essentially, it would be something like this. First ask for the customer ID. They enter that in and submit it. If it’s valid then reload the page and show the bbPress login.
if ( isset( $_GET['cid'] ) && !empty( $_GET['cid'] ) ) {
// cid (customer ID) is present, show the bbPress login form
echo 'Please enter your username and password to complete the login process';
echo do_shortcode('bbp-login');} elseif ( $_GET['error'] == true ) {
// cid entered was not valid
echo 'The customer ID you entered is not valid.';} else {
// cid is absent so show the form to validate it
// do your custom form here that asks for the customer ID. Then if the customer ID
// is correct/valid reload this page like /login?cid=123456 which will show
// the bbPress login form.
}Another option would be on the first form to ask for the username. Then you could take that and have it auto fill in on the login form using the WordPress login form function (wouldn’t be able to use the bbPress shortcode for this).
sd
I like your method, I’m also trying to figure out a way to keep it on one page. I just noticed your post so I will have to try it, but I did something like this. It doesn’t work:
I have a login-form.php with the basic stuff (this forum keeps stripping my form code so I have to put some sloppy stuff in here:
form method = "get"
input name="cid" id="cid" type="text"
I have a checklogin.php file:
if(isset($_POST['submit'])){
$db_name = 'synoptix';
$con = mysql_connect("url,"username","password");
mysql_select_db("$db_name")or die("cannot select DB");
$cust_id = $_GET['cid'];
$cust_id = stripslashes($cust_id);
$cust_id = mysql_real_escape_string($cust_id);
$sql="SELECT * FROM customer_data WHERE customer_number='$cust_id', LIMIT 1";
if(mysql_num_rows($sql) == 1){
$row = mysql_fetch_array($sql);
session_start();
$_SESSION['cid'] = $row['cid'];
echo('kind of worked');
} else {
echo("worked");
}
}else {
include_once("login-form.php");
}
Then I made my shortcode in functions.php that just calls the checklogin.php file:
function restrictForum(){
include_once("checklogin.php");
}
add_shortcode('forum-login-restrict','restrictForum');There is something seriously wrong with this method. I am studying your solution as best as I can to try and implement that as well.
I like your method, I’m also trying to figure out a way to keep it on one page. I just noticed your post so I will have to try it, but I did something like this. It doesn’t work:
I have a login-form.php with the basic stuff (this forum keeps stripping my form code so I have to put some sloppy stuff in here:
form method = "get"
input name="cid" id="cid" type="text"
I have a checklogin.php file:
if(isset($_POST['submit'])){
$db_name = 'dname';
$con = mysql_connect("url,"username","password");
mysql_select_db("$db_name")or die("cannot select DB");
$cust_id = $_GET['cid'];
$cust_id = stripslashes($cust_id);
$cust_id = mysql_real_escape_string($cust_id);
$sql="SELECT * FROM customer_data WHERE customer_number='$cust_id', LIMIT 1";
if(mysql_num_rows($sql) == 1){
$row = mysql_fetch_array($sql);
session_start();
$_SESSION['cid'] = $row['cid'];
echo('kind of worked');
} else {
echo("worked");
}
}else {
include_once("login-form.php");
}
Then I made my shortcode in functions.php that just calls the checklogin.php file:
function restrictForum(){
include_once("checklogin.php");
}
add_shortcode('forum-login-restrict','restrictForum');There is something seriously wrong with this method. I am studying your solution as best as I can to try and implement that as well.
I’m so close using Jeff’s solution!
I added a checker to the customer ID in the initial if statement since it was passing through regardless of what I entered.
&& mysql_num_rows($result) == 1
So the complete code ended up looking like this:
function restrictForum(){
$db_name = 'dbname';
$con = mysql_connect("url","usr","password");
mysql_select_db("$db_name")or die("cannot select DB");
$cust_id = mysql_real_escape_string($_GET['cid']);
$sql = "SELECT * FROM customer_data WHERE customer_number = $cust_id";
$result= mysql_query($sql);
if ( isset( $_GET['cid'] ) && !empty( $_GET['cid'] ) && mysql_num_rows($result) == 1) {
// cid (customer ID) is present, show the bbPress login form
echo 'Please enter your username and password to complete the login process ';
echo do_shortcode('bbp-login');} elseif ( $_GET['error'] == true ) {
// cid entered was not valid
echo 'The customer ID you entered is not valid.';} else {
echo ('
Enter Your Customer #
(form name="cust-form" id="cust-form" method="get")
(input name="cid" id="cid" type="text" maxlength="6" /)
(input type="submit" value="Validate"'/)
(/form));
// cid is absent so show the form to validate it
// do your custom form here that asks for the customer ID. Then if the customer ID
// is correct/valid reload this page like /login?cid=123456 which will show
// the bbPress login form.
}
}
add_shortcode('forum-login-restrict','restrictForum');
It’s weird though, whenever I enter an invalid customer ID, I get the MySQL error saying “mysql_num_rows() expects parameter 1 to be resource, boolean”.It’s also annoying that the bbpress shortcode I’m embedding is now showing up as text, literally “bbp-login” rather than the actual form using:
echo do_shortcode('bbp-login');
It’s weird though, whenever I enter an invalid customer ID, I get the MySQL error saying “mysql_num_rows() expects parameter 1 to be resource, boolean”.
You should probably check that $result has something before passing it to mysql_num_rows.
Okay something really strange is happening, I think it’s something to do with the GET method. When I enter the customer ID into the field and hit Submit, my URL blows up! For some reason it’s displaying my connection information for the WordPress db (obviously a big problem). And it keeps growing every time I submit. Not sure if it’s because I’m on a xampp server. Looks something like this
http://localhost/~homeFolder/Website/forum/?cid=555112&log=myusername&pwd=THEPASSWORD&user-cookie=1&redirect_to=http%3B%2C%Mlocalhost%2F~homeFolder%Website%2F&_wpnonce=a7841878&_wp_http_referer=%2F~homeFolder%Website%2Fforum%2F
Just got the whole thing working. Here is the code:
function restrictForum(){
$db_name = 'dbname';
$con = mysql_connect("url","username","password");
mysql_select_db("$db_name")or die("cannot select DB");
$cust_id = mysql_real_escape_string($_GET['cid']);
$sql = "SELECT * FROM customer_data WHERE customer_number = $cust_id";
$result= mysql_query($sql);
$cust_id_form = ('
Enter Your Customer #
');
if ( isset( $_GET['cid'] ) && !empty( $_GET['cid'] ) && mysql_num_rows($result) == 1) {
// cid (customer ID) is present, show the bbPress login form
echo ('Please enter your username and password to continue.');
echo do_shortcode('[bbp-login]');} elseif ( $_GET['error'] == true ) {
// cid entered was not valid
echo 'The customer ID you entered is not valid.';} elseif (!is_user_logged_in()){
echo $cust_id_form;
}
}
add_shortcode('forum-login-restrict','restrictForum');Actually I still get a SQL error when entering letters instead of #’s into the field. Also I need to make sure there is a valid result before submitting
- You must be logged in to reply to this topic.