miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Specific miniBB Support Forums / Specific /  
 

Protecting forums with htaccess and using its passwords to login in minibb

 
Author domlb
Partaker
#1 | Posted: 21 May 2010 02:53 
Hello,

I want to use minibb in a private way, so that only my users (only a handfull) can see it.
I want to use htaccess (unless there is another way) to completely protect the forum from strangers. But I also want to simplify the login, because the users are not much into computers..

I would like the users to automatically be logged in by using their login/pass in the htaccess.

I know how to put all the login/passwords in the htaccess/htpasswd files, but how do i pass this info to minibb to do the login in the forums ?

I found this somewhere :
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

to get the login/pass from the htaccess login, but how do i use it for minibb ?

Thanks :)

Author Paul
Lead Developer 
#2 | Posted: 21 May 2010 05:30 
It's a big programming task having deep custom level.

Whatever you need to do first, is to generate .htaccess somehow basing on user information coming from mySQL database. This data should be some how synchronized. miniBB can't work without users database.

Then pay attention to bb_cookie.php file of miniBB and its functions. Currently, functions are tied up to work with cookies. So you need to implement code to work with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], i.e. comparing these values with those specified in database.

Author domlb
Partaker
#3 | Posted: 21 May 2010 07:10 
hmm.. ok, seems hard, as for the database, the users will give me their name/passwords and i'll sign them up myself in the forum, so they will be in the database.

The only thing is that they now have to enter their login/pass twice, once for htacces and then for minibb, i was just wondering if they could be directly logged in to the forum thanks to the name/pass they enter for htaccess..

Author Paul
Lead Developer 
#4 | Posted: 21 May 2010 09:09 
Yes, like I mentioned - you should program a script which will generate and put .htaccess regarding what is inside of your users database. That's the only possible approach.

However here you have another problem - all passwords in miniBB are MD5-encoded, so you can't get them easily for building such a list. Most probably, you would need to program an add-on, which inserts line in .htaccess as soon as you register the user. Quite a complicated task if you don't know the structure of miniBB. But I guess that's possible. You only need to know how Apache stores its .htaccess passwords.

Basically, I just don't understand, why do you need both ways of authorization? One default would be enough even for newbies.

Author domlb
Partaker
#5 | Posted: 21 May 2010 09:46 
you mean, the same password for everyone for the htaccess and then the individual one for the forum ?

Yes, i thought of that, but that would mean 2 different logins and passwords to enter the system, which for the target users (some at age of retiring soon) a bit too much.. I really want to simplify the login process.. if you have any other idea... :)

Basically, what i need is :

- Only a few selected people can access and see the forums
- Login has to be ultra easy


Thanks again for the help

Author Paul
Lead Developer 
#6 | Posted: 24 May 2010 02:31 
It's a custom solution. We provide such for a fee only.

No, you don't need 2 .htaccess files. What I mean, the .htaccess should be generated by some other script which puts the data based on what is put under users table. Then the authorization script (bb_cookie.php) should also parse and take this data into consideration.

In other words, it's a task for a very experienced coder ;-)

Specific miniBB Support Forums / Specific /
 Protecting forums with htaccess and using its passwords to login in minibb
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑