Authentication to a phpbb based forum using C#

• Download DLL - 5.28 KB
• Download source code - 11.4 KB

Introduction

One of my sites is a phpBB forum and I extended it recently with a new functionality. Users can download a small C# application and they can track posts by keywords. My users were pleased, and I decided to add new features, like posting inside the application. The problem was how to login the users, so I will explain in this article how to create/keep/use the session.

Background

The most important part is how C# and phpBB manages cookies.

Using the code

The first step is to prepare the post data which will be sent to the forum, as a byte array. It will contain all the information required by the login process: username, password. An important parameter is the one called "redirect", because the login.php script will redirect to the main page when login succeeds. In this case, no cookies will be received. The point is to specify an invalid redirect parameter so that phpBB will stop the execution (so that cookies can be received).

// Note: autologin is set to keep the session
// for next "X" days (X is set in phpbb admin)
StringBuilder builder = new StringBuilder();
builder.Append("autologin=1&login=true&username=" + 
   _user + "&password=" + _password + "&redirect=\n");

byte[] data = Encoding.ASCII.GetBytes(builder.ToString());

Next, get the cookies sent by phpBB:

string[] keys = response.Headers.GetValues("Set-Cookie");>

The cookies should contain these two parameters: phpbb2mysql_data which is a serialized array containing the user ID and other information, phpbb2mysql_sid which is the session key. If the username and password are not correct, phpbb2mysql_data will contain a -1 which indicates that login failed.

If login succeeds, information like phpbb2mysql_sid, phpbb2mysql_data, and the user name are stored in a file by using serialization. The tricky part is that this information changes over time. During the next request to the forum, the phpBB will check your session in the database and update it. This means that at every request sent, we need to update the cookies using the latest ones.

Here is how to initialise the class:

PhpBBLogin.Instance.Domain = "www.your-domain.com";
//set this value from your admin area
PhpBBLogin.Instance.ValidityDaysForKey = 5;
PhpBBLogin.Instance.LoadCache();
//if something goes wrong, use LastError public member
PhpBBLogin.Instance.OnError += new EventHandler(Instance_OnError);
PhpBBLogin.Instance.OnLoginFinish += new EventHandler(Instance_OnLoginFinish);
PhpBBLogin.Instance.OnLogoutFinish += new EventHandler(Instance_OnLogoutFinish);

How to login:

PhpBBLogin.Instance.Login("username","password");
//This request is done in a separated thread. 
//when it finishes the OnLoginFinish event is triggered
//and you can check the property PhpBBLogin.Instance.IsLogged to see if login succeed.

Creating a new post when the user is logged:

string message="new post";
string subject="subject";
int f=1; //this is the forum ID.
string post="Post";
PhpBBLogin.Instance.PostMessage(
                    "subject=" + subject + "&" +
                    "message=" + message + "&" + 
                    "topictype=" + topictype + "&" + 
                    "f=" + f + "&" +
                    "post=" + post+"&"+
                    "mode=newtopic");

History

• Version 1.0: Submitted on 5.4.2008.