Click here to Skip to main content
11,790,816 members (57,293 online)
Click here to Skip to main content

Authentication to a phpbb based forum using C#

, 5 Apr 2008 CPOL 54.8K 514 6
Rate this:
Please Sign up or sign in to vote.
Authentication to a phpbb based forum using C#.


One of my sites is a phpBB forum and I extended it recently with a new functionality. Users can download a small C# application and they can track posts by keywords. My users were pleased, and I decided to add new features, like posting inside the application. The problem was how to login the users, so I will explain in this article how to create/keep/use the session.


The most important part is how C# and phpBB manages cookies.

Using the code

The first step is to prepare the post data which will be sent to the forum, as a byte array. It will contain all the information required by the login process: username, password. An important parameter is the one called "redirect", because the login.php script will redirect to the main page when login succeeds. In this case, no cookies will be received. The point is to specify an invalid redirect parameter so that phpBB will stop the execution (so that cookies can be received).

// Note: autologin is set to keep the session
// for next "X" days (X is set in phpbb admin)
StringBuilder builder = new StringBuilder();
builder.Append("autologin=1&login=true&username=" + 
   _user + "&password=" + _password + "&redirect=\n");

byte[] data = Encoding.ASCII.GetBytes(builder.ToString());

Next, get the cookies sent by phpBB:

string[] keys = response.Headers.GetValues("Set-Cookie");>

The cookies should contain these two parameters: phpbb2mysql_data which is a serialized array containing the user ID and other information, phpbb2mysql_sid which is the session key. If the username and password are not correct, phpbb2mysql_data will contain a -1 which indicates that login failed.

If login succeeds, information like phpbb2mysql_sid, phpbb2mysql_data, and the user name are stored in a file by using serialization. The tricky part is that this information changes over time. During the next request to the forum, the phpBB will check your session in the database and update it. This means that at every request sent, we need to update the cookies using the latest ones.

Here is how to initialise the class:

PhpBBLogin.Instance.Domain = "";
//set this value from your admin area
PhpBBLogin.Instance.ValidityDaysForKey = 5;
//if something goes wrong, use LastError public member
PhpBBLogin.Instance.OnError += new EventHandler(Instance_OnError);
PhpBBLogin.Instance.OnLoginFinish += new EventHandler(Instance_OnLoginFinish);
PhpBBLogin.Instance.OnLogoutFinish += new EventHandler(Instance_OnLogoutFinish);

How to login:

//This request is done in a separated thread. 
//when it finishes the OnLoginFinish event is triggered
//and you can check the property PhpBBLogin.Instance.IsLogged to see if login succeed.

Creating a new post when the user is logged:

string message="new post";
string subject="subject";
int f=1; //this is the forum ID.
string post="Post";
                    "subject=" + subject + "&" +
                    "message=" + message + "&" + 
                    "topictype=" + topictype + "&" + 
                    "f=" + f + "&" +
                    "post=" + post+"&"+


  • Version 1.0: Submitted on 5.4.2008.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Romania Romania
No Biography provided

You may also be interested in...

Comments and Discussions

GeneralI tried it.. :( no success Pin
Manjeet Jagtap27-Dec-09 1:50
memberManjeet Jagtap27-Dec-09 1:50 
GeneralRe: I tried it.. :( no success Pin
gyllbert25-Jan-10 4:55
membergyllbert25-Jan-10 4:55 
GeneralRe: I tried it.. :( no success Pin
electrodevo23-Dec-10 17:56
memberelectrodevo23-Dec-10 17:56 
Just so you are aware, this code works great on PHPBB2, but does not work on PHPBB3. (3.0 uses a new PHP routine for the call, ucp.php, and also seems to have a challenge / response hash in the login which makes things a little more difficult to script...)
QuestionCan this work from a ASP.Net website? Pin
F1dave31-Mar-09 6:43
memberF1dave31-Mar-09 6:43 
Generalvbulletin Pin
Pestinha198417-Aug-08 14:52
memberPestinha198417-Aug-08 14:52 
GeneralLogin credentials Pin
nmilioti8-Apr-08 22:54
membernmilioti8-Apr-08 22:54 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.1509028.1 | Last Updated 5 Apr 2008
Article Copyright 2008 by gyllbert
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid