|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
I have checked out several dozens of chats. Most have integration with many competing forum softwares
As far as I am concerned, for me integration means only the use of the user database for authentication. Also a link to see the user profile from the chat (became more difficult since the profile is not accessible by name but only by a number)
Often the Chat producing company offers integration scripts. This is easy for freeware boards. For paid boards they need cooperation by the management of the forum software (you guys at ubbcentral) to get access to the software or even better advice on how it works
Now notably among all boards ubb integration is basically always missing.
My wishes and suggestion: provide standard integration scripts as standard
external_authentication.php called from the chat software, receives as parameters username and userpass, either clear text or md5 encoded. returns a number from 0 to 5 or so 0 refused, wrong password or username 1 regular member 2 moderator 3 admin -1 banned
b) show_profile_by_name.php, input is the username, translates it into usernumber and provides this number as output or shows the user's profile
c) some routines to use the existent ubb cookie for automatic login to a chat. For security reason, there still should be a database check for session number and/or password
d) give short clear concise instructions where username, password, moderatorstatus, admin_status, username, userid are in the database. maybe also BAN status. So the software can make direct calls to the database
e) provide cooperation with chat companies, providing sample software or access to installations for testing
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
To be very specific, I would want as soon as possible, integration with this chat: http://www.addonchat.comThey are looking forward to cooperate If you could provide the routines and info I requested in the prior post, anyone could hack the user-database-integration in no time. http://forums.addoninteractive.com/showthread.php?t=3270Get AddonChat integrated with your favorite software product! If you're running a third-party product that does not presently offer integration or remote authentication features for AddonChat, let us know! Better yet, let them know! Contact the provider of the product you'd like integrated with AddonChat, and express your interest in having a simple, seamless integration method available with their product. AddonInteractive works with many companies to make integration with our products seamless, and easy to setup for our customers. We're more than happy to work with your favorite software product company to get integration working. Have them eMail us at support@addoninteractive.com, or have them call us toll-free at 866.459.9810. We also offer special affiliate offers for third-party vendors interested in integration. Though we make every attempt on our customer's behalf to get in touch with other companies regarding integration, such companies are much more likely to listen to your input; after all you are their customer. __________________
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
There are 3 other chat options listed on ubbDev -- I personally use FlashChat which works very well.
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
I do believe Rick is planning on working on API access to threads in the future.
As for integrations, I'm sure if they contact him he'd be more than willing to help them; he did this with FlashChat.
I for one see integrations as a luxury, there are so many features that everyone is hoping for that demanding one thing right now for one user is pretty outlandish... especially since there are plenty of existing options at UBBDev currently...
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
I looked at some of these chat integrations They are good as integrations, in the sense of the chat fitting inside the board space. The chat integrations I studied, are not good as "safe" chats. They are not safeguarded to prevent that people cannot come into the chat with fake names, imitating other people's nicknames. It is not difficult for me to get into these chats with the name Gizmo, for example. Partly that has to do with the fact that most free versions of chats do not allow user authentication with external database calls or cgi calls. I need to use a paid chat version, and almost all of these allow external authentication. I need a safe chat, that guarantees that if there is a Gizmo in the chat, it really is the real Gizmo, the only one that can log into this forum (provided that his password is not compromised, of course). Sorry Gizmo, nothing personal. But imitating important and prominent board members and admins is an exciting sport for some people then imitating a stranger named curiousguy. The same way ubb forum is secured against "fake Gizmos" and other impostors, I need to secure my chat. And that does not work the way most of these chat integrations work. They all have back doors. In the worst case, I fiddle a little with my ubb cookie and write gizmo instead of curiousguy into it, and most likely I am in the chat as a fake gizmo, without needing to know his password. If that were not true, then the required routine already would be part of these integration: I need an authentication cgi routine that can be called from the chat or any other external program, that
- takes as input username and password, maybe an ip number and takes as input username and password, and
- gives as output if the person is authorized to enter as regular chatter, as admin, as moderator, or not authorized to enter, or banned
Now I could hack this myself, using some login routine from the ubbthreads software. But I admit I am not too familiar with that software, it would be lots of work and an ugly inefficient hack. So I wonder if someone already did that, or if someone can hack in 1 hour what would take me 20 hours. And if it would not be a good idea to make this part of the official ubb distribution: external_authentication.php Here is an example of the specs of such a routine Remote (HTTP) authentication If you have your own member database, you may take advantage of our advanced Remote Authentication System, or RAS. RAS allows you to authenticate access to your chat room from your own web site. Advanced customers may create a simple script, hosted on your web site, that tells our servers if a user should be allowed access to your chat room. http://support.addoninteractive.com/index.php?action=kb&article=9Remote Authentication System v1.0 This is the one I am most interested in right now Other database integrationshttp://123flashchat.com/integration-faq.html#d22. If I host my website and you host my chat room, can you integrate my database? Yes. We'll offer you a dynamic web application like a php file or an asp file, please configure the file with your database information, upload it to your web server to co-operate with the integration, then give us the url of the dynamic web page, so that 123 flash chat server can authorize your members' login information using the file. So please contact a live supporter at demo room now or write to support@123flashchat.com to request the file. http://123flashchat.com/auto-login-guest.htmlHow to auto-login without database integration? http://www.realchat.com/doc/database-integration.htmlhttp://www.parachat.com/documentation/hosted7/Web%5FAdministration/site/auth_code.htm
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
A few examples for existing integrations. For some reason, ubb is conspicuously absent from most of these lists * phpBB2 - RealChat intergration mod for phpBB2 (works with EasyMOD) * phpBB3 - RealChat intergration mod for phpBB3 * Joomla - RealChat integration module for Joomla 1.0.x * IP.Board - RealChat integration component for Invision Power Board 2.2 * vBulletin - instructions for integrating RealChat with vBulletin 3.6 http://123flashchat.com/integration-faq.html#d2DATABASE INTEGRATION PHPBB Chat Module Joomla! Chat Module Drupal Chat Module PHP-Nuke Chat Module PostNuke Chat Module IPB Chat Module vBulletin Chat Module MaxWebPortal Chat Module MegaBBS Chat Module Mambo Chat Module SMF Chat Module Xoops Chat Module CPG-Nuke Chat Module E107 Chat Module XMB Chat Module PHP-Fusion Chat Module IP-cms Chat Module WebWiz Chat Module more coming soon...
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Well, I understand you have needs, that's all fine and dandy; but keep in mind that the chat integrations at ubbdev are made by ubb members; I highly doubt that many chat companies want to maintain anything past an initial creation.
Still does not change the fact that Rick is one man working on one large product; people need to approach him when he has spare time to request he work with them to help get something working for THEIR product...
BTW, the reason other chat programs don't work in the manner you're wanting is because they work with existing items... For example, PJIRC is simply an IRC client that works on IRC Servers; your users COULD register their nicknames on the server of your choice...
FlashChat DOES integrate into the UBB, user database and all.
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
CG, "123 Flash Chat" has nothing to do with the FlashChat I use. The one I link to is not IRC based, it's fully integrated into Threads' database, and the integration file is compatible with (at least) Threads 7.1. When 7.3 final is released I'll test it. If you want to join my forum to try it out, be my guest. FWIW, I personally wouldn't work on installing/integrating ANY add-ons before 7.3 final comes out just in case something's changed in how Threads works.
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
CG, "123 Flash Chat" has nothing to do with the FlashChat I use. The one I link to is not IRC based, it's fully integrated into Threads' database, and the integration file is compatible with (at least) Threads 7.1. When 7.3 final is released I'll test it. If you want to join my forum to try it out, be my guest. FWIW, I personally wouldn't work on installing/integrating ANY add-ons before 7.3 final comes out just in case something's changed in how Threads works. My personal understanding of integration is integrating the user database. I think flashchat goes too far. integrating both databases looks a bit dangerous to me. one might disturb or corrupt the other database. I would feel safer with 2 databases, the other database is consulted only for entry authentication. Or even only via a cgi authentication function, so the chat does not access the database at all. The second problem of flash chat is that it seems not to work for more then 25 visitors or so. At least that is what I got from posting to their board. Otherwise it looks very very interesting.
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
Well, I understand you have needs, that's all fine and dandy; but keep in mind that the chat integrations at ubbdev are made by ubb members; I highly doubt that many chat companies want to maintain anything past an initial creation. I see most people understand by integration: integration into space and looks of the forum. I am talking about user database authentication integration. username and password integration. I think there is one easy quick and dirty way for user database integration. And most chats allow this external cgi authentication method. One function and most chats are user database integrated. Gizmo or Rick would hack it in 20 minutes and then add it for the good of everyone. Any takers, please? autenticate.phpinput: username Input: userpassword, either MD5 or unencoded Potential input: IP number Output: number indicating if user, mod, admin, wrong password or username, blocked maybe also user id as output user_info.php:input user NAME, not number output: either user number or user info This one is needed if the chat user wants to see a user profile. User profiles cannot be called by user name but by user id, this is what this function is needed for. I first thought I could hack this together in 2 hours. But I took a look and got lost, could not find where the login and authentication routine is located, and how to find if someone is an admin or moderator. If nobody does the hack, can anyone give me some hints where to start? scripts/login.inc.php ??? or gizmo, can you spare 20 minutes to hack that?
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
The password is encoded in the db, so it wouldn't be able to do plain; nor would it be secure .
|
|
|
|
Joined: Jan 2008
Posts: 14
stranger
|
stranger
Joined: Jan 2008
Posts: 14 |
The password is encoded in the db, so it wouldn't be able to do plain; nor would it be secure . What do you mean to say? The password will either be furnished in MD5 encoding, or plain. Depending on this, the authentication.php routine will compare either directly or after MD5 encoding. Yes, would be more secure to send in MD5 encoded format. But on the path from user entry to the php program it always gets transmitted insecurely, unless if the forum were on a secure server. And maybe if the password comes from an encoded cookie. Still asking. Any takers that either have pity to program the auth function, or at least give me some hints? Probably a straight readout of username and userpassword from the database might be the easiest way. Plus admin and moderator status. Plus IP block and other user block status.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Simply take what the user provides, and use the select statement to grab only rows containing that hash with that userid; then there would be no security issue as any rows not matching said userid/pass would return no rows.
As the password is already stored encoded, you wouldn't be sending an unencoded password to the database, it wouldn't SEE the password unencoded...
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
just include user_auth.inc.php (ubbdev has an example) -- workie fine, when you use it properly.
|
|
|
1 members (Ruben),
1,277
guests, and
207
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|