UBB.threads PHP Forum Software Community Forums General Suggestions and Feedback Please promote Chat integration, most competitors do so

I have checked out several dozens of chats. Most have integration with many competing forum softwares

As far as I am concerned, for me integration means only the use of the user database for authentication. Also a link to see the user profile from the chat (became more difficult since the profile is not accessible by name but only by a number)

Often the Chat producing company offers integration scripts. This is easy for freeware boards. For paid boards they need cooperation by the management of the forum software (you guys at ubbcentral) to get access to the software or even better advice on how it works

Now notably among all boards ubb integration is basically always missing.

My wishes and suggestion:
provide standard integration scripts as standard


external_authentication.php
called from the chat software, receives as parameters username and userpass, either clear text or md5 encoded.
returns a number from 0 to 5 or so
0 refused, wrong password or username
1 regular member
2 moderator
3 admin
-1 banned


b) show_profile_by_name.php,
input is the username, translates it into usernumber and provides this number as output or shows the user's profile

c) some routines to use the existent ubb cookie for automatic login to a chat. For security reason, there still should be a database check for session number and/or password


d) give short clear concise instructions where username, password, moderatorstatus, admin_status, username, userid are in the database. maybe also BAN status. So the software can make direct calls to the database



e) provide cooperation with chat companies, providing sample software or access to installations for testing

To be very specific, I would want as soon as possible, integration with this chat:

http://www.addonchat.com
They are looking forward to cooperate

If you could provide the routines and info I requested in the prior post, anyone could hack the user-database-integration in no time.


http://forums.addoninteractive.com/showthread.php?t=3270
Get AddonChat integrated with your favorite software product!
If you're running a third-party product that does not presently offer integration or remote authentication features for AddonChat, let us know! Better yet, let them know!

Contact the provider of the product you'd like integrated with AddonChat, and express your interest in having a simple, seamless integration method available with their product.

AddonInteractive works with many companies to make integration with our products seamless, and easy to setup for our customers. We're more than happy to work with your favorite software product company to get integration working. Have them eMail us at support@addoninteractive.com, or have them call us toll-free at 866.459.9810.

We also offer special affiliate offers for third-party vendors interested in integration. Though we make every attempt on our customer's behalf to get in touch with other companies regarding integration, such companies are much more likely to listen to your input; after all you are their customer.
__________________

There are 3 other chat options listed on ubbDev -- I personally use FlashChat which works very well.

I do believe Rick is planning on working on API access to threads in the future.

As for integrations, I'm sure if they contact him he'd be more than willing to help them; he did this with FlashChat.

I for one see integrations as a luxury, there are so many features that everyone is hoping for that demanding one thing right now for one user is pretty outlandish... especially since there are plenty of existing options at UBBDev currently...

I looked at some of these chat integrations

They are good as integrations, in the sense of the chat fitting inside the board space.

The chat integrations I studied, are not good as "safe" chats.

They are not safeguarded to prevent that people cannot come into the chat with fake names, imitating other people's nicknames.

It is not difficult for me to get into these chats with the name Gizmo, for example.

Partly that has to do with the fact that most free versions of chats do not allow user authentication with external database calls or cgi calls. I need to use a paid chat version, and almost all of these allow external authentication.

I need a safe chat, that guarantees that if there is a Gizmo in the chat, it really is the real Gizmo, the only one that can log into this forum (provided that his password is not compromised, of course).

Sorry Gizmo, nothing personal. But imitating important and prominent board members and admins is an exciting sport for some people then imitating a stranger named curiousguy.

The same way ubb forum is secured against "fake Gizmos" and other impostors, I need to secure my chat.

And that does not work the way most of these chat integrations work. They all have back doors. In the worst case, I fiddle a little with my ubb cookie and write gizmo instead of curiousguy into it, and most likely I am in the chat as a fake gizmo, without needing to know his password.

If that were not true, then the required routine already would be part of these integration:

I need an authentication cgi routine that can be called from the chat or any other external program, that

• takes as input username and password, maybe an ip number and takes as input username and password, and
• gives as output if the person is authorized to enter as regular chatter, as admin, as moderator, or not authorized to enter, or banned

Now I could hack this myself, using some login routine from the ubbthreads software. But I admit I am not too familiar with that software, it would be lots of work and an ugly inefficient hack.

So I wonder if someone already did that, or if someone can hack in 1 hour what would take me 20 hours. And if it would not be a good idea to make this part of the official ubb distribution: external_authentication.php

Here is an example of the specs of such a routine

Remote (HTTP) authentication
If you have your own member database, you may take advantage of our advanced Remote Authentication System, or RAS. RAS allows you to authenticate access to your chat room from your own web site. Advanced customers may create a simple script, hosted on your web site, that tells our servers if a user should be allowed access to your chat room.


http://support.addoninteractive.com/index.php?action=kb&article=9
Remote Authentication System v1.0
This is the one I am most interested in right now



Other database integrations
http://123flashchat.com/integration-faq.html#d2
2. If I host my website and you host my chat room, can you integrate my database?

Yes.
We'll offer you a dynamic web application like a php file or an asp file, please configure the file with your database information, upload it to your web server to co-operate with the integration, then give us the url of the dynamic web page, so that 123 flash chat server can authorize your members' login information using the file. So please contact a live supporter at demo room now or write to support@123flashchat.com to request the file.


http://123flashchat.com/auto-login-guest.html
How to auto-login without database integration?


http://www.realchat.com/doc/database-integration.html

http://www.parachat.com/documentation/hosted7/Web%5FAdministration/site/auth_code.htm

A few examples for existing integrations. For some reason, ubb is conspicuously absent from most of these lists


* phpBB2 - RealChat intergration mod for phpBB2 (works with EasyMOD)
* phpBB3 - RealChat intergration mod for phpBB3
* Joomla - RealChat integration module for Joomla 1.0.x
* IP.Board - RealChat integration component for Invision Power Board 2.2
* vBulletin - instructions for integrating RealChat with vBulletin 3.6


http://123flashchat.com/integration-faq.html#d2
DATABASE INTEGRATION

PHPBB Chat Module
Joomla! Chat Module
Drupal Chat Module
PHP-Nuke Chat Module
PostNuke Chat Module
IPB Chat Module
vBulletin Chat Module
MaxWebPortal Chat Module
MegaBBS Chat Module
Mambo Chat Module
SMF Chat Module
Xoops Chat Module
CPG-Nuke Chat Module
E107 Chat Module
XMB Chat Module
PHP-Fusion Chat Module
IP-cms Chat Module
WebWiz Chat Module
more coming soon...

Well, I understand you have needs, that's all fine and dandy; but keep in mind that the chat integrations at ubbdev are made by ubb members; I highly doubt that many chat companies want to maintain anything past an initial creation.

Still does not change the fact that Rick is one man working on one large product; people need to approach him when he has spare time to request he work with them to help get something working for THEIR product...

BTW, the reason other chat programs don't work in the manner you're wanting is because they work with existing items... For example, PJIRC is simply an IRC client that works on IRC Servers; your users COULD register their nicknames on the server of your choice...

FlashChat DOES integrate into the UBB, user database and all.

CG, "123 Flash Chat" has nothing to do with the FlashChat I use. The one I link to is not IRC based, it's fully integrated into Threads' database, and the integration file is compatible with (at least) Threads 7.1. When 7.3 final is released I'll test it. If you want to join my forum to try it out, be my guest.

FWIW, I personally wouldn't work on installing/integrating ANY add-ons before 7.3 final comes out just in case something's changed in how Threads works.

My personal understanding of integration is integrating the user database.

I think flashchat goes too far. integrating both databases looks a bit dangerous to me. one might disturb or corrupt the other database.
I would feel safer with 2 databases, the other database is consulted only for entry authentication. Or even only via a cgi authentication function, so the chat does not access the database at all.

The second problem of flash chat is that it seems not to work for more then 25 visitors or so. At least that is what I got from posting to their board.
Otherwise it looks very very interesting.

I see most people understand by integration:
integration into space and looks of the forum.

I am talking about user database authentication integration. username and password integration.


I think there is one easy quick and dirty way for user database integration. And most chats allow this external cgi authentication method. One function and most chats are user database integrated.



Gizmo or Rick would hack it in 20 minutes and then add it for the good of everyone.

Any takers, please?

autenticate.php
input: username
Input: userpassword, either MD5 or unencoded
Potential input: IP number

Output:
number indicating if user, mod, admin, wrong password or username, blocked
maybe also user id as output

user_info.php:
input user NAME, not number
output: either user number or user info
This one is needed if the chat user wants to see a user profile. User profiles cannot be called by user name but by user id, this is what this function is needed for.




I first thought I could hack this together in 2 hours. But I took a look and got lost, could not find where the login and authentication routine is located, and how to find if someone is an admin or moderator. If nobody does the hack, can anyone give me some hints where to start? scripts/login.inc.php ???

or gizmo, can you spare 20 minutes to hack that?

The password is encoded in the db, so it wouldn't be able to do plain; nor would it be secure .

What do you mean to say?

The password will either be furnished in MD5 encoding, or plain. Depending on this, the authentication.php routine will compare either directly or after MD5 encoding.

Yes, would be more secure to send in MD5 encoded format. But on the path from user entry to the php program it always gets transmitted insecurely, unless if the forum were on a secure server. And maybe if the password comes from an encoded cookie.

Still asking. Any takers that either have pity to program the auth function, or at least give me some hints?

Probably a straight readout of username and userpassword from the database might be the easiest way. Plus admin and moderator status. Plus IP block and other user block status.

Simply take what the user provides, and use the select statement to grab only rows containing that hash with that userid; then there would be no security issue as any rows not matching said userid/pass would return no rows.

As the password is already stored encoded, you wouldn't be sending an unencoded password to the database, it wouldn't SEE the password unencoded...

just include user_auth.inc.php (ubbdev has an example) -- workie fine, when you use it properly.