Prashant’s Blog

Integrating the Vanilla forum into a PHP application

I recently had to integrate the Vanilla forum into a PHP application I was building so I thought I’d share the experience. The Vanilla forum is a lightweight, open-source, PHP/MySQL based discussion forum.

The Vanilla installation process is straightforward so I’ll skip that and get right to the integration tips:

I installed the forum (version 1.0.3) into /forum within my main application’s document root. You can install it into whichever folder you want, just keep in mind that you will have to reference it accordingly whenever I refer to /forum.
To make life easier it’s best to let Vanilla share the same database with your main app. This not only saves you having to switch database connections on the fly when dealing with the forum but lets you gather collective information by joining the forum tables to your own tables using foreign keys; e.g. getting the number of users who made a forum post after buying a product from your site. The Vanilla forum prefixes all its database tables with LUM_ so hopefully you have your own table naming convention (adding a prefix is good practice!). For the purpose of this tutorial, I’ll use the prefix MY_ to denote my own tables.
Every time someone signs up as a user on your application, just make a corresponding insert into the LUM_User table. Here are the fields that I populate:
- UserID (int) - The primary key for my own users table (MY_users) is an integer as well so it acts as the foreign key in this one-to-one relationship. If you use something else as your primary key (e.g. an md5 hash) just create another integer field within your own users table to act as the foreign key; in order to keep the keys in sync, you could first make an insert into your own users table, then insert into LUM_User and get the last insert id and update your users table with that id. Other approaches to keep the keys in sync would be to always write the last insert id into a file or get it on the fly with something like MAX(LUM_User.UserID) - note that you would have to increment the value by 1 for both these approaches.
- StyleID (int) - Optional. If you’re using a custom style/theme make sure to fill this with its corresponding id. You can check it by referring to the LUM_Style table.
- RoleID (int) - What role do you want your users to have by default within the forum? Use 3 for “Member”.
- FirstName, LastName, Email (varchar) - Optional. If you want the user’s name and email to be available within the forum. The user still has control on whether his/her name and email is displayed to others. It’s probably best to fill the email field to allow forum notifications to be sent out to the user.
- Name (varchar) - This is Vanilla’s equivalent of a username. Ideally you should try to enforce the uniqueness of this field.
- Password (varchar) - An md5 hash of your user’s plain-text password.
- VerificationKey (varchar) - Not too sure about this field other than it’s an md5 hash and it’s needed for a login cookie (explained below) so I set it to something I could easily re-create/change (nothing random in the hash) - e.g.:
  
  md5($username . $email);
- DateFirstVisit (datetime) - Optional. You can just use NOW() for this field.
- RemoteIP (varchar) - Optional. Try using $_SERVER[’REMOTE_ADDR’].
In order to create a unified login between your application and the Vanilla forum, you’ll need to set two cookies (lussumocookieone and lussumocookietwo) specifically for the forum. The idea is that as long as these two cookies are set the user will be automatically logged into the forum so it’s best to set them in your own application’s login function. You’ll need to pull the LUM_User.UserID and LUM_User.VerificationKey from the database for use in the cookies. e.g.:

setcookie("lussumocookieone", $user_id, 0, "/", ".yourdomain.com");
setcookie("lussumocookietwo", $verification_key, 0, "/", ".yourdomain.com");
To create a unified logout just destroy the Vanilla forum cookies within your application’s own logout function. e.g.:

setcookie("lussumocookieone", "", time() -42000, "/", ".yourdomain.com");
setcookie("lussumocookietwo", "", time() -42000, "/", ".yourdomain.com");
To finish up the unified (unified here meaning that the main application and the forum share the same functions and links) login/logout procedure you’ll want to add the following lines into /forum/conf/settings.php:

$Configuration[‘SIGNIN_URL’] = ‘../login/’; //point it to your application’s login link
$Configuration[‘SIGNOUT_URL’] = ‘../logout/’; //point it to your application’s logout link
$Configuration[‘SAFE_REDIRECT’] = ‘../logout/’; //point it to your application’s logout link
If you want to prevent users from changing their username, email and firstname/lastname via the forum you should add these lines to /forum/conf/settings.php:

$Configuration[‘ALLOW_NAME_CHANGE’] = ‘0′;
$Configuration[‘ALLOW_EMAIL_CHANGE’] = ‘0′;
$Configuration[‘ALLOW_PASSWORD_CHANGE’] = ‘0′;

That’s the core of it! Here’s some additional quick & clean hacks to try:

If you want to hide Vanilla’s forum version information without hacking the theme files you can just add the following line to /forum/conf/language.php:

$Context->Dictionary[‘PanelFooter’] = ”;
To prevent user’s from registering via the forum directly, again without hacking the theme files, you can just delete/rename the file /forum/people.php

Lastly, if you allow your users to change any details like username, password, email, firstname/lastname within your main application, you should remember to update the corresponding fields in LUM_User and don’t forget to update the verification key as well if needed.

That’s it! If you hit any road bumps or need any help please feel free to leave a comment and I’ll get back to you ASAP.

References:

Chi said on May 3, 2007 at 8:52 am

Thanks for this great tutorial!!

Praveen Rajan said on May 3, 2007 at 5:10 pm

Must’ve taken a while! Kudos, well documented.

Chi said on May 15, 2007 at 6:53 am

Hey man just checkin..u said to set the cookie..but you didnt say wat variables to pull from the database…a quick example will be sufficient…

Prashant Nadarajan said on May 15, 2007 at 10:10 am

Hi Chi,

You need to pull LUM_User.UserID and LUM_User.VerificationKey. It’s mentioned in item 4.

Joe said on September 11, 2007 at 12:14 pm

Hi there,

Thanks for a great tutorial. I’ve been looking for an integration tutorial or mod for vanilla and socialengine, found at socialengine.net- I’ve looked everywhere to no avail. Your tutorial is the only one not predefined with a certain program such as (Word Press). Do you think your tutorial can help me pull what I’m trying to accomplish? Please help. I’m willing to pay for an integrations.

Thanks,

Joe

Prashant said on September 12, 2007 at 12:10 am

Hi Joe,

I haven’t tried using SocialEngine myself but if you know how the app works then integrating it with Vanilla shouldn’t be too difficult. If you have specific questions regarding the Vanilla integration points, I’ll be more than happy to clarify where I can.

Also, if you’re interested in building a social network, you may want to take a look at Ning (http://www.ning.com/). May be the easier path to take

Jan said on May 7, 2008 at 2:09 am

Hi Prashant,

many thanks for your great tutorial. It really helped me a lot with our application integration.

Only that I almost killed myself trying to logoff from Vanilla from my applications logout routine. I was able to authenticate but never to deauthenticate. Untill I learned that you have to synchronize the application session and the vanilla session. Which means you have to add the line
$Configuration[’SESSION_NAME’] = ‘my_session’;
in the file conf/settings.php when you are using a not standard session name like ‘my_session’. This line tells Vanilla to use the different session name for its authentication.

Furthermore you have to destroy the session when logging out. Just add the line
session_destroy();
to your applications logout routine and everything seems to be working smoothly afterwards.

Jason said on August 26, 2008 at 3:45 am

It seems Vanilla has changed a bit since this post was written. I was able to use your guide and mod it a bit and can now login to Vanilla through an alternative login form but it won’t logout. It seems Vanilla uses php sessions to store user login information, and it seems Vanilla uses a different session altogether than the application I am trying to integrate it with.

Any pointers or perhaps an updated tutorial? This is the ONLY post I can find about integrating Vanilla into a custom application and I have looked for hours upon hours at other examples and am just lost.

Thanks buddy!

Jason said on August 26, 2008 at 4:34 am

It’s me again, I was able to figure it out. I did what Jan said about and it works like a charm. I can now login and out using whatever method I want. Thanks again for all your efforts, and thank you Jan!

Jason

Deepak said on August 29, 2008 at 12:08 am

Thanks, Saved lots of time.

differant-jason said on October 29, 2008 at 10:59 pm

thanks dude.. exactly what I was looking for. KUDOS!!

Jason Judge said on November 24, 2008 at 1:40 am

About the verification key - it seems to be a potental security vulnerability. To log into a forum as a specific user, all you need to know is the verification key and user ID. There are ways of getting hold of the user ID (from postings) and if you create a verification key that is determinate (i.e. can be calculated knowing various things about the account you are logging into) then an attacker could create the pair of cookies and waltz right in.

Check out the function DefineVerificationKey() in Vanilla. It goes to great lengths to ensure the key is random. IMO it should be reset and randomised each time the user logs out.

Integrating the Vanilla forum into a PHP application

Skip to comment form »

Leave a comment

RSS feed for comments on this post.

TrackBack URI

Entry Details