I wrote this article a while back for the doc site.

Call SSI.php before anything else.
How do I show a login/logout form?
How do I redirect users after they login/logout?
How do I restrict access to certain areas of my pages?
Extras

Hooking the SMF user system with external applications is a common issue people have. This document will help explain how to accomplish this. The first thing you will need to do is change the files that you are going to implement this on into php files. So if you have a .html or .htm extension proceding the filename of the file, rename the file with the extension at the end being .php. The reason for this is so that the php content can get parsed as php and not as html. You may ask yourself: By doing this, will it have any effects on my current page? Well the answer is no. Everything will show just the way it did before.


Call SSI.php before anything else.


Before you do anything else you must call the SSI.php included with SMF. This is usually added to a header.php file (if you have one). If you don't have a header file add it to the index.php or *.php file that you are using this on.
NOTE: This must be added before anything else on the file. Even before the tag.

PLAIN TEXT
PHP:
  1.  
  2. <?php
  3. require_once('/path/to/forum/SSI.php');
  4. ?>

This is what handles the users and a few other things. If you are interested in other functions take a look at ssi_examples.php located on your forums root Dir. If you need help finding the path to your file, please view the file ssi_examples.php through your web browser adding it to the root location to your forum address, so for example: name.com/forums/ssi_examples.php will show at the top the path you will need to use.


How do I show a login/logout form?


The first that you have to do is add a login box if they are not logged in. If they are logged in show a log out link. To do this you will need to use the

PLAIN TEXT
PHP:
  1. $context['user']['is_guest']

. This is an SMF variable that checks if the user is a guest. Other variables that are available are

PLAIN TEXT
PHP:
  1. $context['user']['is_admin'], $context['user']['is_mod']

.

This is how you would show the login form.

PLAIN TEXT
PHP:
  1. <?php
  2. if ($context['user']['is_guest'])
  3. {
  4.         ssi_login();
  5. }
  6. else
  7. {
  8.         //You can show other stuff here.  Like ssi_welcome().  That will show a welcome message like.
  9.         //Hey, username, you have 552 messages, 0 are new.
  10.         ssi_logout();
  11. }
  12. ?>

Add this where ever you want the login/logout form to show on your page.


How do I redirect users after they login/logout?


Sometimes you want to redirect your users to a specific page after they login/logout using the ssi_login()/ssi_logout() functions. To do this you need to edit the call for SSI.php. So if you have:

PLAIN TEXT
PHP:
  1. <?php
  2. require_once('/path/to/forum/SSI.php');
  3. ?>

It will become. (NOTE: Do not include a trailing slash with your domain)

PLAIN TEXT
PHP:
  1. <?php
  2. require_once('/path/to/forum/SSI.php');
  3. $_SESSION['login_url'] = 'http://yoursite.com' . $_SERVER['PHP_SELF'];
  4. $_SESSION['logout_url'] = 'http://yoursite.com' . $_SERVER['PHP_SELF'];
  5. ?>

If you have a query string on the link ex. (index.php?action=hello) use this:

PLAIN TEXT
PHP:
  1. $_SESSION['login_url'] = 'http://yoursite.com' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
  2. $_SESSION['logout_url'] = 'http://yoursite.com' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];


How do I restrict access to certain areas of my pages?


With SMF you can restrict access to certain areas of your pages. To do this you will have to make use of $context['user']['is_logged'], $user_info['groups'] and with SMF permission system.

This will be the example that we will use.

PLAIN TEXT
PHP:
  1. <html>
  2.         <head>
  3.                 <title>Some Title<title>
  4.         <head>
  5.         <body>
  6.                 <div>
  7.                         Some stuff here.
  8.                 </div>
  9.                 <div>
  10.                         Some other stuff here that you want to protect.
  11.                 </div>
  12.         <body>
  13. <html>

Simple check if the user is admin.

PLAIN TEXT
PHP:
  1. <html>
  2.         <head>
  3.                 <title>Some Title<title>
  4.         <head>
  5.         <body>
  6.                 <div>
  7.                         Some stuff here.
  8.                 </div>
  9.                 <?php
  10.                 if ($context['user']['is_admin'])
  11.                 {
  12.                         echo '
  13.                                 <div>
  14.                                         Some other stuff here that you want to protect.
  15.                                 </div>';
  16.                 }
  17.                 ?>
  18.         <body>
  19. <html>

Basically what that does is it checks if the user is an administrator, if they are, show the content, otherwise don't show anything at all to the user. If you want to show something if they are not admin just add an else statement after the } bracket. To change from just admin access to being logged in, change

PLAIN TEXT
PHP:
  1. $context['user']['is_admin']

to

PLAIN TEXT
PHP:
  1. $context['user']['is_logged']

.

How to restrict access to certain membergroups.
To do this you will need to find out the id of a group. To find out the ID, go to Admin > Membergroups and go over the membergroup and it will give you the ID. Admin is always 1, but is better to use

PLAIN TEXT
PHP:
  1. $context['user']['is_admin'].
PLAIN TEXT
PHP:
  1. <html>
  2.         <head>
  3.                 <title>Some Title<title>
  4.         <head>
  5.         <body>
  6.                 <div>
  7.                         Some stuff here.
  8.                 </div>
  9.                 <?php
  10.                 if (in_array(ID1, $user_info['groups']))
  11.                 {
  12.                         echo '
  13.                                 <div>
  14.                                         Some other stuff here that you want to protect.
  15.                                 </div>';
  16.                 }
  17.                 else
  18.                 {
  19.                         echo 'Sorry you are not allowed to see this.';
  20.                 }
  21.                 ?>
  22.         <body>
  23. <html>

The check here is

PLAIN TEXT
PHP:
  1. in_array(IDx, $user_info['groups'])

. That checks if id x is in the $user_info['groups'] array. If you want to use more that one user group you can change ID number to an $allowed_groups array. Then before that you do a foreach loop. It should look like this.

PLAIN TEXT
PHP:
  1. <html>
  2.         <head>
  3.                 <title>Some Title<title>
  4.         <head>
  5.         <body>
  6.                 <div>
  7.                         Some stuff here.
  8.                 </div>
  9.                 <?php
  10.                 $allowed_groups = array(1, 2, 3, 4, 5, 6);
  11.                 $can_see = FALSE;
  12.                 foreach ($allowed_groups as $allowed)
  13.                         if (in_array($allowed, $user_info['groups']))
  14.                         {
  15.                                 $can_see = TRUE;
  16.                                 break;
  17.                         }
  18.                        
  19.                 if ($can_see)
  20.                 {
  21.                         echo '
  22.                                 <div>
  23.                                         Some other stuff here that you want to protect.
  24.                                 </div>';
  25.                 }
  26.                 else
  27.                 {
  28.                         //message or section to show if they are not allowed.
  29.                         echo 'Sorry you are not allowed to see this.';
  30.  
  31.                         //If you want to redirect the user to another place you can use the redirectexit() function.
  32.                         redirectexit('www.simplemachines.org');
  33.                 }
  34.                 ?>
  35.         <body>
  36. <html>

The last method is with SMF permissions. Take a look at [url=http://www.simplemachines.org/community/index.php?topic=59366.0]this[/url]. Basically what you need to do is change the if statement to

PLAIN TEXT
PHP:
  1. if (allowedTo('my_permission'))

. The topic linked to above will give you more details on SMF permissions.


Extras

  • If you want to redirect you users to a certain page if they are not allowed there you can use the redirectexit(). This is similar to the login/out redirect but you can use it to redirect guests as well.
  • If you don't want to allow ban members to see content you can add
    PLAIN TEXT
    PHP:
    1. is_not_banned();

    after the call to SSI.php.

  • If you want to block the page completely from guest access add
    PLAIN TEXT
    PHP:
    1. is_not_guest('message or reason to login');

    After the call for SSI.php.