Checking if Someone is Logged into MyBB

I run a little web forum that uses MyBB. I’ve been building some tools for members of the forum to use and thought it would be good to restrict access to those tools to logged in forum members. Turns out this was VERY easy to do. MyBB drops a cookie for logged in users called mybbuser. This cookie contains data in this form:

uid_loginkey

uid and loginkey are columns from the MyBB users table. So, checking if someone is logged into MyBB is simply a matter of checking for the existence of the mybbuser cookie which can then be exploded to select the users details from the MyBB table. Here’s some code I knocked up in PHP to select the MyBB username if the user is logged into my forum.

<?php 
	if (isset($_COOKIE['mybbuser']))
	{
		
		$user_details=$_COOKIE['mybbuser'];
		$user_details=explode("_",$user_details);
		
		$database="database_name";
		$server="localhost";
		$user="mysql_user";
		$password="password";
		$table_prefix="mybb_";
		
  	        $link_id = mysql_connect($server,$user,$password);
         	@mysql_select_db ($database);	
		
		$username='';
		
		$result=mysql_query("select * FROM ".$table_prefix."users where uid=".$user_details[0]." and loginkey='".$user_details[1]."'");
		if ($result)
		{
	  	if (mysql_num_rows($result)>0)
	  	{	
		  	$row=mysql_fetch_assoc($result);
				$username=$row['username'];
			}
		}

	}
	
?>

You can now use that username anywhere in the web page. Or use it as a conditional check to display certain content to logged in MySQL users and different content to non logged in users.

This entry was posted in php, web servers on by .

About markn

Mark is the owner and founder of Timesheets MTS Software, an mISV that develops and markets employee timesheet and time clock software. He's also a mechanical engineer, father of four, and a lifelong lover of gadgets.