I have a website with both future-bb forums and a wiki, and I need the wiki account to be synced with the forum ones and I need a confirmaccount mod that makes sure it's the same username. I'm asking you because you know more about Future BB than I do.

FutureBB currently doesn't have any sort of API (once again, this would go against the simplistic design philosophy), so doing this would require accessing the database directly. In order to do this, you either need to create an extension that implements a basic authentication API or you need to access the database directly from MediaWiki.

Jacob G.
Executive director and co-head developer

So if I made them use the same database then that would work?

Well, couldn't there just be a "user verification post" and it just goes directly thru the html?

You could do either of those things, but putting them on the same database would be more convenient to the user. Alternatively, you could try using PHP sessions to link the systems, as I did on a similar system.

Jacob G.
Executive director and co-head developer

If they have the same session, they are who they say they are?

The session information in PHP only stores what you put in it. FutureBB actually doesn't use PHP sessions at all, instead just using an authentication cookie (meaning that the session data won't tell you anything about the FutureBB login state). However, you could pretty easily retrofit it to store the current FutureBB user information in session data and then access that from MediaWiki.

You can read more on how PHP sessions work in the PHP documentation.

Jacob G.
Executive director and co-head developer

But if the session ID is a text file, then can't an imposter just change it?

Also, please move the forum to "TEch help" as it is basically all we are doing.

The session id is stored in a cookie, and you can indeed change it. However, you can counter this by periodically changing the session ids whenever the user logs in, thereby deleting any imposter sessions. You can also tie other data to the session (such as the user's browser type/version, IP address, etc.) and disregard any data stored in it if it doesn't match.

Jacob G.
Executive director and co-head developer

But you could change it, not log in to the forums, then request an account?

Well, the IP thing is a good idea. Both futurebb and MediaWiki can see your IP. In FutureBB 1.4, please make it so that IPs are in the cookie for me.

Should I install the CheckUser extension for proper logging?

I still don't think you quite understand how PHP sessions work. What is stored on your computer is just an id, and that id is associated with a session on the server. If you change your id to something besides what it is, chances are it will just point to a non-existent session, in which case the server will create a new one and populate it as necessary, but it will start off blank (i.e. without another user's data). It is possible to try to steal the session id of another user, but there are various measures to combat that as I explained earlier.

The problem is that many people log in from multiple IP addresses (for example, I have a laptop that I use both at home and at school, and I don't want to have to log back in every time). In FutureBB, what's used instead is a login hash system, where there is a random hash on the server for each account, and that is stored in the user's cookie, encoded with the user's browser type (it's very specific, and therefore not a walk in the park to forge), and a user can sign out all other sessions by updating the login hash on the server (meaning all the other cookies will suddenly become invalid and lead to a non-logged-in user).

It's always a good idea.

Jacob G.
Executive director and co-head developer

Oh, browser type! So that's why when I switch browsers from Firefox to Opera (on my Mac, of course) I am not logged in.

So, I just need to have the extension do the same thing, and it will work?

Edit: 555th post!

Well, that and the fact that the cookies most likely don't transfer over unless you configured it to do that yourself.

Yes, you could write an extension to do that. If you want to see an example of how to write an extension, you can see the ones we already have. We will include a guide on how to make extensions with the release of FutureBB 1.4 (which has finally entered testing).

Jacob G.
Executive director and co-head developer

I didn't mean a futurebb extension I meant a MediaWiki one.

All you really need to do on the MediaWiki side is hijack any queries for user information. I did this very simply for a project I'm doing. For example, to hook into logins, I do:
SELECT `email`, `id` FROM `futurebb_users` WHERE `username`=<username> AND `password`=<sha1 of password>
For a lookup by username, just do SELECT * FROM `futurebb_users` WHERE `username`=<username>.

Fairly simple to do DB lookups - I don't know how easy it is to hook into MediaWiki (haven't used it in forever).

The DB lookups in FutureBB aren't so bad, but MediaWiki as a whole is ridiculously complicated. I once did tie a Wiki into a FutureBB system, but that took me several days and had a lot of bugs, and I had to use session data to transfer information across softwares.

Jacob G.
Executive director and co-head developer

And you're just telling me NOW?!?! That would've been good to know ages ago.