PmWiki | Cookbook / AuthPhpBB2

Summary: Use phpBB2 user authentication for PmWiki page edit protection and author name

Version: 1.0 (05 March 2007)

Prerequisites:

Status: Stable

Maintainer: Smc

Categories: Administration, Security, Forum

Questions answered by this recipe

Can I tie phpBB2 forum users to PmWiki editors?
If I'm using phpBB2 forum and PmWiki, how can I ensure only authenticated phpBB2 users can edit my PmWiki pages?

Description

AuthPhpBB2 permits user authentication via phpBB2 forum software to be used to edit protect PmWiki pages. Additionally your phpBB2 username is used as the PmWiki edit author name. Additionally, you can augment page permissions with PmWiki's in-built page attributes e.g. add a second level page edit and/or read protection e.g. perhaps edit protect the site sidebar and readonly protect the site blocklist from normal forum users.

It is anticipated that this recipe will work on any 2.x version of PmWiki or phpBB2 however the author has only specifically tested this on pmwiki-2.2.0-beta19 and phpBB2 2.0.22.

This recipe consists of two changes; firstly a cookbook plugin called auth_phpbb2.php for PmWiki and secondly a variant of the session.php file from the phpBB2 distribution. Please follow the procedure below to install this recipe. Additionally see the notes section below for design information and recommended future enhancements (should someone want to extend this).

An example of PmWiki and phpBB2 integration in action is over at Enginuity (http://www.enginuity.org). Note that page edit actions are not shown unless you have a user account or know the PmWiki administration password to override. Please feel free to request a forum login. Once you login for the forum, a page edit icon will appear on each Wiki page. Additionally the Author field will be set to your phpBB2 username.

Installation

The following instructions assume you have installed PmWiki and phpBB2 under the same web root e.g. /pmwiki and /forums. Also please pay attention to the phpBB cookie path setting below - with out it the cookie will not be presented to pmwiki.

Please download the following files locally: auth_phpbb2.php Δ (PmWiki), sessions.php Δ (phpBB2)
auth_phpbb2.php should be installed into your cookbook/ directory
sessions.php is a slightly modified version of the phpBB2/includes/sessions.php file. If you are using phpBB-2.0.22 then simply overwrite this file. Otherwise simply edit your original sessions.php file using your favourite editor, inserting the three sections of code marked by "SMC:". On inspection it will be obvious what to do - just insert my additional lines of (don't delete anything).

Configuration - phpBB2 forum

From the phpBB2 web Administration Console adjust the cookie path to slash - '/' (without the quotes).

Configuration - PmWiki

local/config.php should be appended with the line: $phpBB2cookie = 'phpbb2mysql';. Replace 'phpbb2mysql' with the 'Cookie name' found from the phpBB2 Administration Panel under General Admininstrion -> Configuration -> Cookie Settings. This line must be before the next one.
local/config.php should be appended with the line: include_once("$FarmD/cookbook/auth_phpbb2.php");
(Optional step) Edit your Wiki Site/PageActions page to remove the page edit link if you do not have 'edit' permissions. To do this with the default PmWiki install add the following 'if' lines around the edit link.
```
(:if auth edit:)
* %item rel=nofollow class=edit      accesskey='$[ak_edit]'%      [[{*$FullName}?action=edit   | $[Edit] ]]
(:if:)
```
If you already had an installation of phpBB2 then you will need to logout and backin again so the cookie can get updated with some additional information. If you do not do this you will not have edit permissions!

Design Notes

The idea is to extend the existing phpBB2 session cookie set during the authentication stage. I basically add the username to this cookies' serialised information. I use the existance of the cookie to set an authentication flag. This flag is used within this recipe to check if we have edit permission. Additionally PmWiki's $Author variable is set to your username extracted from extended the phpBB2 cookie.

session.php is from the phpBB-2.0.22 distribution. I'm adding a new 'username' element to the existing cookie array which gets serialised. auth_phpbb2.php is based on PmWiki's core authuser.php. I basically override PmWiki's '$AuthFunction' with my own variant. It checks for the phpBB2 authentication cookie which is configured via the '$phpBB2cookie' variable. If the cookie is found and we can extract the username set from above then we set PmWiki's '$Author' variable accordingly.

Future Enhancements

Improve the code so we do not need to alter the 'session.php' phpBB2 file. If I wasn't a newbee php hacker I would have written some php to extract the username directly from the pbpBB2 database using SQL - we have the userid. We could add this code to the 'auth_phpbb2.php' script making the integration much cleaner.
Enhance the 'auth_phpbb2.php' script so that you can override edits by manually adding ?action=edit to a URL and entering the site admin password. his does not work for some reason at this point in time. Although if you set an edit password on a page then this works correctly and overrides the forum authentication forcing forum users to also enter a PmWiki page password.
Perhaps alter user permissions within PmWiki based on what forum authentication group you are in. Perhaps consider that all forum 'Admins' have additional permissions within PmWiki.

Release Notes

Version 1.0 - 05 March 2007

Comments

hfwang, march 6, 07 Very Nice! Now IF the search options in both apps could be interchangeable that would be fantastic!
Smc, Mar 07 2007, Thanks. Search was something I looked at but don't have a solution yet. For information take a look at the PhpBB2Integration recipe I just wrote up.
This mod is exactly what i've been looking for (if I can get it to work). After installing and configuring your files, I deleted cookies and re-logged into phpbb, but the old password request form still shows up when clicking edit. It doesnt accept the admin password or the phpbb password; locking me out of edit. Some of my pages are admin read only and I can see those, but can't edit them. Config edit password has been deleted. Yes, I double checked the name of the cookie -Steve
http://www.kitebuilder.com/wiki/pmwiki.php
Smc, Mar 08 2007. Sorry to here you don't have this running. Perhaps I can help. Please enable diagnostics mode on your wiki so I can add ?action=diag so I see more of what is going on. From a quick look at what I can 'see' on your site and what I've done on mine I have the following suggestions; (a) you may need to move your forum software so its at the same level as the wiki e.g. at the top level you would have the 'include' and 'template' directories for phpBB and also the pub, wiki.d, local, etc directories from PmWiki. My reason is because the cookie being set on your site for phpBB2 has a path set to /forums. I think this means it will not be presented/available to PmWiki as it is not in the same 'path'. (b) It looks like you don't have the extended information in the cookie, I'll know for sure if you enable diag mode. Your looking to see 'username' in this cookie in addition to 'userid' - I only see userid. (c) You say you've already checked your cookie name so I assume you have set your $phpBB2cookie variable (above) to 'kitebuilde' (note the missing 'r')? You will be looking at the 'kitebuilde_forum_data' cookie.

So in summary, three things initially that spring to mind. I'll keep a look out here to see how you have got on.

Thanks for your help Smc, I got it to work. The correct sessions.php was at includes/sessions.php. Also the cookie path in phpbb needed to be set to "/". This mod now works perfectly. Thanks again. --SteveF
Wubbo, Jan 22 2008: Although I don't need this functionality for my particular PmWiki at work, it is an excellent idea! Bravo!

AuthPhpBB2