Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

AuthPhpBB3

Summary: Use phpBB3 user authentication for PmWiki
Categories: Administration, Security, Forum

Questions answered on this page

How do I use a phpBB 3.0 Olympus database to authenticate users for PmWiki? Starting with phpBB 3.0 Olympus RC7, the password encryption has changed from that used in phpBB 2!

Limitations

  • This page does not explain how to coordinate cookies/sessions between phpBB 3.0 and PmWiki. Users will be asked to log in separately to the forum and wiki.
  • This page does not coordinate groups between phpBB and PmWiki. It only deals with users.

Summary of Steps

  1. Download and install PmWiki. I think version 2.1 or greater should work.
  2. Download and install phpBB 3.0.
  3. Download the ADOdb Database Abstraction Layer for PHP and unpack into your cookbook folder.
  4. Download the Portable PHP Password Hashing Framework and unpack into your cookbook folder.
  5. Download the Database Standard Recipe and place in your cookbook folder.
  6. Download the Authuser Database Recipe and place in your cookbook folder.
  7. Edit your config.php file to use all of this stuff!
  8. Password protect pages.

When doing the installs in steps 1-5 do not do any of the set up just place the files. Step 8 covers all set up.

Step 1

  1. Download Pmwiki.
  2. Follow the instructions for installation.

Step 2

  1. Download phpBB 3.0.
  2. Follow the instructions for installation.

Step 3

  1. Download the ADOdb Database Abstraction Layer for PHP. Alternately, ADOdb Lite may work as well and has a smaller footprint...but I have not tested this.
  2. Unpack the files into your cookbook folder.

Step 4

  1. Download the Portable PHP Password Hashing Framework.
  2. Unpack the files into your cookbook folder.

Step 5

  1. Download the Database Standard Recipe.
  2. Place the script into your cookbook folder.

Step 6

  1. Download the Authuser Database Recipe.
  2. Rename the script to "authuserdbase.php".
  3. Place the script into your cookbook folder.
  4. Edit the page SiteAdmin.AuthUser (i.e. SiteAdmin.AuthUser?action=edit) and add the following on its own line:

        AUD: required for AuthUserDatabase

Step 7

  1. Check that you have the following folder structure for your wiki:

    /cookbook
  /adodb
    /a-bunch-of-adodb-files
  /phpass
    /a-few-phpass-files
  /adodb-connect.php
  /authuserdbase.php
/local
  /config.php
/scripts
  /authuser.php
  2. Edit the following config.php section as indicated:

    # optional, but handy for limiting what users can do
$GroupPattern = '(?:Site|SiteAdmin|PmWiki|Main|Profiles)';

$Databases['phpbb_db'] = array(
 'driver' => 'mysql', # what type of database?
 'hostname' => 'localhost', # what hostname? ...localhost should work for most people
 'database' => 'phpbb_db', # what database?
 'username' => 'phpbb_db_user', # what username?
 'password' => 'phpbb_db_password'); # what password?

$AUDBaseTable['database'] = 'phpbb_db'; # should match database from above
$AUDBaseTable['user_table'] = 'phpbb_users'; # should be phpbb_users for standard setup
$AUDBaseTable['user_field'] = 'username'; # should be username for standard setup
$AUDBaseTable['pw_field']   = 'user_password'; # should be user_password for standard setup
$AUDBaseTable['encrypt_f'] = 'phpass'; # DO NOT CHANGE

# DO NOT CHANGE THE FOLLOWING FUNCTION (except the 1 path)
function phpass($pasw)
{
	global $DB, $AUDBaseTable, $_POST;

	# Query Preparation
	$u = $AUDBaseTable['user_field'];
	$p = $AUDBaseTable['pw_field'];
	$t = $AUDBaseTable['user_table'];
	$id = AUD_Safe($_POST['authid']);
	$query = "SELECT $p FROM $t WHERE $u=$id";

	# Query Database, Get Hash
	$result = $DB[$AUDBaseTable['database']]->Execute($query);
	$hash = $result->fields[0];

	# Return Encrypted Password
	include_once("$FarmD/cookbook/phpass/PasswordHash.php"); # what path to PasswordHash.php?
	$hasher = new PasswordHash(8, TRUE);
	return $hasher->crypt_private($pasw, $hash);
}

include_once ("$FarmD/cookbook/adodb-connect.php"); # what path to adodb-connect.php?
include_once ("$FarmD/cookbook/authuserdbase.php"); # what path to authuserdbase.php?
include_once("$FarmD/scripts/authuser.php"); # should be correct for standard setup
  3. Copy and paste the section toward the END of the config.php file.

Step 8

  1. As a primer on PmWiki passwords, I might suggest you skim the following pages:
  2. A suggestion would be to lock down all of your groups using @lock, as explained on Passwords. Then you can open back up options as you see fit.
    Actually this may not be a recommended procedure, because that would leave any as-yet-undefined group potentially open. So lock down read &/or edit on your entire website in config.php with @admin, then open groups or pages to users on an as-needed basis as described below. --XES
  3. Typical use will involve appending ?action=attr to a page (or group) and using id:*. This will allow any authenticated user to edit, view, or change attributes for a particular page or group.

Examples

  • Limit who can edit pages of the Main group to users registered on your phpBB 3.0 forum:
    • http://www.somewebsite.com/wiki/Main/GroupAttributes?action=attr
    • Add id:* to the edit section and save.
  • Limit who can edit a particular page (SomePage.html) to a particular registered user (Alice) on your phpBB 3.0 forum:
    • http://www.somewebsite.com/wiki/Main/SomePage.html?action=attr
    • Add id:Alice to the edit section and save.

Demo

The setup explained on this page is activated for the Snakes of Arkansas website.

Comments

I hope you find these instructions beneficial. Please email me if you find anything in error and I will try to figure it out. ~Kory February 1, 2008

This has been a great help thanks. I had a problem though with the PasswordHash.php functions which did not work for me. Instead, I found the relevant functions in phpbb3's functions.php file (_hash_encode64, _hash_crypt_private and the $itoa64 value) and I replaced PasswordHash.php with them. There must be a slight difference between them. My server only has php 4 so that might be one reason. I also added an extra condition to the $query - " AND user_type<>1 " so that users who have not been activated cannot logon. -- BarryB June 24, 2008

I think BarryB may have had this problem because the phpass file is set to $P$ hashing and phpbb used $H$ hashing. -- ChrisC 13 July 2008. Am currently atempting to make this work myself so will confirm - but feedback welcome.

Bug check - I belive the line $AUDBaseTable['user_table'] = 'phpbb_users'; should be $AUDBaseTable['user_table'] = 'users'; Based on my 3.0.1 version on phpbb. ChrisC

Hi ChrisC, my 3.0.1 installation of phpbb has table 'phpbb_users' so I don't think this is a bug, maybe just differences in setup. It is all working perfectly for me at the moment. I am thinking about how to get the phpbb groups recognised in pmwiki now... BarryB 26 July 2008.

Hi, all. I can confirm that in phpbb3 $P$ was changed to $H$. Even official site of phpass has some words about this. Also, 'phpbb_users' is true for default forum installation. If you changed table prefix from "phpbb_", you need to do same thing here. -- Killy 10 Aug 2008.

I've made an extension which supports users and groups. See AuthPhpBBUsersAndGroups. Hope it is helpful. -- BarryB 1 Sept 2008.

Hey guys I'm stuck (its not authenticating), could use some expert advice. You can reach me at webmeister@dreamsnare.com or the forums at http://dreamsnare.com/(approve links) I can email a copy of my config.php, Not sure where the disconnect is, I'm getting an error message back "Name/password not recognized "

Edit - History - Print - Recent Changes - Search
Page last modified on October 12, 2008, at 08:34 AM