AuthUserDbase-Talk

Summary: Enables user authentication via database
Version: 1.0, 2.0 below
Prerequisites: AuthUser (2.0 requires DatabaseStandard and ADOdb)
Status: beta
Maintainer: BenWilson XES
Categories:

Link to main topic: AuthUserDbase

Skipping email validation

I run a wiki where basically anyone should be able to log in and administrate their own accounts. I want to disable email validation and do validation/invalidation manually. How can that be accomplished with authuserdbase ?

Oskar - April 11th 2007

Hi, Oskar. The script can be edited so that the email is never sent out, and the database can be modified by hand. Alternatively, you can change the address the email is sent to, so that you'd know when someone is trying to register yourself and be able to click the validation link to authorize the user. That would be easier than manually updating the database. You would change the line with the mail() command to permanently point to your own email address, the notices would then go to you, with a link to click and that would validate the accounts. Does that help?

XES April 11, 2007, at 10:13 AM


I can't seem to get this recipe to work. I'm trying to use a pre-existing database with passwords encrypted using md5. I put all the relevant database information into local/config.php, put the line into Site.AuthUser (cut and pasted the entire line from the comments in AUD that say to add it in), uploaded adodb, put in all the local/config.php stuff for the database standard, and pmWiki asks for a username and password, but doesn't recognise the ones I put in. I've tried a couple of bits of tinkering with the code, and tried 1.0.02 as well as 2.0.1, but can't get pmWiki to recognise the username/password combos in my database. Is there something I'm overlooking, or is the recipe broken? - Steve, 8th March 2007

Doesn't work for me, I've set everything up as described, but when I set a page's attr password(s) to a user, then reload the page, I get "Fatal error: Call to undefined function: adodbconnect() in /home/sourcera/public_html/members/wiki/pmwiki-2.1.26/cookbook/AuthUserDbase-2.0.0.php on line 280"

Any ideas?

Lawrie 25 November, 2006

I am not 100% certain it works. I'm not sure I'll be trying it in the very near future, but I'll post any fixes if I come across anything. I have been very busy. I'm sorry about the delay. If you tell us which application you're using it might help. When I created something for a vBulletin installation it was not standard MD5 but 2 MD5 encryptions, with a "salt" -- definitely not straightforward MD5. You may have to dig around in the application to figure out how they encrypt the passwords. XES March 08, 2007, at 07:15 PM
The app in question is a forum called Quicksilver, and it is definitely standard MD5 encryption (that's what the coding says, and I double-checked that my encrypted password on the database was the MD5 encryption of my password. More digging on my part has failed to find the cause of the problem. - Steve, 29th March 2007

How do I use ?action=attr or $DefaultPasswords with the db connection, or any other external user account source? It's not working for me yet, but I think this is the missing link. Thank you -- Derek 31 Oct, 2006

Just out of curiousity where does the code for authenticating against a phpbb DB go? A separate php script, or just a local script? Thanks. Jared 2006-10-23

This recipe is what I have been waiting for. There are however two items that need better documentation - the $AUDBaseConditional variable should be documented; and does the include statement for AuthUserDbase need to be before or after the include for AuthUser in the config.php file? AKc, 30jun06

This recipe really improves PmWiki's permission system. Unfortunately I couldn't make it work. For example, I've no error message when I indicate a false database. I'll try to change the code but it's not easy to display anything (where's the login form in pmwiki?). Helene, 2006-07-19.

I think I found 3 typos in authuser_dbase-1.0.php: 1) line 125 - $AUDBaseEngine should be added to the list of globals. 2) line 143 - should read $u='$id' not $u='$i'. 3) line 155 - should read $AuthUserDatabase not $AuthUserDBase. Even with these corrections I am unable to make this recipe work. AKc, 26jul06

From what I can tell, the AuthUserDatabase function is never executed.
I agree with Helene, this recipe is a great idea. Unfortunately it needs some work to properly integrate with the AuthUser script.
AKc, 30jul06

I finally found a way to make this recipe work!
authuser_dbase-1.0.02.phpΔ is my updated version of the code. Please note that a one line change to scripts/authuser.php is needed as explained in the comments within the script. Also, setting the variables and the include statement for authuser_dbase needs to be before the include for authuser.php in the config.php file. I should note that I am using MySQL. I have not tested the Postgresql part of the script.
AKc, 06aug06

PLEASE don't alter scripts.php -- you don't need to! Just add $AuthUserFunctions['mysql'] = "AuthUserDatabase"; to your config.php!

For PostgreSQL and PHP 4.4.3 i had to change the AuthUserPgSQL function to:

function AuthUserPgSQL($ask) {
    global $AUDBaseDBase;
    $conn = pg_connect(
        "host=$AUDBaseDBase[host] "
        . "dbname=$AUDBaseDBase[db] "
        . "user=$AUDBaseDBase[user] "
        . "password=$AUDBaseDBase[password]"
    )
        or AuthUserDBaseError('conn',pg_last_error());
    $the_result = pg_query($conn, $ask);
    $result = pg_fetch_assoc($the_result)
        or AuthUserDBaseError('query',mysql_error());
    return ($result['authorized']) ? true : false;
}

Really simple, had to get an intermediary connection object and then run a pg_query. Works though, and that's all i had to change to get it to work w/ postgres! ~bh2 Sept 7, 2006

The change to scripts/authuser.php isn't needed, and will make it more difficult to upgrade. Instead, add this to config.php BEFORE calling scripts/authuser.php:

$AuthUserFunctions['mysql'] = 'AuthUserDatabase';
note that in authuserdbase.php this IS set already: SDV($AuthUserFunctions['AUD'], 'AuthUserDatabase'); and that either "AUD" or "mysql" must be used in your SiteAdmin/AuthUser to tell AuthUser which method to use -- if you stick with the default AUD make sure it's AUD in AuthUser (as described in my instructions) -- if you change this to "mysql" you must use "mysql: required for AuthUserDatabase" instead!

XES

Impact of recent UserAdmin changes for Profiles?

Recent changes and discussion regarding user Profiles that involve AuthUser, UserAdmin and possibly others seems to be pretty significant and may have an impact on installations that use AuthUserDbase, especially if they might consider collecting profile info on their users. I am interested in that capability, whether through the database or thru the flat files. How do / will these new features impact or work with AuthUserDbase?

~bb June 29, 2010

Auth Against phpBB

$AUDBaseDBase = array (
	'host' => 'localhost',
	'db' => 'phpbb',
	'user' => 'phpbb',
	'password' => 'MySecretPassword');

// change these values to the values for your existing database
$AUDBaseTable = array(
	'table' => 'phpbb_users',
	'userfield' => 'username',
	'pwfield' => 'user_password');


include_once("cookbook/authuser_dbase-1.0.php");

$AuthUserFunctions['mysql'] = 'AuthUserDatabase';
$AuthUser['mysql']=true;
// afterward include authuser.php
include_once("scripts/authuser.php");// LDAP-Login aktivieren

It works that simple, really! -- mik

Auth Against phpBB 3.0 Olympus

Starting with phpBB 3.0 Olympus RC7, the password encryption has changed! The following instructions assume you have already set up the basic recipe. If you need full instructions, please refer to AuthUserDbase-talk-phpbb3.

1. Download the phpass framework and dump it into your cookbook directory.

2. Change the password encryption scheme from the default 'md5' to an admin-defined fuction:

$AUDBaseTable['encrypt_f'] = 'phpass';

3. Add the following function to your config.php file:

# Function required for authentication using phpbb 3.0 database
function phpass($pasw)
{
	global $DB, $AUDBaseTable, $_POST;

	# Query Preparation
	$u = $AUDBaseTable['user_field'];
	$p = $AUDBaseTable['pw_field'];
	$t = $AUDBaseTable['user_table'];
	$id = AUD_Safe($_POST['authid']);
	$query = "SELECT $p FROM $t WHERE $u=$id";

	# Query Database, Get Hash
	$result = $DB[$AUDBaseTable['database']]->Execute($query);
	$hash = $result->fields[0];

	# Return Encrypted Password
	include_once('cookbook/phpass/PasswordHash.php'); //edit to point to cookbook
	$hasher = new PasswordHash(8, TRUE);
	return $hasher->crypt_private($pasw, $hash);
}

~Kory -> mailto:webmaster [snail] snakesofarkansas [period] com February 1, 2008

See Also

=====================================================================

I have had no luck getting this to work. I am confused. Where should I call an include for /scripts/authuser.php? There is no mention in the list for installation in 1.0.02, yet aKC mentions it above?

Do I set these values in config.php exactly as below? I mean with the i. ii. iii. or do i just use the $AUDBaseDBase onwards?

Perhaps someone can post a sample config.php with the changes?

Thanks!

    a. $AUDBaseEncryption (defaults to md5).
  1. b. $AUDBaseDBase (array)
  2. i. $AUDBaseDBase['host'] (defaults to 'localhost')
  3. ii. $AUDBaseDBase['db'] (no default)
  4. iii. $AUDBaseDBase['host'] (no default)
  5. iv. $AUDBaseDBase['user'] (username to access database)
  6. v. $AUDBaseDBase['password'] (password to access database)
  7. c. $AUDBaseTable (array)
  8. i. $AUDBaseTable['table'] (authentication database table)
  9. ii. $AUDBaseTable['userfield'] (user field in the authentication
  10. table)
  11. iii. $AUDBaseTable['pwfield'] (password field in the
  12. authentication table)

=================================================================================


Version 2.x


Folks, these instructions are hopelessly confusing. Could someone please clarify how to get this recipe to work with the latest version (for me, using phpBB)? We seem to be on 2.0, yet different versions are referenced throughout this and related pages. The reason why I tried out pmwiki was because I thought I could get it to work with phpBB -- but for hours now I've had nothing but problems. I have faith, though.


What are you having problems with? I worked hard to document this recipe. You want the first set of instructions, "Settings for using another program's database for authentication" -- since no one has contributed information for using it with phpbb, and I'm not using the recipe for sharing user databases with other programs, you will need to do some investigation into the phpbb database to find 1) the name of the database, 2) the name of the user information table 3) the name of the field with the username 4) the name of the field with the password.

There is a discrepancy for the installation of the recipe. It requires the recipe under DatabaseStandard -- including ADOdb, which has a link on the DatabaseStandard page. This is listed under Prerequisites on the AuthUserDBase page. I didn't include

 include_once "$FarmD/cookbook/adodb-connect.php";

in the recipe, and didn't document the requirement on the AuthUserDBase page. I'll make the correction.

If the instructions are too confusing, can you point out where the confusion is?

Thank you,

XES December 28, 2006, at 09:12 AM

Addendum: I fixed the recipe to explicitly rename the downloaded file, and fixed the instructions to apply to only the latest version. Not sure why an older version's include_once was in there. Instructions now rename the download to authuserdbase.php. The file on the server is going to still have a version number so that older versions may be downloaded.

XES December 28, 2006, at 09:24 AM


Thank you XES. My first question is why do we need ADOdb? Is it just being used as an abstraction layer to the mySQL database? Also, what if a user is already logged in through phpBB and has a valid session? Does this recipe account for that case or will the user need to log in again? How does someone log off?

I am prepared to take this to another level (ie write my own integration recipe designed for phpBB), but as I am new to pmWiki, I'm not sure where to begin. Again I was really looking for a smooth road on this. Perhaps this recipe can be worked on. I'm more than willing to put in some time, but I'll need some help. --Tod McKenna?


ADOdb is being used as an abstraction layer so that people can interface with many different databases -- it's no longer limited to MySQL -- but I used MySQL as the example for the standalone since that's what I tested it out with. People can use PostgreSQL, SQLite, MSSQL, etc. -- but if you were using it as a stand-alone authentication package, the same fields would be needed to work "out of the box" with the recipe. You are not -- so you don't need to worry about that. PHPbb uses MySQL, but other people may want to use other databases, so it's an abstraction layer to any supported database.

Sharing authentication with AuthUserDBase: PmWiki using this recipe does not share sessions with the external program, the programs are side-by-side sharing an authentication list, and PmWiki does not manipulate the list (except when being used as a standalone package). The user must authenticate to PmWiki and PHPbb (or other software) separately. I wish it would be easy to have a single-sign-on for sessions, but that's not the case -- and this recipe is not specific to any particular external program's authentication system. It would theoretically be possible to work out how PHPbb and PmWiki track authenticated users, and have them share the information, but that would be a separate recipe specific to PHPbb. You can certainly do this if you can figure out how; I'm sure that you could ask Patrick more about how PmWiki sessions/authentication are tracked.

"logoff" is any link to url/pmwiki.php?action=logoff -- I have a sample for this in the recipe where an authenticated user sees a screen for changing their password -- but there's also a link for logging off on the form. It's just a link.

I suggest you join the user list and developer list (see "Mailing Lists" in the sidebar) for more information about how PmWiki works and to ask questions of the core & plug-in developers. They can answer questions or point out the correct documentation for the user validation in PmWiki. It's also possible that Patrick (the core developer) may need to add functionality to the core to allow PmWiki to authenticate through a different program. I'm not sure.

I hope the recipe works out better now!! Let me know!

XES December 29, 2006, at 09:26 PM (Crisses)

This stuff is way too hard for me. I was excited to see "Auth Against phpBB 3.0 Olympus", which is exactly what I'm trying to do, except every step I go back seems to mean there are three prerequisites before that. Could someone please assume I know absolutely nothing and explain it all on one single page how to get PmWiki to use the existing usernames and passwords that are already in a phpbb3 database? I don't need cookies or sessions or any of that if it means more aggravation for me. I don't mind making my users log in twice so long as they only have to register once over at phpbb3. - X 1/18/07

Try this -- AuthUserDbase-talk-phpbb3 ~Kory -> mailto:webmaster [snail] snakesofarkansas [period] com February 1, 2008


I got this recipe to work, with some banging my head against the wall. My apologies for the delay, I've made corrections to the instructions throughout and posted a sample standalone configuration. Note, I don't use this to connect to other applications' data. On my possible wish-list in the future is hooking up to the ZenCart user database for PmWiki authentication. AuthUserDbase breaks with adodb for php5. I haven't tested it with the latest ADOdb versions -- I grabbed an older version off a server known to be successfully using AuthUserDbase. It warrants looking into upgrading compatibility or at least checking whether the recipe works with the adodb php 4/5 hybrid. XES July 02, 2008, at 09:49 PM


Ok, so I'm still a very STRONG newb to PMWiki and am collecting my thoughts in order to understand what this recipe could do for me. Basically, I'm setting up a wikisite where people would enter it via a single username and password that I provide them (a one size fits all approach). However, if they want to edit anything, they have to register first. So, I will need them to self-register and to receive an e-mail automatically from me which would give them a password. However, they have to have a specific e-mail host that I would specify such as @example.com. Is that something I could do this with recipe? Sorry if my point sounds quite stupid, however, I'm trying to figure things out here and am trying to self-teach myself about PhP programming at the same time! Thanks, Chris Sept. 7, 2008


Contributors

Talk page for the Account Management Page recipe (users?).