XesAuthUserDbase

Summary:Stand-Alone version of AuthUserDbase
Version:0.2
Prerequisites:MySQL, AuthUser
Status:deprecated
Maintainer:XES
Categories:Security Obsolete

Note

Deprecated recipe! The functions provided by this recipe have been updated and rolled back into the parent recipe AuthUserDbase

Questions answered by this recipe

This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer. How can I have users sign-on and maintain their own registration and password information, receive email validations, and have their information stored in a database?

Description

Stand-alone MySQL user authentication.

Other database recipes require the admin to either hand-edit entries, or more likely have a separate program or application from which PmWiki is sharing usernames and passwords. This recipe allows the use of MySQL as a stand-alone authentication system, where users can sign up, validate themselves by email, change their password or email address, and request lost password changes.

xes_authuser_dbase.phpΔ

Notes

Important: Postgresql is currently NOT supported.

Supercedes and includes all functionality from AuthUserDbase. This is built directly with AuthUserDbase code. If you had AuthUserDbase running, see configuration below to make alterations.

Should support language packs -- mostly. The email validation system is not currently set up for language packs, but can be configured in config.php

Features

  • add user to database
  • email validation link to user
  • validate user
  • user may update their own password
  • user may

Installation

  • Requirements:
    • MySQL (suggested table creation SQL in .php file and below)
    • config.php changes as below
    • edit Site.AuthUser
    • sign-in forms (suggested forms below)
    • language changes as needed

MySQL

You need a database available for this recipe. The examples given use the following table as described in SQL. Feel free to rename fields or use your own table, as appropriate, but keep in mind you will need to alter other configuration variables as needed.

Suggested SQL:

CREATE TABLE `pmwiki_users` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(30) NOT NULL default '',
  `password` varchar(60) default NULL,
  `validatecode` varchar(60) default NULL,
  `signupdate` date default NULL,
  `email` varchar(60) default NULL,
  `validatefield` tinyint(1) default '0',
  PRIMARY KEY  (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM AUTO_INCREMENT=24 DEFAULT CHARSET=utf8
Note: using the "table prefix" "pmwiki_" is in following with what has become a mysql programming convention so that multiple programs in the same database don't step on each other's toes. You may see "moodle_", "phpbb_", and so on.

config.php

// Set up database settings before calling scripts
$AUDBaseDBase = array(
	  'host'      => 'localhost',
	  'db'        => 'pmwiki',
	  'user'      => 'pmwiki_dbase_user',
	  'password'  => 'myPmWikiP@ssW0rd'
);

// Must be before the xes_authuser_dbase.php call
$AUDBaseTable = array(
	  'user_table' => 'pmwiki_users',
	  'user_field' => 'username',
	  'email' => 'email',
	  'pw_field'   => 'password',
	  'validate_code' => 'validatecode',
	  'validate_field' => 'validatefield',
	  'date_joined' => 'signupdate',
);

// Must come before authuser.php call
include_once ('cookbook/xes_authuser_dbase.php');

// Must come before authuser.php call
$AuthUserFunctions = array('mysql' => 'AuthUserDatabase');

// Must come after the other items!
include_once('scripts/authuser.php');

Site.AuthUser changes

Edit Site.AuthUser and add the following line:

mysql: required for AuthUserDatabase

Forms

Create a sign-up page in Wiki, such as Main/Logins or Site/AccountManagement. You can split the forms out to multiple pages if desired, but the variables and hidden values below need to be assigned, and messages need to be included so that the user knows if their passwords matched, account was found, etc.

(:messages:)

(:title Account Management Page:)

(:if !authid:)
!!!User Login
(:input form {$PageUrl}:)
(:input hidden action login:)
||     Name:||(:input text authid:)    ||
|| Password:||(:input password authpw:) ||
|| ||(:input submit value="OK" class="inputbutton":) ||
(:input end:)

-----
(:div style='text-align:justify; float:left; valign:top; width:48%; padding-right:2%;padding-bottom:5px;':)
!!!New User Registration
(:input form method=post action={$PageUrl} :)
(:input hidden name=xes_AuthUser value=addnew:)
(:input hidden name=xes_returnUrl value={$PageUrl} :)

|| Username:||(:input text xes_username size=20:) ||
|| Password:||(:input password xes_password size=20:) ||
|| Repeat Password:||(:input password xes_dupepassword:) ||
|| Email:||(:input text name=xes_email value="email" size=20:) ||
|| ||(:input submit name=post value="New" accesskey=g:) ||
(:input end:)
(:divend:)
(:div style='text-align:justify; valign:top; float:left; width:48%; padding-right:2%;padding-bottom:5px;':)
!!! Change Password Request
An email with a new validation code will be sent to you.

(:input form method=post action={$PageUrl} :)
(:input hidden name=xes_AuthUser value=reregister:)
(:input hidden name=xes_returnUrl value={$PageUrl} :)

|| Username:||(:input text name=xes_username size=20:) ||
|| Email:||(:input text name=xes_email size=20:) ||
|| New Password:||(:input password xes_newpassword:)||
|| Repeat Password:||(:input password xes_dupepassword:)||
|| ||(:input submit name=post value="Change" accesskey=g:) ||

(:input end:)

(:divend:)
[[<<]]
----

(:ifend:)

(:if authid:)
You are authenticated as '''{$Author}'''.  [[{$FullName}?action=logout | Logout]]

!!!Update User Information
Change your email address and/or password.
(:input form method=post action={$PageUrl} :)
(:input hidden name=xes_AuthUser value=update:)
(:input hidden name=xes_returnUrl value={$PageUrl} :)

|| Username:||(:input text name=xes_username size=20:) ||
|| Current Password:||(:input text name=xes_oldpassword size=20:) ||
|| New Password:||(:input text name=xes_newpassword size=20:) (optional) ||
|| Repeat New Password:||(:input password xes_dupepassword:) ||
|| New Email:||(:input text name=xes_newemail size=20:) (optional) ||
|| ||(:input submit name=post value="Go" accesskey=g:) ||
(:input end:)

(:ifend:)

Language notes

If you're using the language packs, you have my apologies because I don't really know how they work :) The emails don't have this markup. See the source code for the English supplied for the distribution. To translate into your language you will need to define the following array variables in your language:

$xAUDBaseMsgs = array (
		"form_error" => "",
		"username_taken" => "",
		"email_taken" => "",
		"email_invalid" => "",
		"update_invalid" => "",
		"password_invalid" => "",
		"user_not_found" => "",
		"user_not_validated" => "",
		"addnew_loggedin" => "",
		"invalid_register_link" => "",
		"validation_error" => "",
		"password_mismatch" => "",
		"updates_done" => "",
		"email_subject" => "",
		"email_msg" => "",
		"email_sent" => "",
		"validation_done" => "" )
);

Technical Notes

If you need to hand-edit the MySQL database in case of user validation problems:

New user validation
delete the validation code and set the validate_field code to 1
User needs password change
md5sum is the default. Get an md5 checksum of the password, add to the password field, delete validation code, make sure the validate_field is set to 1
User emails
can be changed by hand in the database

Release Notes

0.1.2 2006-09-23

  • security fix. All users are urged to upgrade.

0.1.1 2006-09-23

  • changed definition of debug function

0.1 2006-09-20 Initial xes_authuser_dbase.php beta release

  • tested only with Triad form
  • postgresql support definitely broken
  • some mysql hacks need cleaning up!!
  • it miraculously works in any case
  • probably needs to be double-checked on security
  • nearly everything loops back to the original page, so everything on one page works best

To Do

  • Internationalization broken for email body -- needs fixing
  • Consider adding username to the validation link & query -- valcodes COULD be duped
  • Warn if using PGSQL that it's broken?
  • Eventually add in email notice regarding new user registration to admin option
  • Allow password length, username length, etc. validation
  • cleaner SQL and database transactioning?
  • administration for MySQL database
  • option to email admin when someone registers
  • admin "area" where admins can validate users, delete users, freeze accounts, etc.
  • IP logs, so that bad(!) users can be blocked by IP address?

Comments

Great recipe! First time I could actually make PmWiki talk to a mysql db. I'd been trying for a month, before you developed this. I had to force the code sometimes, tho. When the code says AUDBaseEncryption$type_of_encryption (sorry, can't remember the original code now =/), it wouldnt recognize it as being md5, so I had to change the variable manually to "md5". It worked tho. Also, can't make the email work, it doesnt send anything at all (it complained about some config in php_ini, but even if I force it into the xesAUD code, it doesnt work, any help on this?). Also, can you tell me how to redirect the usual authentication page to the one by this recipe? If I don't login before hitting Edit, I'm sent back to the old auth page. Update the documentation inside the php file! - 9 out of 10, good job! - Renato, Jan 26th, 2007

Thanks! The functionality in this recipe has been rolled back into its parent AuthUserDBase (see link below). It shouldn't matter which form you use for authentication. As for emails, if you can't send email using PHP's mail() function on that server, you won't be able to get the email validations working :/ If other PHP apps are sending email, then that shouldn't be the problem. Regardless, this recipe has been pushed back into the parent app, and also made somewhat more flexible & complicated (but still recognizably similar). If this works for you, you can certainly use it. If you need to upgrade in the future, you may need to look at AuthUserDBase -- this package won't be maintained anymore.
XES January 26, 2007, at 07:11 AM

See Also

Contributors

XES

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.