April 2009

Monthly Archive

Sun 19 Apr 2009

Latest blog post erased

Posted by NZEYIMANA Emery Fabrice under Uncategorized
No Comments 

There seems to be a problem with my blog. This is the second time my latest entry content gets erased. Only the content is erased leaving the title intact. I am still investigating the issue. Meanwhile, I decided to upgrade to the latest Wordpress release to see if the issue gets resolved

 

Sun 12 Apr 2009

Authentication Plug-in for PHPBB using External MySQL Table Source

Posted by NZEYIMANA Emery Fabrice under English , PHP , Software
1 Comment 

After googling around for a plug-in to help me authenticate PHPBB3 forums against an already existing web application and finding none, I decided to write my own. I modelled it to auth_db and auth_apache and named it auth_dbext as short for authentication using DB from external source (external to PHPBB Database).

I am sharing it with others who might have a similar need and of course any improvements are welcome.

I have not implement some optional parts (see http://wiki.phpbb.com/Authentication_plugins for more info)

The login code is in the function (The full source code is at auth_dbext.phps)

  1. /**
  2. * Login function
  3. */
  4. function login_dbext(&$username, &$password)
  5. {
  6. global $db;</code>
  7.  
  8. // do not allow empty password
  9. if (!$password)
  10. {
  11. return array(
  12. ’status’    =&gt; LOGIN_ERROR_PASSWORD,
  13. ‘error_msg’    =&gt; ‘NO_PASSWORD_SUPPLIED’,
  14. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  15. );
  16. }
  17.  
  18. if (!$username)
  19. {
  20. return array(
  21. ’status’    =&gt; LOGIN_ERROR_USERNAME,
  22. ‘error_msg’    =&gt; ‘LOGIN_ERROR_USERNAME’,
  23. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  24. );
  25. }
  26.  
  27. /////////////////////////////////////////////////////////////////////////////////////////////////////////////
  28. // Note: on my systems, I include these following lines from an external file that is not web-accessible
  29. /////////////////////////////////////////////////////////////////////////////////////////////////////////////
  30. $db_host      = "localhost"; // Here goes the MySQL server address, hostname or IP
  31. $db_user      = "username";  // Here goes the MySQL user allowed to read the table below (GRANT SELECT ON ….)
  32. $db_password  = "passwd";    // Here should go the password associated with the above user
  33. $db_database  = "dbName";    // Here goes the Database containing the table below
  34. $db_table     = "tblUsers";  // Here will goes the table list users allowed to login into PHPBB
  35. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  36. $col_username = "username";
  37. $col_password = "password";
  38. $hashMethod   = "sha1"; // Can be one of:  md5, sha1, plain
  39. // In case you choose to use a non-standard hashing function, be
  40. // sure to change below where the $hashedPassword variable is created
  41.  
  42. $objMySqli = new mysqli($db_host, $db_user, $db_password, $db_database);
  43.  
  44. /* check connection */
  45. if (mysqli_connect_errno())
  46. {
  47. return array(
  48. ’status’    =&gt; LOGIN_ERROR_EXTERNAL_AUTH ,
  49. ‘error_msg’    =&gt; ‘LOGIN_ERROR_EXTERNAL_AUTH ‘,
  50. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  51. );
  52. }
  53.  
  54. // Check the User/Password
  55. if($hashMethod == ’sha1′)
  56. {
  57. $hashedPassword = sha1($password);
  58. } elseif($hashMethod == ‘md5′) {
  59. $hashedPassword = md5($password);
  60. } else {
  61. $hashedPassword = $password;
  62. }
  63. $sql =
  64. "SELECT 11 as ID
  65. FROM " . $db_table . "
  66. WHERE
  67. " . $col_username . " = ‘" . mysqli_real_escape_string($username)          . "’ AND
  68. " . $col_password . " = ‘" . mysqli_real_escape_string($hashedPassword) . "’
  69. ";
  70.  
  71. if ( $result = $objMySqli-&gt;query($sql) )
  72. {
  73. if ( $result-&gt;num_rows &lt;= 0 )
  74. {
  75. return array(
  76. ’status’    =&gt; LOGIN_ERROR_USERNAME,
  77. ‘error_msg’    =&gt; ‘LOGIN_ERROR_USERNAME’,
  78. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  79. );
  80. }
  81.  
  82. $sql = ‘SELECT user_id, username, user_password, user_passchg, user_email, user_type
  83. FROM ‘ . USERS_TABLE . "
  84. WHERE username = ‘" . $db-&gt;sql_escape($username) . "’";
  85. $result = $db-&gt;sql_query($sql);
  86. $row = $db-&gt;sql_fetchrow($result);
  87. $db-&gt;sql_freeresult($result);
  88.  
  89. if ($row)
  90. {
  91. // User inactive…
  92. if ($row[‘user_type’] == USER_INACTIVE || $row[‘user_type’] == USER_IGNORE)
  93. {
  94. return array(
  95. ’status’        =&gt; LOGIN_ERROR_ACTIVE,
  96. ‘error_msg’        =&gt; ‘ACTIVE_ERROR’,
  97. ‘user_row’        =&gt; $row,
  98. );
  99. }
  100.  
  101. // Successful login…
  102. return array(
  103. ’status’        =&gt; LOGIN_SUCCESS,
  104. ‘error_msg’        =&gt; false,
  105. ‘user_row’        =&gt; $row,
  106. );
  107. }
  108.  
  109. // this is the user’s first login so create an empty profile
  110. return array(
  111. ’status’        =&gt; LOGIN_SUCCESS_CREATE_PROFILE,
  112. ‘error_msg’        =&gt; false,
  113. ‘user_row’        =&gt; user_row_dbext($username, sha1($password)),
  114. );
  115. } else {
  116. // TODO: Handle this situation
  117. }
  118.  
  119. // Not logged in using the external DB
  120. return array(
  121. ’status’        =&gt; LOGIN_ERROR_EXTERNAL_AUTH,
  122. ‘error_msg’        =&gt; ‘LOGIN_ERROR_EXTERNAL_AUTH’,
  123. ‘user_row’        =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  124. );
  125. }

To use this plugin, copy it to the directory /includes/auth/ (the file should be /includes/auth/auth_dbext.php ) in your PHPBB3 install location.  This file can be downloaded at auth_dbext.php (ZIP) or view a highlighted source file at auth_dbext.phps