PHP

Archived Posts from this Category

Sun 12 Apr 2009

Authentication Plug-in for PHPBB using External MySQL Table Source

Posted by NZEYIMANA Emery Fabrice under English , PHP , Software
1 Comment 

After googling around for a plug-in to help me authenticate PHPBB3 forums against an already existing web application and finding none, I decided to write my own. I modelled it to auth_db and auth_apache and named it auth_dbext as short for authentication using DB from external source (external to PHPBB Database).

I am sharing it with others who might have a similar need and of course any improvements are welcome.

I have not implement some optional parts (see http://wiki.phpbb.com/Authentication_plugins for more info)

The login code is in the function (The full source code is at auth_dbext.phps)

  1. /**
  2. * Login function
  3. */
  4. function login_dbext(&$username, &$password)
  5. {
  6. global $db;</code>
  7.  
  8. // do not allow empty password
  9. if (!$password)
  10. {
  11. return array(
  12. ’status’    =&gt; LOGIN_ERROR_PASSWORD,
  13. ‘error_msg’    =&gt; ‘NO_PASSWORD_SUPPLIED’,
  14. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  15. );
  16. }
  17.  
  18. if (!$username)
  19. {
  20. return array(
  21. ’status’    =&gt; LOGIN_ERROR_USERNAME,
  22. ‘error_msg’    =&gt; ‘LOGIN_ERROR_USERNAME’,
  23. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  24. );
  25. }
  26.  
  27. /////////////////////////////////////////////////////////////////////////////////////////////////////////////
  28. // Note: on my systems, I include these following lines from an external file that is not web-accessible
  29. /////////////////////////////////////////////////////////////////////////////////////////////////////////////
  30. $db_host      = "localhost"; // Here goes the MySQL server address, hostname or IP
  31. $db_user      = "username";  // Here goes the MySQL user allowed to read the table below (GRANT SELECT ON ….)
  32. $db_password  = "passwd";    // Here should go the password associated with the above user
  33. $db_database  = "dbName";    // Here goes the Database containing the table below
  34. $db_table     = "tblUsers";  // Here will goes the table list users allowed to login into PHPBB
  35. ////////////////////////////////////////////////////////////////////////////////////////////////////////////
  36. $col_username = "username";
  37. $col_password = "password";
  38. $hashMethod   = "sha1"; // Can be one of:  md5, sha1, plain
  39. // In case you choose to use a non-standard hashing function, be
  40. // sure to change below where the $hashedPassword variable is created
  41.  
  42. $objMySqli = new mysqli($db_host, $db_user, $db_password, $db_database);
  43.  
  44. /* check connection */
  45. if (mysqli_connect_errno())
  46. {
  47. return array(
  48. ’status’    =&gt; LOGIN_ERROR_EXTERNAL_AUTH ,
  49. ‘error_msg’    =&gt; ‘LOGIN_ERROR_EXTERNAL_AUTH ‘,
  50. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  51. );
  52. }
  53.  
  54. // Check the User/Password
  55. if($hashMethod == ’sha1′)
  56. {
  57. $hashedPassword = sha1($password);
  58. } elseif($hashMethod == ‘md5′) {
  59. $hashedPassword = md5($password);
  60. } else {
  61. $hashedPassword = $password;
  62. }
  63. $sql =
  64. "SELECT 11 as ID
  65. FROM " . $db_table . "
  66. WHERE
  67. " . $col_username . " = ‘" . mysqli_real_escape_string($username)          . "’ AND
  68. " . $col_password . " = ‘" . mysqli_real_escape_string($hashedPassword) . "’
  69. ";
  70.  
  71. if ( $result = $objMySqli-&gt;query($sql) )
  72. {
  73. if ( $result-&gt;num_rows &lt;= 0 )
  74. {
  75. return array(
  76. ’status’    =&gt; LOGIN_ERROR_USERNAME,
  77. ‘error_msg’    =&gt; ‘LOGIN_ERROR_USERNAME’,
  78. ‘user_row’    =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  79. );
  80. }
  81.  
  82. $sql = ‘SELECT user_id, username, user_password, user_passchg, user_email, user_type
  83. FROM ‘ . USERS_TABLE . "
  84. WHERE username = ‘" . $db-&gt;sql_escape($username) . "’";
  85. $result = $db-&gt;sql_query($sql);
  86. $row = $db-&gt;sql_fetchrow($result);
  87. $db-&gt;sql_freeresult($result);
  88.  
  89. if ($row)
  90. {
  91. // User inactive…
  92. if ($row[‘user_type’] == USER_INACTIVE || $row[‘user_type’] == USER_IGNORE)
  93. {
  94. return array(
  95. ’status’        =&gt; LOGIN_ERROR_ACTIVE,
  96. ‘error_msg’        =&gt; ‘ACTIVE_ERROR’,
  97. ‘user_row’        =&gt; $row,
  98. );
  99. }
  100.  
  101. // Successful login…
  102. return array(
  103. ’status’        =&gt; LOGIN_SUCCESS,
  104. ‘error_msg’        =&gt; false,
  105. ‘user_row’        =&gt; $row,
  106. );
  107. }
  108.  
  109. // this is the user’s first login so create an empty profile
  110. return array(
  111. ’status’        =&gt; LOGIN_SUCCESS_CREATE_PROFILE,
  112. ‘error_msg’        =&gt; false,
  113. ‘user_row’        =&gt; user_row_dbext($username, sha1($password)),
  114. );
  115. } else {
  116. // TODO: Handle this situation
  117. }
  118.  
  119. // Not logged in using the external DB
  120. return array(
  121. ’status’        =&gt; LOGIN_ERROR_EXTERNAL_AUTH,
  122. ‘error_msg’        =&gt; ‘LOGIN_ERROR_EXTERNAL_AUTH’,
  123. ‘user_row’        =&gt; array(‘user_id’ =&gt; ANONYMOUS),
  124. );
  125. }

To use this plugin, copy it to the directory /includes/auth/ (the file should be /includes/auth/auth_dbext.php ) in your PHPBB3 install location.  This file can be downloaded at auth_dbext.php (ZIP) or view a highlighted source file at auth_dbext.phps

 

Wed 14 May 2008

Invalid JSON from NET – DateTime

Posted by NZEYIMANA Emery Fabrice under C# , English , Languages , PHP , Software
1 Comment 

With my need to exchange data between a ASP.NET and PHP web applications, I decided to use JSON. The .NET team did a good job by integrating JSON de/serialization into the language (NET 3.5) but they decided not to follow JSON specifications for some good reasons. Serializing an object that has a DateTime property will insert a string that won’t be understood by json_decode of PHP.

On the site of JSON, there is no such thing as a date type.  I have taken the ISO 8601 path which is my preferred date format (MySQL and Swedish Locale standard)

Consider the following class:

  1. [DataContract]
  2. public class Person
  3. {
  4. [DataMember]
  5. public DateTime DateOfBirth { set; get; }
  6. [DataMember]
  7. public string Names { set; get; }
  8. }

By Serializing it you will get something like

{”DateOfBirth” : “\/Date(1210408872000+0200)\/”, “Names” : “Kavuna ka Lyaziga”}

That Date is not defined as a JSON type. In case your JSON will be used directly by JavaScript or .NET (C#, VB) you will not need to write extra codes.

 

Sun 22 Apr 2007

Date format in MySQL and PHP

Posted by NZEYIMANA Emery Fabrice under English , MySQL , PHP , Software
No Comments 

For formatting dates in MySQL one can use the DATE_FORMAT function like DATE_FORMAT(`date_col or value`, dateFormatString)

In a select query, that looks like SELECT DATE_FORMAT(`date_col or value`, dateFormatString) FROM `tableName`
. In case one wants to use the server current date, the query would look like SELECT DATE_FORMAT(NOW(), dateFormatString) FROM `tableName`

For a detailed explanation of the options that can be in a dateFormatString, read the MySQL date related page (dev.mysql.com/doc/).

In the general examples below, I will use the date 22 April 2007 16:15:23 (date of creation of this article)

Language Format String Output
English %m/%d/%Y 04/22/2007
English %m/%d/%Y %H:%i 04/22/2007 16:15
English %a, %D %b %Y %H:%i Sun, 22nd Apr 2007 16:15
Français %d-%m-%Y 22-04-2007
Français %d-%m-%Y %H:%i 22-04-2007 16:15
Français %a, %D %b %Y %H:%i Dim, 22 Avr 2007 16:15
Ikinyarwanda %d-%m-%Y 22-04-2007
Ikinyarwanda %d-%m-%Y %H:%i 22-04-2007 16:15
Ikinyarwanda %a, %D %b %Y %H:%i Cyu, 22 Mata 2007 16:15
Svenska %Y-%m-%d 2007-04-22
Svenska %Y-%m-%d %H:%i 2007-04-22 16:15
Svenska %Y-%m-%d %H:%i 22-april-2007 16:15

For PHP formatString, visit http://www.php.net/date