Recent Changes - Search:
Cookbook /

AuthPunBB

Summary: Use PunBB/FluxBB user authentication for PmWiki
Version: 2010-OCT-18
Prerequisites:
Status: Draft
Maintainer: Kory Roberts -> mailto:webmaster [snail] herpsofarkansas [period] com
Discussion: AuthPunBB-Talk
Categories: Administration, Security, Forum

Questions answered by this recipe

How do I use a PunBB/FluxBB 1.3 and 1.2 database to authenticate users for PmWiki?

Prior Knowledge

If needed, please review the following topics before attempting to install and use this recipe.

Limitations

  • This recipe does not explain how to coordinate cookies/sessions between PunBB/FluxBB and PmWiki. Users will be asked to log in separately to the forum and wiki.
  • This recipe does not coordinate groups between PunBB/FluxBB and PmWiki. It only deals with users.

Testing

  • This recipe has been tested with PunBB 1.3.2 and PmWiki 2.2.0-beta68. It is assumed to work with FluxBB 1.3, too, but this has NOT been tested!
  • This recipe has been tested with PunBB 1.2.23 and PmWiki 2.2.18, too.

Steps

Step 1 - Downloads

  1. Download and install PmWiki.
  2. Download and install PunBB. (Alternately, FluxBB should also work.)
  3. Download ADOdb Lite and unpack into your cookbook folder. (Alternately, you can use the full ADOdb abstraction library, but this is probably overkill.)
  4. Download the Database Standard Recipe and place in your cookbook folder.
  5. Download the Authuser Database Recipe and place in your cookbook folder.

Step 2 - Config

For use with PunBB 1.3

Edit your config.php file to use all of this stuff! The following can be used as a template: 

# optional, but handy for limiting groups
$GroupPattern = '(?:Site|SiteAdmin|PmWiki|Main|Profiles)';

# connection settings for database authentication
$Databases['punbb_db'] = array(
 'driver' => 'mysql', # what type of database?
 'hostname' => 'localhost', # what hostname? ...localhost should work for most people
 'database' => 'punbb_db', # what database?
 'username' => 'punbb_db_user', # what username?
 'password' => 'punbb_db_password'); # what password?

# path to adodb lite database library
$ADOdbLocation = "$FarmD/cookbook/adodb_lite/";

# variables used in authuserdbase
$AuthUserFunctions['mysql'] = 'AuthUserDatabase'; # should match driver from above
$AuthUser['mysql'] = true; # should match driver from above
$AUDBaseTable['database'] = 'punbb_db'; # should match array from above
$AUDBaseTable['user_table'] = 'punbb_users'; # what table for punbb users? (prefix punbb_ needs to match setup)
$AUDBaseTable['user_field'] = 'username'; # should be username for standard setup
$AUDBaseTable['pw_field']   = 'password'; # should be password for standard setup
$AUDBaseTable['salt_field']   = 'salt'; # should be salt for standard setup
$AUDBaseTable['encrypt_f'] = 'punbbpass'; # should match function name below

# function required for authentication using punbb database
function punbbpass($pasw)
{
	global $DB, $AUDBaseTable;
	$dbase = $AUDBaseTable['database'];
	$sf = $AUDBaseTable['salt_field'];
	$ut = $AUDBaseTable['user_table'];
	$uf = $AUDBaseTable['user_field'];
	$id = AUD_Safe($_POST['authid']);
	$out = ADOdbConnect($dbase);
  	if ($out !== TRUE) die($out);
	$result = $DB[$dbase]->Execute("SELECT " . $sf . " FROM " . $ut . " WHERE " . $uf . "=" . $id);
	return sha1($result->fields[$sf] . sha1($pasw));
}

# scripts used for database authentication
include_once ("$FarmD/cookbook/adodb-connect.php");
include_once ("$FarmD/cookbook/authuserdbase.php");
include_once("$FarmD/scripts/authuser.php");

$EnablePostAuthorRequired = 1; # require authors to provide a name
$Author = $AuthId; # force author name to match login name
For use with FluxBB/PunBB 1.2

Edit your config.php file to use all of this stuff! The following can be used as a template: 

# optional, but handy for limiting groups
$GroupPattern = '(?:Site|SiteAdmin|PmWiki|Main|Profiles)';

# connection settings for database authentication
$Databases['fluxbb12_db'] = array(
 'driver' => 'mysql', # what type of database?
 'hostname' => 'localhost', # what hostname? ...localhost should work for most people
 'database' => 'punbb_db', # what database?
 'username' => 'punbb_db_user', # what username?
 'password' => 'punbb_db_password'); # what password?

# path to adodb lite database library
$ADOdbLocation = "$FarmD/cookbook/adodb_lite/";

# variables used in authuserdbase
$AuthUserFunctions['mysql'] = 'AuthUserDatabase'; # should match driver from above
$AuthUser['mysql'] = true; # should match driver from above
$AUDBaseTable['database'] = 'fluxbb12_db'; # should match array from above
$AUDBaseTable['user_table'] = 'fluxbb_users'; # what table for punbb users? (prefix punbb_ needs to match setup)
$AUDBaseTable['user_field'] = 'username'; # should be username for standard setup
$AUDBaseTable['pw_field']   = 'password'; # should be password for standard setup
$AUDBaseTable['encrypt_f'] = 'pun_hash'; # should match function name below

// function required for authentication using PunBB/FluxBB 1.2.* database
// Uses sha1() if available. If not, SHA1 through mhash() if available. If not, fall back on md5().
// Source: PunBB/FluxBB 1.2.23 (file: include/functions.php)
function pun_hash($str)
{
        if (function_exists('sha1'))    // Only in PHP 4.3.0+
                return sha1($str);
        else if (function_exists('mhash'))      // Only if Mhash library is loaded
                return bin2hex(mhash(MHASH_SHA1, $str));
        else
                return md5($str);
}

# scripts used for database authentication
include_once ("$FarmD/cookbook/adodb-connect.php");
include_once ("$FarmD/cookbook/authuserdbase.php");
include_once ("$FarmD/scripts/authuser.php");

$EnablePostAuthorRequired = 1; # require authors to provide a name
$Author = $AuthId; # force author name to match login name


// optional //////////////////

fluxbb12groups();

// sync administrators and moderators groups
// permissive configuration, set up as you wish
function fluxbb12groups()
{
    global $DB, $AUDBaseTable, $DefaultPasswords;
    $dbase = $AUDBaseTable['database'];
    $ut = $AUDBaseTable['user_table'];
    $uf = $AUDBaseTable['user_field'];
    $out = ADOdbConnect($dbase);
    if ($out !== TRUE) die($out);

    // FluxBB 1.2 default admins group is 1
    // Any fluxbb admins will be pmwiki admins
    // administrators can override the passwords set for any individual page or group
    $admstr = 'id:';
    $result = $DB[$dbase]->Execute("SELECT " . $uf . " FROM " . $ut . " WHERE group_id=1" );
    if ( $result->RecordCount() ) {
	while (!$result->EOF) {
	    $admstr .= $result->fields[$uf] . ',';
	    $result->MoveNext();
	}
	$DefaultPasswords['admin'] = $admstr;
    }

    // FluxBB 1.2 default moderators group is 2
    // Any fluxbb moderators will be able to control who
    // is able to set passwords on pages (and potentially other future attributes) 
    $modstr = 'id:';
    $result = $DB[$dbase]->Execute("SELECT " . $uf . " FROM " . $ut . " WHERE group_id=2" );
    if ( $result->RecordCount() ) {
	while (!$result->EOF) {
	    $modstr .= $result->fields[$uf] . ',';
	    $result->MoveNext();
	}
	$DefaultPasswords['attr'] = $modstr;
    } else // if no mods, fallback on admins
	$DefaultPasswords['attr'] = $admstr;

    // require valid login before uploading
    $DefaultPasswords['upload'] = 'id:*';

    // require valid login before editing pages
    // $DefaultPasswords['edit'] = 'id:*';
    // require valid login before reading pages
    // $DefaultPasswords['read'] = 'id:*';
} // end optional //////////

Step 3 - Apply

Password protect pages. Typical use will involve appending ?action=attr to a page (or group) and using id:*. This will allow any authenticated user to edit, view, or change attributes for a particular page or group.

Limit who can edit pages of the Main group to users registered on your PunBB forum:

  • http://www.somewebsite.com/wiki/Main/GroupAttributes?action=attr
  • Add id:* to the edit section and save.

Limit who can edit a particular page (SomePage.html) to a particular registered user (Alice) on your PunBB forum:

  • http://www.somewebsite.com/wiki/Main/SomePage.html?action=attr
  • Add id:Alice to the edit section and save.

See Also

Contributors

  • I hope you find these instructions beneficial. Please email me if you find anything in error and I will try to figure it out. ~Kory -> mailto:webmaster [snail] herpsofarkansas [period] com December 29, 2008
  • For anything related with PunBB/FluxBB 1.2 solution email ~simkin -> mailto:simkin [snail] ono [period] com October 18, 2010

Comments

See discussion at AuthPunBB-Talk

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.