Recent Changes - Search:
Cookbook /

Account Management Page

Summary: Enables user authentication via database, whether from another application, or standalone
Version: 2.0.1
Prerequisites: AuthUser DatabaseStandard and ADOdb
Status: beta
License: GPL2
Maintainer: BenWilson XES
Categories: Security
Discussion: AuthUserDbase-Talk

Using another program's database | Stand-alone PmWiki database authentication | Sample Stand-alone config

Questions answered by this recipe

Q: How can I use AuthUser with a database?

A: Authuser Dbase enables the site administrator to manage PmWiki users via a database. All databases supported by ADOdb should be supported although there is some possibility of incompatibility (see their list).

Please visit this recipe's Talk page for discussion information.

Description

Use database from another program or standalone username & password information for PmWiki authentication.

  • Attach:AuthUserDbase-2.0.1.phpΔ The file. You may want to rename this to authuserdbase.php -- the file is named this way on the server to keep different versions intact. Instructions are given with the filename as "authuserdbase.php".

Technical Notes

Settings for using another program's database for authentication

  1. Add $AUDBaseTable configuration values to config.php: 
    // if you don't need to change the default settings, you may leave them out

       // which database settings to use (see Cookbook.DatabaseStandard and step 2 below).
	$AUDBaseTable['database'] = 'myUserDatabase';

       // which table contains the username & password data?
	$AUDBaseTable['user_table'] = 'pmwiki_users';

       // which fields in the table contain the following data?
	$AUDBaseTable['user_field'] = 'username';
	$AUDBaseTable['pw_field']   = 'password';

       // which password encryption scheme to use
	// normally "md5" or "sha1".  
	// May also be admin-defined function; use the name of the function,
	// and define the function in config.php
	$AUDBaseTable['encrypt_f'] = 'md5';

	// not used at the moment - may use ADOdb's internal international error code feature
	$AUDBaseTable['lang'] = 'en';
  2. Activate the DatabaseStandard recipe in config.php by defining the parameters for your database and including the script. Activating this recipe requires installing the ADOdb library. 
    $Databases['myUserDatabase'] = array(
  'driver' => 'mysql',
  'hostname' => 'db.databasesRus.org',
  'database' => 'externalDatabase',
  'username' => 'dbUser',
  'password' => 'd6V53r')

include_once "$FarmD/cookbook/adodb-connect.php";
  3. Activate AuthUserDBase by adding the following line to config.php. Make sure this line is AFTER everything above:
    include_once "/path/to/cookbook/authuserdbase.php";
    $AuthUserFunctions['mysql'] = 'AuthUserDatabase';
    $AuthUser['mysql']=true;
  4. Edit the page SiteAdmin.AuthUser and add the following on its own line:
    AUD: required for AuthUserDatabase
    note this step is not needed if you do the step above where you use "mysql" as the definition of this authentication method-i.e. this is now redundant. The default in the app is AUD -- you may either redefine it or include this line in the AuthUser page.
  5. Have users in the authentication table for the other application.
  6. Make sure to include authuser.php *after* everything is set up for authuser_dbase 
    //Must come after the other items!
include_once 'scripts/authuser.php';

Settings for using a database only with PmWiki (Standalone version)

  1. Create the appropriate fields in a database. The default MySQL database set up is given below. Adapt as needed for your own database. This database set-up is the default, and will require the least configuration in PmWiki. 
     CREATE TABLE `pmwiki_users` (
   `id` int(11) NOT NULL auto_increment,
   `username` varchar(30) NOT NULL default '',
   `password` varchar(60) default NULL,
   `validatecode` varchar(60) default NULL,
   `signupdate` date default NULL,
   `email` varchar(60) default NULL,
   `validatefield` tinyint(1) default '0',
   PRIMARY KEY  (`id`),
   UNIQUE KEY `username` (`username`)
 ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8
  2. Add $AUDBaseTable configuration values to config.php BEFORE calling authuser_dbase.php: 
    // if you don't need to change the default settings, you may leave them out

       // which database settings to use (see Cookbook.DatabaseStandard)
	$AUDBaseTable['database'] = 'users';

       // which table contains the username & password data?
	$AUDBaseTable['user_table'] = 'pmwiki_users';

       // which fields in the table contain the following data?
	$AUDBaseTable['user_field'] = 'username';
	$AUDBaseTable['pw_field']   = 'password';

       // which password encryption scheme to use
	// normally "md5" or "sha1".  
	// May also be admin-defined function; use the name of the function,
	// and define the function in config.php
	$AUDBaseTable['encrypt_f'] = 'md5';

	// these settings are required for stand-alone use only (defaults listed)
	$AUDBaseTable['standalone'] = false; // set to true for stand-alone use
       // which field contains the following data?
	$AUDBaseTable['email'] = 'email';
	$AUDBaseTable['validate_code'] = 'validatecode';
	$AUDBaseTable['validate_field'] = 'validatefield';
	$AUDBaseTable['date_joined'] = 'signupdate';

	// not used at the moment - may use ADOdb's internal international error code feature
	$AUDBaseTable['lang'] = 'en';
  3. Activate the DatabaseStandard recipe in config.php by defining the parameters for your database and including the script. Activating this recipe requires installing the ADOdb library. 
    $Databases['myUserDatabase'] = array(
  'driver' => 'mysql',
  'hostname' => 'db.databasesRus.org',
  'database' => 'externalDatabase',
  'username' => 'dbUser',
  'password' => 'd6V53r');

include_once("$FarmD/cookbook/adodb-connect.php");
  4. Activate AuthUserDBase by adding the following line to /pmwiki/local/config.php
    include_once "$FarmD/cookbook/authuserdbase.php";
  5. Edit Site.AuthUser and add the following on its own line:
    AUD: required for AuthUserDatabase
  6. Set up stand-alone use forms, see the stand-alone form section below. I set them up on a specific page, such as Main.AccountInfo, and add context-sensitive links to my sidebar such as: 
    (:if !authid:)
%sidehead% [[Main/AccountInfo | Login]]
(:ifend:)

(:if authid:)
%sidehead% [[Main/AccountInfo | Manage Account]]
(:ifend:)
  7. Configure your own account access first: edit Site.AuthUser on your site and be sure to add an entry to grant administration privileges for your username:
    @admin:this_will_be_my_username
  8. Make sure to include authuser.php *after* everything is set up for authuser_dbase 
    // Must come after the other items!
include_once 'scripts/authuser.php';
  9. Test by signing up for an account using the same username you used in Site.AuthUser.
  10. Make sure to validate by clicking the email validation link.
  11. Try logging in, and using your admin privileges. Test by logging in and out. Set up test user accounts if needed.

Some suggested stand-alone use forms

Note: they won't work on this site -- view is for an idea of how they'll work, and what they'll look like on your site. You can feel free to change the design, tables, etc. 

(:messages:)

(:title Account Management Page:)

(:if !authid:)
!!!User Login
(:input form {$PageUrl}:)
(:input hidden action login:)
||     Name:||(:input text authid:)    ||
|| Password:||(:input password authpw:) ||
|| ||(:input submit value="OK" class="inputbutton":) ||
(:input end:)

-----
(:div style='text-align:justify; float:left; valign:top; width:48%; padding-right:2%;padding-bottom:5px;':)
!!!New User Registration
(:input form method=post action={$PageUrl} :)
(:input hidden name=AUD_SA value=addnew:)
(:input hidden name=aud_returnUrl value={$PageUrl} :)

|| Username:||(:input text aud_username size=20:) ||
|| Password:||(:input password aud_password size=20:) ||
|| Repeat Password:||(:input password aud_dupepassword:) ||
|| Email:||(:input text name=aud_email value="email" size=20:) ||
|| ||(:input submit name=post value="New" accesskey=g:) ||
(:input end:)
(:divend:)
(:div style='text-align:justify; valign:top; float:left; width:48%; padding-right:2%;padding-bottom:5px;':)
!!! Change Password Request
An email with a new validation code will be sent to you.

(:input form method=post action={$PageUrl} :)
(:input hidden name=AUD_SA value=reregister:)
(:input hidden name=aud_returnUrl value={$PageUrl} :)

|| Username:||(:input text name=aud_username size=20:) ||
|| Email:||(:input text name=aud_email size=20:) ||
|| New Password:||(:input password aud_newpassword:)||
|| Repeat Password:||(:input password aud_dupepassword:)||
|| ||(:input submit name=post value="Change" accesskey=g:) ||

(:input end:)

(:divend:)
[[<<]]
----

(:ifend:)

(:if authid:)
You are authenticated as '''{$Author}'''.  [[{$FullName}?action=logout | Logout]]

!!!Update User Information
Change your email address and/or password.
(:input form method=post action={$PageUrl} :)
(:input hidden name=AUD_SA value=update:)
(:input hidden name=aud_returnUrl value={$PageUrl} :)

|| Username:||(:input text name=aud_username size=20:) ||
|| Current Password:||(:input text name=aud_oldpassword size=20:) ||
|| New Password:||(:input text name=aud_newpassword size=20:) (optional) ||
|| Repeat New Password:||(:input password aud_dupepassword:) ||
|| New Email:||(:input text name=aud_newemail size=20:) (optional) ||
|| ||(:input submit name=post value="Go" accesskey=g:) ||
(:input end:)

(:ifend:)

User Login

Name:
Password:
 

New User Registration

Username:
Password:
Repeat Password:
Email:
 

Change Password Request

An email with a new validation code will be sent to you.

Username:
Email:
New Password:
Repeat Password:
 


Sample Config File (stand-alone version):

$Databases['users'] = array(
 'driver' => 'mysql',
 'hostname' => 'localhost',
 'database' => 'mypmwikiusers',
 'username' => 'pmwikiadmin',
 'password' => 'S0m3THinGRanD0m');

include_once "$FarmD/cookbook/adodb-connect.php";

        $AUDBaseTable['database'] = 'users'; // must match the first line $Databases['users'] above...

       // which table contains the username & password data?
        $AUDBaseTable['user_table'] = 'pmwiki_users'; //note: this is the default, and may be omitted

       // which fields in the table contain the following data?
        $AUDBaseTable['user_field'] = 'username'; //note: this is the default, and may be omitted
        $AUDBaseTable['pw_field']   = 'password'; //note: this is the default, and may be omitted

       // which password encryption scheme to use
        // normally "md5" or "sha1".  
        // May also be admin-defined function; use the name of the function,
        // and define the function in config.php
        $AUDBaseTable['encrypt_f'] = 'md5';  //note: this is the default, and may be omitted

        // these settings are required for stand-alone use only (defaults listed)
        $AUDBaseTable['standalone'] = true; // set to true for stand-alone use
       // which field contains the following data?
        $AUDBaseTable['email'] = 'email'; //note: this is the default, and may be omitted
        $AUDBaseTable['validate_code'] = 'validatecode'; //note: this is the default, and may be omitted
        $AUDBaseTable['validate_field'] = 'validatefield'; //note: this is the default, and may be omitted
        $AUDBaseTable['date_joined'] = 'signupdate'; //note: this is the default, and may be omitted

        // not used at the moment - may use ADOdb's internal international error code feature
        $AUDBaseTable['lang'] = 'en'; //note: this is the default, and may be omitted

$AuthUserFunctions['mysql'] = "AuthUserDatabase"; //Note: requires a corresponding "mysql:  required for AuthUserDatabase" in SiteAdmin/AuthUser

//Include this file via the site configuration
include_once("cookbook/authuserdbase.php");

// Must come after the other items!
include_once 'scripts/authuser.php';

Hints & Tips

  • Put the config.php information AFTER setting $WikiTitle so the emails are automatically configured to say your wiki name.
  • To test your adodb install, create a simple php file as follows and call it from your browser. 
    <?php
include('path/to/cookbook/adodb/adodb.inc.php');
$DB = NewADOConnection('mysql');  
if (!$DB) die("Connection failed"); 
$DB->debug = true;
// Set these parameters for your database:
// ---------------------------------------------------------------------------
$DB->Connect('db.databasesRus.org', 'dbUser', 'd6P455w04d', 'myExternalDatabase');
// ---------------------------------------------------------------------------
$rs = $DB->Execute("SELECT * FROM userdb LIMIT 10");
print "<pre>";
print_r($rs->GetRows());
print "</pre>";
?>

Release Notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

  • v.2.0.1 - Feb 19, 2007 XES - bugfix suggested by ajt
  • v.2.0.0 - Nov 8, 2006 XES - major changes:
    • uses ADOdb for support of many additional database programs
    • allows standalone use (will allow users to register, take care of their account, and validate)
    • allows admin-defined or custom function for password encryption scheme (or can simply use "md5" or "sha1", as those are also functions)
  • * v.1.0.6Δ - Added vbulletin authentication method XES October 12, 2006, at 03:38 PM
  • v.1.0.5 - Security fix BenWilson October 05, 2006, at 09:21 PM
  • v.1.0.0 - May 31, 2006 Ben Wilson - First public release
    • Added site configuration
    • Added multiple-database capability (mySQL and PostgreSQL)
    • Added multiple encryption support (md5 and sha1)

To Do

  • add-on for defining user groups from databases
  • method for admins to manage the user database from wiki forms

Comments
Add comments below or on AuthUserDbase-Talk

There is a modified version of this recipe's code that works for me available on the AuthUserDbase-Talk page.
-AKc, 06aug06 (re: version 1.x)

I found a zip file containing 1.0 and 1.0.5 to be too confusing, and the 1.0 is not safe. I made it so only 1.0.5 is available.
XES October 06, 2006, at 03:54 AM

(added by mik October 05, 2006) and finally it works ;-) 

 -- P.S. How could it work before ?

I installed it today (thanks XES for suggestion) and it works fine, but I had to change line 450:

AUD_SA_EmailCode ($_POST['aud_username'], $email, $vcode, 1) ;

to

AUD_SA_EmailCode ($_POST['aud_username'], $_POST['aud_email'], $vcode, 1) ;

because $email was not defined and change password emails were not send.

ajt, 02/19/07

Fixed! Thanks!! XES February 19, 2007, at 05:44 PM

Thanks for creating this recipe! why do you add AUTO_INCREMENT=24 to the creation of the standalone auth table? shi

That sounds like an error. When I have a chance to look at this recipe, I'll certainly take a look at that, but you can probably change it. Profiles August 21, 2007, at 05:55 PM

Cookbook/AuthUserDbase-Talk

See Also

  • AuthUserVBulletin - adds a configurable translation of vBulletin user groups to apply to PmWiki

Contributors

  • Ben Wilson - Original Author
  • XES - updates and additional maintanence

BenWilsonMaintained

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.