Recent Changes - Search:
Cookbook /

AuthPhpBB3

Summary: Use phpBB3 user authentication for PmWiki
Discussion: AuthPhpBB3-Talk
Categories: Administration, Security, Forum

Questions answered on this page

How do I use a phpBB 3.0 Olympus database to authenticate users for PmWiki? Starting with phpBB 3.0 Olympus RC7, the password encryption has changed from that used in phpBB 2!

Limitations

  • This page does not explain how to coordinate cookies/sessions between phpBB 3.0 and PmWiki. Users will be asked to log in separately to the forum and wiki.
  • This page does not coordinate groups between phpBB and PmWiki. It only deals with users.

Summary of Steps

  1. Download and install PmWiki. I think version 2.1 or greater should work.
  2. Download and install phpBB 3.0.
  3. Download the ADOdb Database Abstraction Layer for PHP and unpack into your cookbook folder.
  4. Download the Portable PHP Password Hashing Framework and unpack into your cookbook folder.
  5. Download the Database Standard Recipe and place in your cookbook folder.
  6. Download the Authuser Database Recipe and place in your cookbook folder.
  7. Edit your config.php file to use all of this stuff!
  8. Password protect pages.

When doing the installs in steps 1-5 do not do any of the set up just place the files. Step 8 covers all set up.

Step 1

  1. Download Pmwiki.
  2. Follow the instructions for installation.

Step 2

  1. Download phpBB 3.0.
  2. Follow the instructions for installation.

Step 3

  1. Download the ADOdb Database Abstraction Layer for PHP. Alternately, ADOdb Lite may work as well and has a smaller footprint...but I have not tested this.
  2. Unpack the files into your cookbook folder.

Step 4

  1. Download the Portable PHP Password Hashing Framework.
  2. Open "PasswordHash.php" in a text editor and search/replace 2 matches of "$P$" with "$H$". Save.
  3. Unpack the files into your cookbook folder.

Step 5

  1. Download the Database Standard Recipe.
  2. Place the script into your cookbook folder.

Step 6

  1. Download the Authuser Database Recipe.
  2. Rename the script to "authuserdbase.php".
  3. Place the script into your cookbook folder.
  4. Edit the page SiteAdmin.AuthUser (i.e. SiteAdmin.AuthUser?action=edit) and add the following on its own line:

        AUD: required for AuthUserDatabase

Step 7

  1. Check that you have the following folder structure for your wiki:

    /cookbook
  /adodb
    /a-bunch-of-adodb-files
  /phpass
    /a-few-phpass-files
  /adodb-connect.php
  /authuserdbase.php
/local
  /config.php
/scripts
  /authuser.php
  2. Edit the following config.php section as indicated:

    # optional, but handy for limiting what users can do
$GroupPattern = '(?:Site|SiteAdmin|PmWiki|Main|Profiles)';

$Databases['phpbb_db'] = array(
 'driver' => 'mysql', # what type of database?
 'hostname' => 'localhost', # what hostname? ...localhost should work for most people
 'database' => 'phpbb_db', # what database?
 'username' => 'phpbb_db_user', # what username?
 'password' => 'phpbb_db_password'); # what password?

$AUDBaseTable['database'] = 'phpbb_db'; # should match database from above
$AUDBaseTable['user_table'] = 'phpbb_users'; # should be phpbb_users for standard setup
$AUDBaseTable['user_field'] = 'username'; # should be username for standard setup
$AUDBaseTable['pw_field']   = 'user_password'; # should be user_password for standard setup
$AUDBaseTable['encrypt_f'] = 'phpass'; # DO NOT CHANGE

# DO NOT CHANGE THE FOLLOWING FUNCTION (except the 1 path)
function phpass($pasw)
{
	global $DB, $AUDBaseTable, $_POST;

	# Query Preparation
	$u = $AUDBaseTable['user_field'];
	$p = $AUDBaseTable['pw_field'];
	$t = $AUDBaseTable['user_table'];
	$id = AUD_Safe($_POST['authid']);
	$query = "SELECT $p FROM $t WHERE $u=$id";

	# Query Database, Get Hash
	$result = $DB[$AUDBaseTable['database']]->Execute($query);
	$hash = $result->fields[0];

	# Return Encrypted Password
	include_once("$FarmD/cookbook/phpass/PasswordHash.php"); # what path to PasswordHash.php?
	$hasher = new PasswordHash(8, TRUE);
	return $hasher->crypt_private($pasw, $hash);
}

include_once ("$FarmD/cookbook/adodb-connect.php"); # what path to adodb-connect.php?
include_once ("$FarmD/cookbook/authuserdbase.php"); # what path to authuserdbase.php?
include_once("$FarmD/scripts/authuser.php"); # should be correct for standard setup
  3. Copy and paste the section toward the END of the config.php file.

Step 8

  1. As a primer on PmWiki passwords, I might suggest you skim the following pages:
  2. A suggestion would be to lock down all of your groups using @lock, as explained on Passwords. Then you can open back up options as you see fit.
    Actually this may not be a recommended procedure, because that would leave any as-yet-undefined group potentially open. So lock down read &/or edit on your entire website in config.php with @admin, then open groups or pages to users on an as-needed basis as described below. --XES
  3. Typical use will involve appending ?action=attr to a page (or group) and using id:*. This will allow any authenticated user to edit, view, or change attributes for a particular page or group.

Examples

  • Limit who can edit pages of the Main group to users registered on your phpBB 3.0 forum:
    • http://www.somewebsite.com/wiki/Main/GroupAttributes?action=attr
    • Add id:* to the edit section and save.
  • Limit who can edit a particular page (SomePage.html) to a particular registered user (Alice) on your phpBB 3.0 forum:
    • http://www.somewebsite.com/wiki/Main/SomePage.html?action=attr
    • Add id:Alice to the edit section and save.

Demo

The setup explained on this page is activated for the Snakes of Arkansas website.

Comments

See discussion at AuthPhpBB3-Talk