Setting up an FTP server that uses phpBB authentication

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
GarageChemist
Registered User
Posts: 3
Joined: Sun Apr 22, 2018 2:55 pm

Setting up an FTP server that uses phpBB authentication

Post by GarageChemist »

Someone's probably going to insist this isn't possible, but from the research I've done, it clearly is.

So here's what I want to do. Main site is hosted on AWS EC2. Nothing special about that. However, we'd like to give our users the ability to log into an FTP server, upload files, and then have those files be sent to AWS's S3 storage system. The cost to store files there is about 1/3 the price of paying for normal storage, and it's fairly straightforward to link to them.

So I set up the FTP server vsftpd. It seems to be the gold standard for Ubuntu Linux (which I'm using). Now, vsftpd has a feature that allows authentication to be done via PAM, meaning that FTP users don't necessarily have to have a user account in the operating system in order to use the FTP server. I'm using PostgreSQL 9.5 for the database, because I have a lot of experience with it, and nginx for the web server. This has meant a lot of monkeying around with PAM and vsftpd, as well as installing Postgres PAM extensions. One of the more helpful pages I've found has been this one:

https://github.com/pam-pgsql/pam-pgsql

However, I have no idea how phpBB checks to see if a password is correct. The only code I've been able to find that can do this is written in PHP, and everything I need to do is on the backend. I just need to know how to check a password using an SQL query only, in Postgres.

For anyone unfamiliar with PAM, it seems to be a protocol for allowing various services to all use the same authentication system in Linux. I don't really have much experience with it, but I have gotten most of the way towards getting the pieces all working.
Last edited by Kailey on Sun Apr 22, 2018 7:12 pm, edited 1 time in total.
Reason: Removed extension development prefix.
User avatar
Kailey
Community Team Leader
Community Team Leader
Posts: 3732
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Snay
Contact:

Re: Setting up an FTP server that uses phpBB authentication

Post by Kailey »

GarageChemist wrote: Sun Apr 22, 2018 3:11 pm The only code I've been able to find that can do this is written in PHP, and everything I need to do is on the backend. I just need to know how to check a password using an SQL query only, in Postgres.
phpBB (by nature of the name) operates mostly in PHP. Also, since the passwords in phpBB are hashed, it's not possible just to query them in the DB.
Kailey Snay - Community Team Leader
Knowledge Base | Documentation | Community rules

If you have any questions about the rules/customs of this website, feel free to send me a PM.
GarageChemist
Registered User
Posts: 3
Joined: Sun Apr 22, 2018 2:55 pm

Re: Setting up an FTP server that uses phpBB authentication

Post by GarageChemist »

kinerity wrote: Sun Apr 22, 2018 7:11 pm phpBB (by nature of the name) operates mostly in PHP. Also, since the passwords in phpBB are hashed, it's not possible just to query them in the DB.
Right. I'm quite aware of that. However, I've installed the BCrypt library for ruby, which generates the same format of hashed password, and attempted to use those functions to authenticate the hash with a known password, but to no avail. Copying a known hashed password to a user's password field will reset their password to that known password, so it's not like there's some other field being used.

My goal wasn't to use ruby for anything but testing, however it has a nice console that PHP isn't really conducive to.

So to reiterate, I need to know A) if phpBB uses the standard bcrypt algorithm, and B) how you would test a password against a hash using an SQL query.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Setting up an FTP server that uses phpBB authentication

Post by david63 »

You will need to use the check function in passwords\manager
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
GarageChemist
Registered User
Posts: 3
Joined: Sun Apr 22, 2018 2:55 pm

Re: Setting up an FTP server that uses phpBB authentication

Post by GarageChemist »

david63 wrote: Sun Apr 22, 2018 9:16 pm You will need to use the check function in passwords\manager
Ok, after reading the code I realized why it's not so simple. phpBB has to support multiple methods of hashing passwords for backwards compatibility among other things, and so needs to determine which encoding is used.

So I guess that means I need to write a very small php file that includes the file that contains the functions you mentioned, then call those functions with whatever arguments are passed to it via $args or whatever. Granted it's 1-2 extra steps involved, but at least now I know what I'm up against. :D

Thanks!
Post Reply

Return to “phpBB Custom Coding”