[MODDB] Smartfeed for phpBB 3

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment!
Suggested Hosts
Locked
leanne.kwok
Registered User
Posts: 2
Joined: Wed Oct 29, 2008 9:13 pm

Re: [RC6] Smartfeed for phpBB 3

Post by leanne.kwok »

Hi. I'm new to php as well as phpbb. I was asked to setup a phpbb forum which supports RSS authentication via an authentication token. I was glad that I found this MOD and it works perfect! I would like to give a big thank you to Mark and all others who have contributed. :D

My forum is using CAS authentication (feature provided by the CasAuthLdapBB MOD @ http://www.phpbb.com/community/viewtopi ... 6&t=399977), and I had to make some modifications to Smartfeed to get it working.

CasAuthLdapBB allows users to login/logout via the CAS server, and it also grabs user information (user's name, email address, etc) from LDAP. This part here works very similar to the LDAP authentication provided by phpbb by default. I have had a read of bvrielink's post on querying the possibility of getting Smartfeed to work with LDAP authentication. I have some thoughts on it based on the observation of phpbb's behaviour with the CAS authentication, which might not be exactly the same for the LDAP authentication case - please correct me if I am wrong.

When a user first logs in to phpbb via CAS/LDAP, phpbb retrieves the user's account information including the password (encrypted), and stores them locally in the phpbb database. This persisted password can then be used to generate the authentication token as well as authenticate the user on a feed request. However, as far as I know, this phpbb persisted password will not get updated even if the one in LDAP changes(?), which then means that there is no way to invalidate a previously generated feed URL -> security issue :?

I will be doing work on synchronizing phpbb's user info with LDAP's later, so I decided to still go with this approach. Here are the changes that I've made to get Smartfeed working with the CAS authentication.

In smartfeed.php -
Find:

Code: Select all

		case 'ldap':
Add before:

Code: Select all

		case 'casldap':
			$registered_user = true;
			break;
The logout_casldap() method normally redirects the user to the CAS server logout page, but in here it outputs some html to the RSS xml file which makes it invalid. So I've changed it to skip the logout process for 'casldap'.

In smartfeed.php -
Find:

Code: Select all

	include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);

	$method = 'logout_' . $method;
	if (function_exists($method))
	{
		$method($user->data, $new_session);
	}
Replace with:

Code: Select all

	if ($method != 'casldap')
	{
		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);

		$method = 'logout_' . $method;
		if (function_exists($method))
		{
			$method($user->data, $new_session);
		}
	}
This seems to work for now, but if anyone can suggest a better solution it would be much appreciated!
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

Hi. Glad to see experimentation in the area of LDAP, but I am still stymied because I don't see any way to retrieve the password from an LDAP database so it can be turned into an authentication token. I don't have LDAP installed but presumably the user_password column in the phpbb_users table is either blank or not to be trusted when LDAP is installed, as it is stored in LDAP, not the phpbb_users table, which means that the phpbb_users table is not an authoritative reference. The closest I could find looking at PHP LDAP functions and auth_ldap.php is this snippet of code in auth_ldap which is where a user entered password is passed to LDAP. It returns a set of rows. If there is a row, this apparently means the password is validated.

Code: Select all

	$ldap_result = @ldap_get_entries($ldap, $search);

	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
	{
		if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
		{
			@ldap_close($ldap);

			$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
				FROM ' . USERS_TABLE . "
				WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
			$result = $db->sql_query($sql);
			$row = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);

			if ($row)
			{
				unset($ldap_result);

				// User inactive...
				if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
				{
					return array(
						'status'		=> LOGIN_ERROR_ACTIVE,
						'error_msg'		=> 'ACTIVE_ERROR',
						'user_row'		=> $row,
					);
				}

				// Successful login... set user_login_attempts to zero...
				return array(
					'status'		=> LOGIN_SUCCESS,
					'error_msg'		=> false,
					'user_row'		=> $row,
				);
			}
smartfeed_url.php simply encrypts the md5 hash of the password stored in the user_password column of the phpbb_users table and passes it to the template.

If you are doing something different please let me know. I would like to support LDAP for authenticated users, just don't understand how it is being done.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
RobInk
Registered User
Posts: 22
Joined: Fri Feb 15, 2008 12:45 pm
Location: The Netherlands
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by RobInk »

MarkDHamill wrote:BTW, if you get it working and can send an exact list of changes you made to 2.2.3 please send them to me so I can include it in the /contrib folder. A number of people have wanted to get it to work with Joomla.
Mark,

We had a new style implemented, and after that I tried the latest release of the mod on our phpbb3forum again but I still have that error and the feed does not work.

Error ; limit parameter is either not present or is not an allowed value.

Part of my feed url is: /smartfeed.php?u=191&e=EB0ECKuDjcj0UrbZTybN9g8t5JpCqitdZt6rYPMhMJAf14PwjKPaRg..&lastvisit=1&forum=372&limit=LF&count_limit=25&sort_by=user&feed_type=RSS2.0&feed_style=HTML

Could you help me pin point the problem? I also disabled the htaccess protection but that was not it.

Thanks Robin
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

Have you upgraded to version 2.2.4? I squashed the bug with the limit parameter but your URL looks fine.

I assume that you are integrating with Joomla?
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
RobInk
Registered User
Posts: 22
Joined: Fri Feb 15, 2008 12:45 pm
Location: The Netherlands
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by RobInk »

Hi,

I have indeed 2.2.4. installed. And the forum is running stand alone, no integration with Joomla!

Where do I check for that bug? Which file? Just in case one of the new files was not overwritten with FTP?
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

Here is the code in smartfeed.php that generates the error message:

Code: Select all

// Determine if this is a public request. If so only public forums will be shown.
if ($user_id != ANONYMOUS && $encrypted_pswd != 'NONE')
{
	// Feed privileges are dependent upon the auth_method. This code makes this program consistent with smartfeed_url.php
	switch ($config['auth_method'])
	{
		case 'db':
			$registered_user = true;
			break;
		case 'apache':
			if ($config['sf_apache_htaccess_enabled'])
			{
				$registered_user = true;
			}
			else
			{
				handle_error('SMARTFEED_APACHE_AUTHENTICATION_WARNING_REG');
			}
			break;
		case 'ldap':
		default:
			$user_id = ANONYMOUS;
			$encrypted_pswd = 'NONE';
			break;
	}
}
else if (!(($user_id == ANONYMOUS) && ($encrypted_pswd == 'NONE')))
{
	// Logically if only the u or the e parameter is present, the URL is inconsisent, so generate an error.
	if ($user_id == ANONYMOUS)
	{
		handle_error('SMARTFEED_NO_U_ARGUMENT');
	}
	if ($encrypted_pswd == 'NONE')
	{
		handle_error('SMARTFEED_NO_E_ARGUMENT');
	}
}
If the URL identified the user as public, &limit=LF would not be allowed. So I would start there. What is the authentication method in the database?

Code: Select all

	switch ($config['auth_method'])
Since you are getting an error message, it is likely because you enabled Apache authentication. If so, make sure you go into the Smartfeed ACP interface and click the checkbox next to Apache .htaccess enabled for Smartfeed. Then submit. Of course you also have to make a change to the .htaccess file to allow smartfeed.php to bypass the authentication.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

Okay, I may be looking at the wrong code. This is generating the error message:

Code: Select all

// Get the limit parameter. It limits the size of the newsfeed to a point in time from the present, either a day/hour/minute interval, no limit
// or the time since the user's last visit. It should always exist. If it doesn't exist or the value passed is invalid, trigger an error.
// Please note that for public users no message older than SMARTFEED_DEFAULT_FETCH_TIME_LIMIT can actually be retrieved to avoid huge 
// newsfeeds and excessive strain on the database.
$time_limit = request_var('limit', '', true);
if ($registered_user && (!(in_array($time_limit, $smartfeed['SMARTFEED_TIME_LIMIT_REGISTERED']))))
{
	handle_error('SMARTFEED_LIMIT_FORMAT_ERROR');
}
if (!$registered_user && (!(in_array($time_limit, $smartfeed['SMARTFEED_TIME_LIMIT_UNREGISTERED']))))
{
	handle_error('SMARTFEED_LIMIT_FORMAT_ERROR');
}
I am betting $registered_user is false because if false, LF is not allowed as a parameter for limit. Public users have no last visit date, so LF is meaningless. However if the u and e parameters are present, $registered_user should be true.

And it would only be false if LDAP authentication is enabled or is if $config['auth_method'] is something other than db or apache.

What is the value of auth_method? You could use phpMyAdmin and browse the phpbb_config table to get the value.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
RobInk
Registered User
Posts: 22
Joined: Fri Feb 15, 2008 12:45 pm
Location: The Netherlands
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by RobInk »

Hi Mark,

Thanks again for the quick reply, I'll make sure to have a look at this today.

Here are my complete settings in the DB:
"sf_all_by_default";"1";"0"
"sf_apache_htaccess_enabled";"0";"0"
"sf_atom_10_value";"ATOM1.0";"0"
"sf_auto_advertise_public_feed";"1";"0"
"sf_default_fetch_time_limit";"720";"0"
"sf_feed_image_path";"imageset/site_logo.gif";"0"
"sf_max_items";"100";"0"
"sf_privacy_mode";"1";"0"
"sf_public_feed_url_suffix_atom";"feed_type=ATOM1.0&limit=%s&sort_by=%s&feed_style=%s&amp";"0"
"sf_public_feed_url_suffix_rss";"feed_type=RSS2.0&limit=%s&sort_by=%s&feed_style=%s&amp";"0"
"sf_require_ip_authentication";"0";"0"
"sf_rfc1766_lang";"en-GB";"0"
"sf_rss_10_value";"RSS1.0";"0"
"sf_rss_20_value";"RSS2.0";"0"
"sf_show_sessions";"0";"0"
"sf_show_username_in_first_topic_post";"1";"0"
"sf_show_username_in_replies";"1";"0"
"sf_smartfeed_host";"phpbbservices.com";"0"
"sf_smartfeed_page_url";"http://phpbbservices.com/smartfeed/";"0"
"sf_smartfeed_title";"phpBB Smartfeed";"0"
"sf_smartfeed_title_explain";"Access this board with a newsreader";"0"
"sf_smartfeed_title_short";"Smartfeed";"0"
"sf_suppress_forum_names";"0";"0"
"sf_ttl";"60";"0"
"sf_version";"2.2.4";"0"
"sf_webmaster";;"0"
RobInk
Registered User
Posts: 22
Joined: Fri Feb 15, 2008 12:45 pm
Location: The Netherlands
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by RobInk »

I forgot auth-method;
auth_method, smf
Should be different I guess? We have been running an smf forum before, and performed a migration. Maybe a left over and needs to be changed?
RobInk
Registered User
Posts: 22
Joined: Fri Feb 15, 2008 12:45 pm
Location: The Netherlands
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by RobInk »

Yes!

Thank you so much... pointing me to that authentication method did the trick. Set it to DB and now the mod seems to work. No actual feeds yet, just visited the forum of course, but no error message either.

Going to implement on the live forum now and see how that goes... thanks again for the support. I'll let you know once it is up and running.
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

I am glad it is working. I've never seen an auth method of "smf" before. I assume you were trying out some sort of integration with another package.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
jstegall
Registered User
Posts: 7
Joined: Tue Sep 23, 2008 1:47 pm

Re: [RC6] Smartfeed for phpBB 3

Post by jstegall »

So hi. I have SmartFeed working in my forum and it looks like it will work very nicely for my needs, but only in the browser thus far. If I attempt to view the feed in Outlook 2007, for example, I get the following error:
An error occurred running phpBB Smartfeed. As a result, no content can be returned. Use this error information as a guide to correcting the problem. Please note that you must use this program to create a URL that can be used with phpBB Smartfeed. The error is: phpBB Smartfeed does not accept the feed_type parameter value given or the feed_type parameter is absent.
I'd love to hear if there is something I can do to fix this. I have run into this issue on other RSS modules, for what it's worth, and I have been unable to get Outlook to view a feed because it seems to attempt authentication.

Thanks,
Jon
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

It is possible that Outlook is garbling the URL generated by Smartfeed, but more likely when you copied and pasted it, you may have deleted a character.

The URL should show a feed_type parameter with the only allowed values RSS2.0, RSS1.0 or ATOM1.0. If not one of these smartfeed.php will generate this error message.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
jstegall
Registered User
Posts: 7
Joined: Tue Sep 23, 2008 1:47 pm

Re: [RC6] Smartfeed for phpBB 3

Post by jstegall »

Hi Mark,

Thanks for the quick reply. The URL that I've generated and copied is
I'm using Firefox, so I then asked to subscribe to the feed in Outlook and got the error.

Any other ideas?

Thanks again,
Jon
User avatar
MarkDHamill
Registered User
Posts: 4347
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: [RC6] Smartfeed for phpBB 3

Post by MarkDHamill »

Only thing I can think of is Outlook has some quirk that it strips or transforms parameters in URLs. The URL looks fine.

You might want to try it in another reader like Google Reader to verify the problem is with Outlook. There may be some sort of obscure Outlook setting you can enable to fix it. I don't use Outlook.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
Locked

Return to “[3.0.x] MODs in Development”