[ABD]Script Inside: Auth plugin using existing member DB.

Discussion forum for MOD Writers regarding MOD Development.
Locked
acctman
Registered User
Posts: 103
Joined: Thu Feb 09, 2006 5:48 pm

[ABD]Script Inside: Auth plugin using existing member DB.

Post by acctman »

Hi, below is a script that will help all users that want to use there existing site user database with phpbb3. Its based on PHPbb3 Authentication plugin system. So there is no hacking the script or putting special phpcoding in your site or anything like that.

Usually people who create auth plugins do not publically release them, I've decided to help others out since it took me 2mons to find an example that i could understand.

PHPBB3 documentation: http://wiki.phpbb.com/Authentication_plugins

save the php code into a auto_extdb.php file and put it in the /includes/auth/ folder in your forum. Make all required changes (i marked the areas with the text FILL IN). after doing that login as Admin on your forum go to Administration Control Panel under Client communication/Authentication settings. select "extdb".
You should be all set after that. Users will be able to login using your existing sites database.

Right now i'm trying to figure out how to do the AutoLogin so users do not have to type in there user/pass. If anyone figures this out please share. I know most people dont like sharing coding like this but it helps out a lot of people.

nzeyimana
Registered User
Posts: 1
Joined: Sat Jun 06, 2009 8:04 am
Location: Stockholm, Sweden
Name: Emery
Contact:

Re: Script Inside: Auth plugin using existing member DB.

Post by nzeyimana »

The following can accept different hashing methods: MD5, SHA1 and Plain Text Passwords:

Code: Select all

<?php
/**
* External MySQL auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* @package login
* @version $Id: auth_dbext.php 8602 2009-04-09 16:38:27Z nzeyimana $
* @copyright NONE: use as you see fit but no guarantees
* @license NONE: use as you see fit but no guarantees
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
    exit;
}

/**
*
* @return boolean|string false if the user is identified and else an error message
*/

function init_dbext()
{
    // TODO: do any needed initialization
}

/**
* Login function
*/
function login_dbext(&$username, &$password)
{
    global $db;
    
    // do not allow empty password
    if (!$password)
    {
        return array(
            'status'    => LOGIN_ERROR_PASSWORD,
            'error_msg'    => 'NO_PASSWORD_SUPPLIED',
            'user_row'    => array('user_id' => ANONYMOUS),
        );
    }

    if (!$username)
    {
        return array(
            'status'    => LOGIN_ERROR_USERNAME,
            'error_msg'    => 'LOGIN_ERROR_USERNAME',
            'user_row'    => array('user_id' => ANONYMOUS),
        );
    }
    
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////
    // Note: on my systems, I include these following lines from an external file that is not web-accessible 
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////
    $db_host      = "localhost"; // Here goes the MySQL server address, hostname or IP
    $db_user      = "username";  // Here goes the MySQL user allowed to read the table below (GRANT SELECT ON ....)
    $db_password  = "passwd";    // Here should go the password associated with the above user
    $db_database  = "dbName";    // Here goes the Database containing the table below
    $db_table     = "tblUsers";  // Here will goes the table list users allowed to login into PHPBB   
    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
    $col_username = "username";
    $col_password = "password";
    $hashMethod   = "sha1"; // Can be one of:  md5, sha1, plain
                            // In case you choose to use a non-standard hashing function, be 
                            // sure to change below where the $hashedPassword variable is created
    
    $objMySqli = new mysqli($db_host, $db_user, $db_password, $db_database);
    
    /* check connection */
    if (mysqli_connect_errno()) 
    {
        return array(
            'status'    => LOGIN_ERROR_EXTERNAL_AUTH ,
            'error_msg'    => 'LOGIN_ERROR_EXTERNAL_AUTH ',
            'user_row'    => array('user_id' => ANONYMOUS),
        );
    }
    
    // Check the User/Password
    if($hashMethod == 'sha1')
    {
        $hashedPassword = sha1($password);
    } elseif($hashMethod == 'md5') {
        $hashedPassword = md5($password);
    } else {
        $hashedPassword = $password;
    }
    $sql = 
        "SELECT 11 as ID 
        FROM " . $db_table . " 
        WHERE 
            " . $col_username . " = '" . mysqli_real_escape_string($username)          . "' AND 
            " . $col_password . " = '" . mysqli_real_escape_string($hashedPassword) . "' 
            ";
    
    if ( $result = $objMySqli->query($sql) )
    {
        if ( $result->num_rows <= 0 )
        {
            return array(
                'status'    => LOGIN_ERROR_USERNAME,
                'error_msg'    => 'LOGIN_ERROR_USERNAME',
                'user_row'    => array('user_id' => ANONYMOUS),
            );
        }

        $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
            FROM ' . USERS_TABLE . "
            WHERE username = '" . $db->sql_escape($username) . "'";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);

        if ($row)
        {
            // User inactive...
            if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
            {
                return array(
                    'status'        => LOGIN_ERROR_ACTIVE,
                    'error_msg'        => 'ACTIVE_ERROR',
                    'user_row'        => $row,
                );
            }
    
            // Successful login...
            return array(
                'status'        => LOGIN_SUCCESS,
                'error_msg'        => false,
                'user_row'        => $row,
            );
        }

        // this is the user's first login so create an empty profile
        return array(
            'status'        => LOGIN_SUCCESS_CREATE_PROFILE,
            'error_msg'        => false,
            'user_row'        => user_row_dbext($username, sha1($password)),
        );
    } else {
        // TODO: Handle this situation
    }

    // Not logged in using the external DB
    return array(
        'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
        'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH',
        'user_row'        => array('user_id' => ANONYMOUS),
    );
}

/**
* This function generates an array which can be passed to the user_add function in order to create a user
*/
function user_row_dbext($username, $password)
{
    global $db, $config, $user;
    // first retrieve default group id
    $sql = 'SELECT group_id
        FROM ' . GROUPS_TABLE . "
        WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
            AND group_type = " . GROUP_SPECIAL;
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);

    if (!$row)
    {
        trigger_error('NO_GROUP');
    }

    // generate user account data
    return array(
        'username'        => $username,
        'user_password'    => phpbb_hash($password), // Note: on my side, I don't use this because I want all passwords to remain on the remote system
        'user_email'    => '', // You can retrieve this Email at the time the user is authenticated from the external table
        'group_id'        => (int) $row['group_id'],
        'user_type'        => USER_NORMAL,
        'user_ip'        => $user->ip,
    );
}

?> 

pkbarbiedoll
Registered User
Posts: 93
Joined: Sat Dec 01, 2007 12:10 am

Re: Script Inside: Auth plugin using existing member DB.

Post by pkbarbiedoll »

Thanks for posting this. Followed the instructions to a T, but am not able to log in. After dumping vars I saw that $username and $password are not being passed to the login_extdb function.

Help?

pkbarbiedoll
Registered User
Posts: 93
Joined: Sat Dec 01, 2007 12:10 am

Re: Script Inside: Auth plugin using existing member DB.

Post by pkbarbiedoll »

I figured it out after switching to the second version right above.

Thanks again to both of you for sharing your code!

alphastryk
Registered User
Posts: 2
Joined: Fri Sep 18, 2009 3:13 pm

Re: Script Inside: Auth plugin using existing member DB.

Post by alphastryk »

Thanks a lot for posting your code guys. After installing and configuring the second code above, I am getting the following error:

General Error - Authentication method not found

Am I doing something wrong? Any help would be appreciated!

Thanks.

comkidwizzer3
Registered User
Posts: 375
Joined: Fri Jul 13, 2007 8:24 am
Location: $user->data['user_location'];
Contact:

Re: Script Inside: Auth plugin using existing member DB.

Post by comkidwizzer3 »

Nice work on it ;)
~My MODs~
Login After Register - v1.0.0 | Custom Ranks MOD - RC

~!Hasher!~

alphastryk
Registered User
Posts: 2
Joined: Fri Sep 18, 2009 3:13 pm

Re: Script Inside: Auth plugin using existing member DB.

Post by alphastryk »

alphastryk wrote:Thanks a lot for posting your code guys. After installing and configuring the second code above, I am getting the following error:

General Error - Authentication method not found

Am I doing something wrong? Any help would be appreciated!

Thanks.
Still getting this error, I have gone back through the code several times. Any ideas?

elfgoh
Registered User
Posts: 15
Joined: Tue Nov 17, 2009 6:58 am

Re: Script Inside: Auth plugin using existing member DB.

Post by elfgoh »

Thanks for sharing. I find this code useful. Going to try and use it and hack it out on my installation.

technobuddha
Registered User
Posts: 11
Joined: Tue Nov 24, 2009 6:01 pm

Re: Script Inside: Auth plugin using existing member DB.

Post by technobuddha »

I'm also getting this error as well:

General Error - Authentication method not found


anyone tell me what i'm doing wrong?

$col_username = "username";
$col_password = "password";

what should be the field name for the username and password?

is it just username and password?

any help would be greatly appreciated!

technobuddha
Registered User
Posts: 11
Joined: Tue Nov 24, 2009 6:01 pm

Re: Script Inside: Auth plugin using existing member DB.

Post by technobuddha »

this board won't allow me to send a PM to anyone for spam reasons.
so i guess i have to post here?

Would the guys that created the code [removed]? I tried to do it myself, but i get that error.

I'd rather not put this here in the forum, but i have no choice, because of the email restrictions.

[removed], and a seprate login/registration page.

thanks!
Last edited by camm15h on Wed Nov 25, 2009 7:15 pm, edited 1 time in total.
Reason: Recruiting not permitted on phpBB.com: http://www.phpbb.com/rules/#rule1k

JoeyMagz
Registered User
Posts: 1
Joined: Mon Nov 30, 2009 12:06 am

Re: Script Inside: Auth plugin using existing member DB.

Post by JoeyMagz »

I was getting the same error that you guys were getting. The reason you're getting the error is because you're server is not using mysqli. If you look at the code you will see they are using the mysqli api, not mysql. I just installed the mysqli library, restarted my server, and boom, it worked like a charm! Happy hacking.

Rdains
Registered User
Posts: 2
Joined: Wed Jan 27, 2010 11:59 pm

Re: Script Inside: Auth plugin using existing member DB.

Post by Rdains »

I know I'm pulling up an old post, but wondering if anyone can help me out. I'm trying to use the second script on this page, but when I submit my login info, it reloads a blank page without logging me in. Here's my code:

Code: Select all

    <?php
    /**
    * External MySQL auth plug-in for phpBB3
    *
    * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
    *
    * @package login
    * @version $Id: auth_dbext.php 8602 2009-04-09 16:38:27Z nzeyimana $
    * @copyright NONE: use as you see fit but no guarantees
    * @license NONE: use as you see fit but no guarantees
    *
    */

    /**
    * @ignore
    */
    if (!defined('IN_PHPBB'))
    {
        exit;
    }

    /**
    *
    * @return boolean|string false if the user is identified and else an error message
    */

    function init_dbext()
    {
        // TODO: do any needed initialization
    }

    /**
    * Login function
    */
    function login_dbext(&$username, &$password)
    {
        global $db;
       
        // do not allow empty password
        if (!$password)
        {
            return array(
                'status'    => LOGIN_ERROR_PASSWORD,
                'error_msg'    => 'NO_PASSWORD_SUPPLIED',
                'user_row'    => array('user_id' => ANONYMOUS),
            );
        }

        if (!$username)
        {
            return array(
                'status'    => LOGIN_ERROR_USERNAME,
                'error_msg'    => 'LOGIN_ERROR_USERNAME',
                'user_row'    => array('user_id' => ANONYMOUS),
            );
        }
       
        /////////////////////////////////////////////////////////////////////////////////////////////////////////////
        // Note: on my systems, I include these following lines from an external file that is not web-accessible
        /////////////////////////////////////////////////////////////////////////////////////////////////////////////
        $db_host      = "forum.clitest.dreamhosters.com"; // Here goes the MySQL server address, hostname or IP
        $db_user      = "[username]";  // Here goes the MySQL user allowed to read the table below (GRANT SELECT ON ....)
        $db_password  = "[password]";    // Here should go the password associated with the above user
        $db_database  = "[dbname]";    // Here goes the Database containing the table below
        $db_table     = "Users";  // Here will goes the table list users allowed to login into PHPBB   
        ////////////////////////////////////////////////////////////////////////////////////////////////////////////
       $col_username = "username";
    $col_password = "password";
    $hashMethod   = "sha1"; // Can be one of:  md5, sha1, plain
                            // In case you choose to use a non-standard hashing function, be
                            // sure to change below where the $hashedPassword variable is created
   
    $objMySqli = new mysqli($db_host, $db_user, $db_password, $db_database);
   
    /* check connection */
    if (mysqli_connect_errno())
    {
        return array(
            'status'    => LOGIN_ERROR_EXTERNAL_AUTH ,
            'error_msg'    => 'LOGIN_ERROR_EXTERNAL_AUTH ',
            'user_row'    => array('user_id' => ANONYMOUS),
        );
    }
   
    // Check the User/Password
    if($hashMethod == 'sha1')
    {
        $hashedPassword = sha1($password);
    } elseif($hashMethod == 'md5') {
        $hashedPassword = md5($password);
    } else {
        $hashedPassword = $password;
    }
    $sql =
        "SELECT 11 as ID
        FROM " . $db_table . "
        WHERE
            " . $col_username . " = '" . mysqli_real_escape_string($objMySqli,$username)          . "' AND
            " . $col_password . " = '" . mysqli_real_escape_string($objMySqli,$hashedPassword) . "'
            ";
   
    if ( $result = $objMySqli->query($sql) )
    {
        if ( $result->num_rows <= 0 )
        {
            return array(
                'status'    => LOGIN_ERROR_USERNAME,
                'error_msg'    => 'LOGIN_ERROR_USERNAME',
                'user_row'    => array('user_id' => ANONYMOUS),
            );
        }

        $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
            FROM ' . USERS_TABLE . "
            WHERE username = '" . $db->sql_escape($username) . "'";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);

        if ($row)
        {
            // User inactive...
            if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
            {
                return array(
                    'status'        => LOGIN_ERROR_ACTIVE,
                    'error_msg'        => 'ACTIVE_ERROR',
                    'user_row'        => $row,
                );
            }
   
            // Successful login...
            return array(
                'status'        => LOGIN_SUCCESS,
                'error_msg'        => false,
                'user_row'        => $row,
            );
        }

        // this is the user's first login so create an empty profile
        return array(
            'status'        => LOGIN_SUCCESS_CREATE_PROFILE,
            'error_msg'        => false,
            'user_row'        => user_row_dbext($username, sha1($password)),
        );
    } else {
        // TODO: Handle this situation
    }

    // Not logged in using the external DB
    return array(
        'status'        => LOGIN_ERROR_EXTERNAL_AUTH,
        'error_msg'        => 'LOGIN_ERROR_EXTERNAL_AUTH',
        'user_row'        => array('user_id' => ANONYMOUS),
    );
}

/**
* This function generates an array which can be passed to the user_add function in order to create a user
*/
function user_row_dbext($username, $password)
{
    global $db, $config, $user;
    // first retrieve default group id
    $sql = 'SELECT group_id
        FROM ' . GROUPS_TABLE . "
        WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
            AND group_type = " . GROUP_SPECIAL;
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);

    if (!$row)
    {
        trigger_error('NO_GROUP');
    }

    // generate user account data
    return array(
        'username'        => $username,
        'user_password'    => phpbb_hash($password), // Note: on my side, I don't use this because I want all passwords to remain on the remote system
        'user_email'    => '', // You can retrieve this Email at the time the user is authenticated from the external table
        'group_id'        => (int) $row['group_id'],
        'user_type'        => USER_NORMAL,
        'user_ip'        => $user->ip,
    );
}

?> 
Any thoughts? I don't know if I need to change any of the other variables to point to my db instead of phpbb's db.

User avatar
tumba25
Former Team Member
Posts: 4430
Joined: Wed Jun 06, 2007 6:42 am
Location: Kokkola, Finland.
Name: Jari Kanerva
Contact:

Re: Script Inside: Auth plugin using existing member DB.

Post by tumba25 »

The MOD author has not posted here since 13 May 2009 so I'll lock this as abandoned.

If you, the MOD author, want to continue with this MOD you can contact a MOD Team member.
Need a mod/extension created/installed, other custom-coded solution or a server admin? https://tumba25.net

Locked

Return to “[3.0.x] MOD Writers Discussion”