agregate authentication [message #28260] |
Sat, 15 October 2005 12:22 |
nuno
Messages: 11 Registered: September 2005 Location: Portugal
Karma: 0
|
Junior Member |
|
|
Hi,
I'm tring to agregate the authentication mechanisms of FUDforum and MediaWiki (and possibly others in the future).
I've copied the forum_login.php script and I've tried to come up with a basic auth script (not sure if it is 100% right):
<?php
require './fud_login.php'; // forum_login.php
require './forum/GLOBALS.php';
fud_use('db.inc');
fud_use('err.inc');
fud_use('cookies.inc');
fud_use('users.inc');
// login through cookie
if (_uid) {
echo 'ok, by cookie';
// credentials sent
} elseif (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])
&& ($uid = external_get_user_by_auth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
&& external_fud_login($uid)
) {
echo 'ok, by http auth';
// we got nothing, ask the secret password
} else {
header('WWW-Authenticate: Basic realm="testing"');
header('HTTP/1.0 401 Unauthorized');
}
print_r($usr);
?>
That script would be used as the index file, and then users could choose the programs from there. The problem arises when users access the forum directly.
My question is: how can I force FUDforum to use this script as its auth method? I want to use http authentication, so than no one can reach the forum (and also disalow registrations; only admins could do that).
Then I also need to make Mediawiki use the script (did anyone already tried that? do they have any nice API as well?)
Thanks in advance,
Nuno
|
|
|
|
Re: agregate authentication [message #28297 is a reply to message #28260] |
Sun, 16 October 2005 16:08 |
nuno
Messages: 11 Registered: September 2005 Location: Portugal
Karma: 0
|
Junior Member |
|
|
For the record, here it is my patch to add http authentication:
--- users.inc.t 2005-10-12 15:16:59.000000000 +0100
+++ users.inc.t.new 2005-10-16 17:06:32.406457300 +0100
@@ -605,9 +602,31 @@
$sq = 0;
/* fetch an object with the user's session, profile & theme info */
if (!($u = ses_get())) {
- /* new anon user */
- $u = ses_anon_make();
- } else if ($u->id != 1 && (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id))) { /* store the last visit date for registered user */
+
+
+/************************* modification *******************************/
+
+ if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])
+ && ($user_id = q_singleval("SELECT id FROM ".$GLOBALS['DBHOST_TBL_PREFIX']."users WHERE login="._esc($_SERVER['PHP_AUTH_USER'])." AND passwd='".md5($_SERVER['PHP_AUTH_PW'])."'"))
+ ) {
+ $sys_id = ses_make_sysid(($GLOBALS['FUD_OPT_2'] & 256), ($GLOBALS['FUD_OPT_3'] & 16));
+ $ses_id = md5($user_id . time() . getmypid());
+ q("REPLACE INTO ".$GLOBALS['DBHOST_TBL_PREFIX']."ses (ses_id, time_sec, sys_id, user_id) VALUES ('".$ses_id."', ".time().", '".$sys_id."', ".$user_id.")");
+ setcookie($GLOBALS['COOKIE_NAME'], $ses_id, time()+$GLOBALS['COOKIE_TIMEOUT'], $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
+
+ $_COOKIE[$GLOBALS['COOKIE_NAME']] = $ses_id;
+ $u = ses_get();
+ if (!$u || $u->id == 1) exit;
+ } else {
+ header('WWW-Authenticate: Basic realm="private"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('Private Area.');
+ }
+ }
+/*********************** THE END :) ******************************/
+
+
+ if (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id)) { /* store the last visit date for registered user */
q('UPDATE {SQL_TABLE_PREFIX}users SET last_visit='.__request_timestamp__.' WHERE id='.$u->id);
if ($GLOBALS['FUD_OPT_3'] & 1) {
setcookie($GLOBALS['COOKIE_NAME'], $u->ses_id, 0, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
Nuno
|
|
|