FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » agregate authentication
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
agregate authentication [message #28260] Sat, 15 October 2005 12:22 Go to next message
nuno is currently offline  nuno   Portugal
Messages: 11
Registered: September 2005
Location: Portugal
Karma: 0
Junior Member
Hi,

I'm tring to agregate the authentication mechanisms of FUDforum and MediaWiki (and possibly others in the future).

I've copied the forum_login.php script and I've tried to come up with a basic auth script (not sure if it is 100% right):
<?php
require './fud_login.php'// forum_login.php
require './forum/GLOBALS.php';

fud_use('db.inc');
fud_use('err.inc');
fud_use('cookies.inc');
fud_use('users.inc');

// login through cookie
if (_uid) {
    echo 
'ok, by cookie';

// credentials sent
} elseif (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])
    && (
$uid external_get_user_by_auth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
    && 
external_fud_login($uid)
    ) {

    echo 
'ok, by http auth';

// we got nothing, ask the secret password
} else {
    
header('WWW-Authenticate: Basic realm="testing"');
    
header('HTTP/1.0 401 Unauthorized');
}


print_r($usr);

?>


That script would be used as the index file, and then users could choose the programs from there. The problem arises when users access the forum directly.
My question is: how can I force FUDforum to use this script as its auth method? I want to use http authentication, so than no one can reach the forum (and also disalow registrations; only admins could do that).
Then I also need to make Mediawiki use the script (did anyone already tried that? do they have any nice API as well?)


Thanks in advance,
Nuno
Re: agregate authentication [message #28266 is a reply to message #28260] Sat, 15 October 2005 16:53 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
If you want to force the forum to use this, edit the login.php.t script.

FUDforum Core Developer
Re: agregate authentication [message #28297 is a reply to message #28260] Sun, 16 October 2005 16:08 Go to previous message
nuno is currently offline  nuno   Portugal
Messages: 11
Registered: September 2005
Location: Portugal
Karma: 0
Junior Member
For the record, here it is my patch to add http authentication:

--- users.inc.t	2005-10-12 15:16:59.000000000 +0100
+++ users.inc.t.new	2005-10-16 17:06:32.406457300 +0100
@@ -605,9 +602,31 @@
 	$sq = 0;
 	/* fetch an object with the user's session, profile & theme info */
 	if (!($u = ses_get())) {
-		/* new anon user */
-		$u = ses_anon_make();
-	} else if ($u->id != 1 && (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id))) { /* store the last visit date for registered user */
+
+
+/************************* modification *******************************/
+
+		if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])
+		    && ($user_id = q_singleval("SELECT id FROM ".$GLOBALS['DBHOST_TBL_PREFIX']."users WHERE login="._esc($_SERVER['PHP_AUTH_USER'])." AND passwd='".md5($_SERVER['PHP_AUTH_PW'])."'"))
+		   ) {
+			$sys_id = ses_make_sysid(($GLOBALS['FUD_OPT_2'] & 256), ($GLOBALS['FUD_OPT_3'] & 16));
+			$ses_id = md5($user_id . time() . getmypid());
+			q("REPLACE INTO ".$GLOBALS['DBHOST_TBL_PREFIX']."ses (ses_id, time_sec, sys_id, user_id) VALUES ('".$ses_id."', ".time().", '".$sys_id."', ".$user_id.")");
+			setcookie($GLOBALS['COOKIE_NAME'], $ses_id, time()+$GLOBALS['COOKIE_TIMEOUT'], $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
+
+			$_COOKIE[$GLOBALS['COOKIE_NAME']] = $ses_id;
+			$u = ses_get();
+			if (!$u || $u->id == 1) exit;
+		} else {
+			header('WWW-Authenticate: Basic realm="private"');
+			header('HTTP/1.0 401 Unauthorized');
+			die('Private Area.');
+		}
+	}
+/*********************** THE END :) ******************************/
+
+
+	if (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id)) { /* store the last visit date for registered user */
 		q('UPDATE {SQL_TABLE_PREFIX}users SET last_visit='.__request_timestamp__.' WHERE id='.$u->id);
 		if ($GLOBALS['FUD_OPT_3'] & 1) {
 			setcookie($GLOBALS['COOKIE_NAME'], $u->ses_id, 0, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);


Nuno
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Embed Flash object
Next Topic: Upgrade from 2.6.4. to 2.7.2.
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 04:57:12 GMT 2024

Total time taken to generate the page: 0.02441 seconds