Release status: unmaintained
|Implementation||User identity, Database|
|Description||Links MediaWiki's user table to phpBB's.|
|Latest version||3.0.3/2.7 (2008-03-03)|
Translate the PHPBB/Users Integration extension if it is available at translatewiki.net
|Check usage and version matrix; code metrics|
||This extension is currently not actively maintained! Meaning any reports for additional features and/or bugfixes will more than likely be ignored. Volunteers are encouraged to take on the task of developing and maintaining it. As a courtesy, you may want to contact the author. You should also remove this template and list yourself as maintaining the extension in the page's
This extension links MediaWiki to phpBB's user table for authentication, and disallows the creation of new accounts in MediaWiki. Users must then log in to the wiki with their phpBB account.
Installation[edit | edit source]
Extension[edit | edit source]
The extension requires PHP5, MySQL 4 or 5, MediaWiki 1.11+ and phpBB3 or phpBB2. If you need help, post an issue at Github.
- Download the extension (For phpBB3 use v3.0.3, for phpBB2 use v2.7).
- Add the code below to the bottom of LocalSettings.php.
- Copy files from downloaded archive to directory extensions.
- Make a new phpBB group called Wiki. If you set
$wgPHPBB_UseWikiGroupto true, only users in the Wiki group can edit MediaWiki.
// PHPBB User Database Plugin. (Requires MySQL Database) require_once './extensions/Auth_phpBB.php'; $wgAuth_Config = array(); // Clean. $wgAuth_Config['WikiGroupName'] = 'Wiki'; // Name of your PHPBB group // users need to be a member // of to use the wiki. (i.e. wiki) // This can also be set to an array // of group names to use more then // one. (ie. // $wgAuth_Config['WikiGroupName'] = 'Wiki'; // $wgAuth_Config['WikiGroupName'] = 'Wiki2'; // or // $wgAuth_Config['WikiGroupName'] = array('Wiki', 'Wiki2'); // ) $wgAuth_Config['UseWikiGroup'] = true; // This tells the Plugin to require // a user to be a member of the above // phpBB group. (ie. wiki) Setting // this to false will let any phpBB // user edit the wiki. $wgAuth_Config['UseExtDatabase'] = false; // This tells the plugin that the phpBB tables // are in a different database then the wiki. // The default settings is false. //$wgAuth_Config['MySQL_Host'] = 'localhost'; // phpBB MySQL Host Name. //$wgAuth_Config['MySQL_Username'] = 'username'; // phpBB MySQL Username. //$wgAuth_Config['MySQL_Password'] = 'password'; // phpBB MySQL Password. //$wgAuth_Config['MySQL_Database'] = 'database'; // phpBB MySQL Database Name. $wgAuth_Config['UserTB'] = 'phpbb3_users'; // Name of your PHPBB user table. (i.e. phpbb_users) $wgAuth_Config['GroupsTB'] = 'phpbb3_groups'; // Name of your PHPBB groups table. (i.e. phpbb_groups) $wgAuth_Config['User_GroupTB'] = 'phpbb3_user_group'; // Name of your PHPBB user_group table. (i.e. phpbb_user_group) $wgAuth_Config['PathToPHPBB'] = '../phpbb3/'; // Path from this file to your phpBB install. Must end with '/'. // Local $wgAuth_Config['LoginMessage'] = '<b>You need a phpBB account to login.</b><br /><a href="' . $wgAuth_Config['PathToPHPBB'] . 'ucp.php?mode=register">Click here to create an account.</a>'; // Localize this message. $wgAuth_Config['NoWikiError'] = 'You are not a member of the required phpBB group.'; // Localize this message. $wgAuth = new Auth_phpBB($wgAuth_Config); // Auth_phpBB Plugin.
Known issues[edit | edit source]
Usernames rules[edit | edit source]
MediaWiki does not follow the same user naming conventions as phpBB, so there may be problem if someone uses an invalid username. Although all MediaWiki usernames are valid in phpBB, some phpBB usernames are not valid in MediaWiki. For example, MediaWiki does not allow the '' bracket symbols.
The problem can be circumvented by installing a phpBB extension to restrict MediaWiki-incompatible characters in phpBB. The Restrict Username mod (beta) can do this.
Instead of installing the phpBB MOD, you can set Limit username chars to Alphanumeric only in the User registration settings of phpBB3.
Furthermore, watch out that MediaWiki doesn't allow the same phrase as password that you chose for your username. phpBB doesn't have a problem with password and username being the same phrase.
Problems with not sharing a database[edit | edit source]
Some users experience an error when phpBB and MediaWiki are in different databases, while other users have no problem doing so. It's possible that this may be related to non-English software, which is common to users reporting the error. For more information, see the php|uber.leet forums.
Deactivated phpBB Accounts[edit | edit source]
The Plugin currently allows access to the wiki, if a user is listed in the phpBB's user table (and member of a specific group, if that feature is used). It is not checking, whether the account is set active or inactive in the phpBB's database. This allows some users to log into the wiki with a phpBB account, that was not reviewed by the phpBB administrator. (See also entry on the discussion page)
Release log[edit | edit source]
- Release 3.0.3 (Jan. 1, 2008)
- Fixed a potential SQL injection security hole.
- Added support for multiple Wiki Groups.
- Release 3.0.2 (Dec. 28, 2007)
- Now works with and requires phpBB3.
- Now works with and requires MW 1.11.x
- Now requires PHP5.
- Uses phpBB3 username case folding methods.
- Uses phpass for password hashing.
- When the user is not in the "Wiki" group the user now sees a MediaWiki error that says so.
- When the user is not found in the phpBB user database they now see a MediaWiki error asking them to register.
- Added a link to phpBB's register page from the login screen.
- Plug-in now uses MediaWiki Hooks.
- Release 2.7
- Fixed a potential SQL injection security hole.
- Release 2.6
- Fixed a login bug where MW was displaying an error the first time a user logged into it.
- Now works with MW 9.2
- Release 2.5
- I made a change to the MySQL connection that might fix some of the issues people have been having .
- Release 2.4
- Better MySQL error reporting. More solid MySQL Query calls.
- Release 2.3
- phpBB usernames with an apostrophe in them will now work.
- Release 2.2
- Fixed a bug that was printing a SQL statment when called.
- Release 2.1
- Fixed a bug that was not letting preferences be saved.
- Release 2.0
- Works with MediaWiki 1.5.x
- Fixed the dup name issues. The 1.5 release of MediaWiki added a new function to check for the correct casing of a name before adding it to the wiki database.
- I test user names with a space in them and they seem to work fine too.
- Added support for phpBB and the wiki being on two different servers/databases.
- With the new release of MediaWiki 1.5, I was able to disable some template stuff.
- Release 1.9
- Now auto detects MySQL version and uses the correct query.
- Ver 1.9 will work on both MySQL 4.0.x and 4.1.x
- Release 1.7
- Added the code to allow the admin to disable the phpBB wiki group requirement.
- Release 1.5
- MediaWiki forces all usernames into a first letter uppercase the rest lower case. (gotroot becomes Gotroot) This is ok until you have a user who has an uppercase letter in the middle of their name. (RetroFit becomes Retrofit) This can cause a problem when trying to Auth with the phpBB user table. I do not have a fix for this. (FIXED)
Community Contributions[edit | edit source]
Here are some contributions the community has made for this plug-in. They are custom changes that are not part of the plug-ins default code. If you have problems with the custom code below please contact the authors of those sections.
phpBB Version 3[edit | edit source]
Additional security[edit | edit source]
The Plugin does not test if a phpBB account is active or not when granting access to the wiki. So anyone can get access even if the phpBB account is not active. In cases, where the access to the phpBB is limited by the administrator, an account that has not yet been allowed to the phpBB, should usually not be allowed to the wiki either. To reach that the Plugin should by default check the `user_type` column in the phpBB_user table and report an error, if the type was '1' (deactivated account) but grant access if the type is '0' (active account) or '2' (phpBB board Founder). Edit on line 328 on Auth_phpBB.php
WHERE `username_clean` = '%s'
WHERE `username_clean` = '%s' AND `user_type` != 1
Now an account that is deactivated will not grant acces to the wiki either. Heinrich krebs 09:28, 5 October 2009 (UTC)
PHP 5.5[edit | edit source]
compatibility and no error-messages[edit | edit source]
Using this extension, there are a lot of error-messages in the log. So I decided to optimize the code. First there was the message:
PHP Strict Standards: Declaration of Auth_phpBB::modifyUITemplate() should be compatible with AuthPlugin::modifyUITemplate(&$template, &$type)
this is no big thing, I just extended the function() with one more parameter (type), the code is still the same ;-)
Farther more, there was the message:
PHP Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
So I optimized the code to use the mysqli-PHP-extension. All mysql-calls do have an mysqli-eqivalent, but the parameters are different...
Are you interested in the "new version" ? Please ask me... Wolfib 18:23, 23 October 2014 (UTC)
Suggested Alternative[edit | edit source]
I (Nicholas Dunnaway) have not updated Auth_phpBB in a few years. Here is a link to another SSO solution that is active as of April.10.2012. Extension:Phpbb_Single_Sign-On
|Warning:||Security Warning on MediaWiki version 1.10|
|Language:||English • русский|